Mysql, Iframe, code injection: it puts links Usually just below <body> tag

-2 points

So here's the story.

My friend's websites has been hacked the 3 times. Malware code has been injected.
Usually just below <body> opening tag.

Cannot precisely say what it is, as my friend has already removed the bad code, but Google marks the website as dangerous.

Only thing I know about the injected code at the moment is it puts links (and possibly <iframe> elements) to nokiaicq.ru, styleicq.ru, the-past.ru

Created by programmer 40 weeks 6 days ago
  Tags:

Answer(s):

0 points

I work at an internet service provider and recently dealt with a customer who had a similar issue. It seems that a virus/spyware on his computer had sniffed his FTP password (which was sent in plaintext) and was uploading new content with hacked data while he was AFK.

I would definitely suggest after uploading the new content (free of crazy code) he change all his passwords on the hosting account and switch to using SFTP if possible (less vulnerable to password sniffing). And of course - making absolutely sure his computer is virus free (assuming windows).

Also, from the ISP perspective, if the hosting provider is able to supply him with FTP logs it might help see if someone else had the password, or when the date/timestamp of the file changed, for my customer the timestamp was while he was sleeping from his own PC.

Created by sudeepg

Post your Answer

  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. Beside the tag style "<foo>" it is also possible to use "[foo]". PHP source code can also be enclosed in <?php ... ?> or <% ... %>.

More information about formatting options