?
Solved

My php webpage got hacked ! please help

Posted on 2009-07-01
9
Medium Priority
?
348 Views
Last Modified: 2013-12-09
Hello i have my main webpage consist of a index.php and a main.php included that have additional information to display and the permission of these files 0644 i was suprised when i found that my website didn't display correctly i open these files and i saw a strange hidden iframe inserted and it have a suspicious link think it is a spam !

So how can i prevert from such hacking ! and how these get to my file , however now i changed my cpanel password but i think they got from another hole !

So please help me and advice about your experience in such hack and how can i secure myself

www.audiominds.net 
0
Comment
Question by:Styleminds
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 2

Accepted Solution

by:
MKlefasStennett earned 800 total points
ID: 24754324
It would seem as though they got in through a vulnerability somewhere within your host's setup. Are you hosting the webpage yourself?
0
 

Author Comment

by:Styleminds
ID: 24754472
Well i am using helpinghandhost.com hosting.! can anyone explain why they did this ! is this an bot spamming or a human spaming and how it get to my file !
0
 
LVL 2

Expert Comment

by:MKlefasStennett
ID: 24754605
There was a recent mass hack originating from china called the Gumblar Hack. They got their link inserted on as many sites as possible to increase their search rankings and drive large amounts of traffic onto their pages. In so doing they are able to collect tiny payments from advertisers millions more times than usual and make some money.

The below threads contains links to a script that can be used to clean up after this infection, and also a more in-depth analysis of the attack

http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/

http://www.webpayments.ie/blog/Gumblar-What-is-it-How-to-I-remove-it-.html
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 

Author Comment

by:Styleminds
ID: 24754947
Thanks MKlefasStennett for the info but how technically they got into my file thru my ftp connection !
0
 
LVL 7

Assisted Solution

by:rcflyr
rcflyr earned 800 total points
ID: 24755115
The attack was probably through the cpanel and not your ftp connection - I don't know how many times I've seen attacks to or from hosting companies with improper or out of date cpanel installations.
0
 
LVL 11

Assisted Solution

by:BrianMM
BrianMM earned 400 total points
ID: 24755125
Would'nt necesarily be thru ftp... as somone above stated, your hosting provider may be unsecure and was/is vulnerabilities on the server which will allow somone to ultimatley ssh as root (or similar) and effectivley take over the box, and runa  scrip affecting all sites hosted.

I would inform your host that their server has been compromised.... that's what you pay them for!
0
 

Author Comment

by:Styleminds
ID: 24755146
So how can we prevent this hack and how can we check if we are safe!
0
 
LVL 7

Expert Comment

by:rcflyr
ID: 24755212
Your hosting provider is going to have to prevent this - it doesn't sound like you have much control over the system.  If you really want to have control over access to your system, you should look into a VPS server and configure it yourself.  I like slicehost - of course you have to learn how to install and configure all of the systems you want to use, but I think that's valuable information anyways.

Of course, this is all based on the assumption that they got in through your cpanel.
0
 

Author Comment

by:Styleminds
ID: 24755285
well i don't want to get into this headache so what i want is a secured shared system i don't have that deep access and even i don't have a SSH access , so what you suggest me to do to check if there still other spamms in my webpage or in my whole hosting ?
0

Featured Post

WordPress Tutorial 2: Terminology

An important part of learning any new piece of software is understanding the terminology it uses. Thankfully WordPress uses fairly simple names for everything that make it easy to start using the software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Make the most of your online learning experience.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question