Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iFrame script hacked into many files on linux server


  • This topic is locked This topic is locked
2 replies to this topic

#1 ozstar

ozstar

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Oz
  • Local time:01:29 AM

Posted 19 April 2011 - 06:35 PM

Hi,

On a shared server we have a few oscommerce sites. One of them keeps on getting an infection which adds about 60 lines of script to the end of each php and html file... hundreds of them.

We have changed user names, admin name, passwords, cpanel passwords, ftp passwords etc, but every now and then it happens again with the same script.

We have cleaned all files and started again with everything working fine and no virus alerts from our very current Avast and Malwarebytes but it still happens.

As the script is quite old I am updating to a new current script which closes some of the vulnerabilities in the old script but I want to be sure I am not loading a new script onto a site which will infect again.

I plan on deleting the current files and folders so public_html is an empty shell except for cgi-bin and staring afresh. I have also deleted the root/temp files for awstats etc as they too were infecetd.

What else can I do to close whatever hole there is is here. I have other sites on this server that are accessed more times than this one and they are all clean, so it is not me and my boxes, plus I do a thorough clean quite often just in case. I have told the clients to clean there pc's and they say they have repeatedly, altho' I am not sure.

I have attached a text file in a zip file with the virus script which is inserted. Please be careful and do not open it unless you know what you are doing as I would hate it to go further.

I would appreciate any help thanks..

oz

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 29 April 2011 - 08:35 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:29 PM

Posted 04 May 2011 - 06:34 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users