My php webpage got hacked ! please help

Hello i have my main webpage consist of a index.php and a main.php included that have additional information to display and the permission of these files 0644 i was suprised when i found that my website didn't display correctly i open these files and i saw a strange hidden iframe inserted and it have a suspicious link think it is a spam !

So how can i prevert from such hacking ! and how these get to my file , however now i changed my cpanel password but i think they got from another hole !

So please help me and advice about your experience in such hack and how can i secure myself

www.audiominds.net 
StylemindsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MKlefasStennettCommented:
It would seem as though they got in through a vulnerability somewhere within your host's setup. Are you hosting the webpage yourself?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
StylemindsAuthor Commented:
Well i am using helpinghandhost.com hosting.! can anyone explain why they did this ! is this an bot spamming or a human spaming and how it get to my file !
0
MKlefasStennettCommented:
There was a recent mass hack originating from china called the Gumblar Hack. They got their link inserted on as many sites as possible to increase their search rankings and drive large amounts of traffic onto their pages. In so doing they are able to collect tiny payments from advertisers millions more times than usual and make some money.

The below threads contains links to a script that can be used to clean up after this infection, and also a more in-depth analysis of the attack

http://www.danielansari.com/wordpress/2009/05/automatic-removal-of-gumblarmartuz-trojan/

http://www.webpayments.ie/blog/Gumblar-What-is-it-How-to-I-remove-it-.html
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

StylemindsAuthor Commented:
Thanks MKlefasStennett for the info but how technically they got into my file thru my ftp connection !
0
rcflyrCommented:
The attack was probably through the cpanel and not your ftp connection - I don't know how many times I've seen attacks to or from hosting companies with improper or out of date cpanel installations.
0
BrianMMCommented:
Would'nt necesarily be thru ftp... as somone above stated, your hosting provider may be unsecure and was/is vulnerabilities on the server which will allow somone to ultimatley ssh as root (or similar) and effectivley take over the box, and runa  scrip affecting all sites hosted.

I would inform your host that their server has been compromised.... that's what you pay them for!
0
StylemindsAuthor Commented:
So how can we prevent this hack and how can we check if we are safe!
0
rcflyrCommented:
Your hosting provider is going to have to prevent this - it doesn't sound like you have much control over the system.  If you really want to have control over access to your system, you should look into a VPS server and configure it yourself.  I like slicehost - of course you have to learn how to install and configure all of the systems you want to use, but I think that's valuable information anyways.

Of course, this is all based on the assumption that they got in through your cpanel.
0
StylemindsAuthor Commented:
well i don't want to get into this headache so what i want is a secured shared system i don't have that deep access and even i don't have a SSH access , so what you suggest me to do to check if there still other spamms in my webpage or in my whole hosting ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
AntiSpam

From novice to tech pro — start learning today.