Bloodhound.Exploit.6 on my PHP file

Forum Moderators: coopster

Message Too Old, No Replies

Bloodhound.Exploit.6 on my PHP file

smartcard

4:27 pm on Jul 29, 2005 (gmt 0)

Please help me here.

We received a few calls saying that they are getting a warning when they visit our websites. The warning from Norton is that the pages are infected with Bloodhound.exploit.6

I have checked Symantec and it says that this does not affect Linux!

I found the following code at the end of index.php page on the server:

Please help me here, how can I locate and remove the problem.

My site is on a shared host server is Linux, running on CPanel

Any help is very much appreciated.

Regards.

[edited by: jatar_k at 5:29 pm (utc) on July 29, 2005]
[edit reason] generalized ip [/edit]

jdMorgan

4:44 pm on Jul 29, 2005 (gmt 0)

So what is the link to popup.php? Is it something you installed? If not, remove it.

Then make sure your server has all available security patches installed, and that you are running the most current version of PHP, etc.

Jim

Prolific

5:15 pm on Jul 29, 2005 (gmt 0)

Just because it doesn't infect Linux doesn't mean your file is not infected. You edit your files on your local machine, correct? Most likely your computer is infected and it inserted the code into your PHP files and it went live when you uploaded that page.