Scary problem: meta tags injection

Forum Moderators: phranque

Message Too Old, No Replies

Scary problem: meta tags injection

It couldn’t have happened but...

henry0

3:26 pm on May 9, 2005 (gmt 0)

Some one has inserted an extra line in my client’s index.php meta tags
How can that happen?
The client has absolutely no clue on scripting
I personally know all admins at my ISP and no one will do such a thing
So how the following line could have been injected?

I verified and as it is supposed I am the only one with admin and FTP access

The extra line as I discovered it:
<meta http-equiv="pics-label" content="(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "Single file v2.0" l gen true for "http://www.msn.com" r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l gen true for "http://www.msn.com" r (n 0 s 0 v 0 l 0))" />

Any input?

Thanks

Henry

bcolflesh

3:32 pm on May 9, 2005 (gmt 0)

Various exploits can make files writable - does the server have old versions of PhpBB or AWStats installed? Did you use a GUI editor to make the page? Some add meta tags by default...