|My Site was Hijacked|
Hijackers added sniplet of encoded java code and took over
| 11:01 pm on Feb 9, 2010 (gmt 0)|
Despite what I was told by my host, a very popular, reputable company, I don't see how it could have been a password issue. The password is kept 100% secure and changed often.
The site is(well, was-it's dead now) interactive so members can upload their own content. People can leave comments. etc.
Anyway, what happened is a .com site, broke into my server and added an encrypted java script code to the footer of every page.
But de-coded it looks like this:
document.write('<ifra><iframe>'); -- Well, WebmasterWorld won't let me enter the code, but it's a one pixel by one pixel iframe that tries to re-direct people to an external size.
You can't search your files for it because it's encrypted! The above gibberish is taken from the encrypted code opened in notepad, so hopefully it can be found by doing an exact search. Any help with this would be appreciated. I'm more of a publisher than a techie but did manage to find out this much.
[edited by: phranque at 1:10 pm (utc) on Feb 11, 2010]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]
| 11:09 pm on Feb 9, 2010 (gmt 0)|
There has been a lot of these reported lately, and 90% of the time it was because a computer you store passwords or use passwords from was compromised.
You should also look at the server's access file that does 404 and 500 error redirects to custom error page... you may find that they are now redirecting to the offending site as well.
Unplug all your personal/work computers from the network to avoid them doing more damage and scan them. Then from a confirmed uninfected computer change your server passwords.
Check this recent thread on the same issue for good info on how to proceed.
| 11:18 pm on Feb 9, 2010 (gmt 0)|
|Well, WebmasterWorld won't let me enter the code |
Ask yourself why ..
| 12:34 am on Feb 10, 2010 (gmt 0)|
Thanks. Yeah, good reason I couldn't enter the code here.
I'm reading through the other topics about this now.
| 1:57 am on Feb 10, 2010 (gmt 0)|
Also look through the posts on XSS and mySQL injection, another point of entry.
| 2:42 am on Feb 10, 2010 (gmt 0)|
Sadly, these days, it appears that more website infections/hijacks are from programmer computers. NEVER use the same computer you develope/update a website with to do personal or company web surfing.