Welcome to WebmasterWorld Guest from 23.20.53.150

Forum Moderators: phranque

Message Too Old, No Replies

Links being added to my index html file

my index file is propagating itself with numerous links

     
5:24 pm on Dec 30, 2009 (gmt 0)

New User

5+ Year Member

joined:July 22, 2009
posts: 8
votes: 0


Hello,

I have domain that currently does not have a web site built on it, so I use a blank index html file to prevent my directory from being listed if someone should type the my domain in their browser.

I just recently noticed that my index file was propagating itself with numerous links, like this:
===========================================
<!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0">
xeex83012
<a href=http://example.com/[directories]/placename.php>placename</a>
<a href=http://example.com/[directories]/pond.php>pond</a>
<a href=http://example.com/[directories]/theo.php>theo</a>
<a href=http://example.com/[directories]/brushing.php>brushing</a>
<a href=http://example.com/[directories]/roadmate.php>roadmate</a>
a href=http://www.example.net/[directories]/bennet.php>bennet</a>
<a href=http://www.example.net/[directories]/juice.php>juice</a>
<a href=http://www.example.net/[directories]/wii.php>wii</a>
<a href=http://example.org/[directories]/poweredge.php>poweredge</a>
<a href=http://example.org/[directories]/bayer.php>bayer</a>
<a href=http://example.org/[directories]/surgeon.php>surgeon</a>
<a href=http://example.org/[directories]/clare.php>clare</a>
<a href=http://example.org/[directories]/ge.php>ge</a>
</font><!-- google -->

===============================================

Now the above is just a small sample of the links, and these links were all created overnite. For yesterday when I first noticed this, I deleted the index html file and uploaded another blank index html file ... and then changed my cpanel log-in passwords. Only to find the file populated once again this morning.

Does anyone know what might being going on here and how I might prevent this from continuing?

Thanks in advance,
Cando

[edited by: tedster at 2:26 am (utc) on Dec. 31, 2009]
[edit reason] replace dangerous domains with "example" [/edit]

2:28 am on Dec 31, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Your server has been hacked. You need to fix that (update your software with the most recent patches, at the very least) or your domain will continue to be hacked for what is called "parasite hosting" of links to spammer sites and malware downloads.
6:47 am on Dec 31, 2009 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 14, 2003
posts:4308
votes: 35


Also check your permissions. If you have the wrong permissions they can do that.
1:29 am on Jan 4, 2010 (gmt 0)

Administrator

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 10, 2004
posts:10857
votes: 67


it is also possible that if you are on a shared server there are vulnerabilities caused by an insecure environment.
2:00 pm on Jan 4, 2010 (gmt 0)

New User

5+ Year Member

joined:July 22, 2009
posts:8
votes: 0


Thank you everyone, I believe I have solved the problem, as I haven't had any occurrences since making some changes on Dec 30th :-)

Thanks again for your help!

Oh and my apologies tedster, for posting possible "dangerous" links, (never thought about that) and for editing them for me.

Cando