Page 1 of 1
Infected by code in index.php / index.html
Posted: Thu Dec 23, 2010 6:33 pm
by DerFalk
Today my Sites were hacked
the infected all index.php / index.htm / index.html files with this crap:
Same as here:
http://pastebin.com/E2NqcC0w
Someone seen this or can help what app this can cause?
Joomla? WP? proftp?
Re: Infected by code in index.php / index.html
Posted: Thu Dec 23, 2010 6:49 pm
by mikeshinn
Generally what you describe occurs via a compromised users password, which the badguys then use to upload the appended code via either FTP or SSH (usually FTP) via that stolen password. You may want to read this article:
https://www.atomicorp.com/wiki/index.ph ... ystem:_FTP
Appended code to index files is always an upload attack using a stolen password.
Re: Infected by code in index.php / index.html
Posted: Thu Dec 23, 2010 7:00 pm
by DerFalk
Ok, after restore a backup, i will change all my passwords...
Re: Infected by code in index.php / index.html
Posted: Thu Dec 23, 2010 8:02 pm
by mikeshinn
Check your desktops for malware too, if they stole your password 99.99999% of the time it from your desktop/laptop/etc. via a trojan. Also, if you use any tools that save your passwords make sure you dont save them anymore unless you rebuild your desktops from known trusted sources (and even then, dont save your passwords).