Welcome to WebmasterWorld Guest from 54.159.26.69

Forum Moderators: phranque

Message Too Old, No Replies

My Site was Hijacked

Hijackers added sniplet of encoded java code and took over

     

spaceylacie

11:01 pm on Feb 9, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Despite what I was told by my host, a very popular, reputable company, I don't see how it could have been a password issue. The password is kept 100% secure and changed often.

The site is(well, was-it's dead now) interactive so members can upload their own content. People can leave comments. etc.

Anyway, what happened is a .com site, broke into my server and added an encrypted java script code to the footer of every page.

But de-coded it looks like this:
document.write('<ifra><iframe>'); -- Well, WebmasterWorld won't let me enter the code, but it's a one pixel by one pixel iframe that tries to re-direct people to an external size.

You can't search your files for it because it's encrypted! The above gibberish is taken from the encrypted code opened in notepad, so hopefully it can be found by doing an exact search. Any help with this would be appreciated. I'm more of a publisher than a techie but did manage to find out this much.

[edited by: phranque at 1:10 pm (utc) on Feb 11, 2010]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]

Demaestro

11:09 pm on Feb 9, 2010 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



There has been a lot of these reported lately, and 90% of the time it was because a computer you store passwords or use passwords from was compromised.

You should also look at the server's access file that does 404 and 500 error redirects to custom error page... you may find that they are now redirecting to the offending site as well.

Unplug all your personal/work computers from the network to avoid them doing more damage and scan them. Then from a confirmed uninfected computer change your server passwords.

Check this recent thread on the same issue for good info on how to proceed.

[webmasterworld.com...]

Leosghost

11:18 pm on Feb 9, 2010 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Well, WebmasterWorld won't let me enter the code

Ask yourself why ..

spaceylacie

12:34 am on Feb 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks. Yeah, good reason I couldn't enter the code here.

I'm reading through the other topics about this now.

rocknbil

1:57 am on Feb 10, 2010 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Also look through the posts on XSS and mySQL injection, another point of entry.

tangor

2:42 am on Feb 10, 2010 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Sadly, these days, it appears that more website infections/hijacks are from programmer computers. NEVER use the same computer you develope/update a website with to do personal or company web surfing.

That simple.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month