Link to home
Start Free TrialLog in
Avatar of adrake9
adrake9

asked on

malicious javascript keeps showing up in files on website

I have a site on a server that has been hacked. At first i thought it was a permissions error on the directory, but I went through and looked at all of the file permissions.

This is a server that was setup by someone else and the site was migrated to the server. I'm working in expressionengine and I tried to update the expressionengine version and thought I had gone through every file and whamo it started showing up again.

I will say however that when upgrading I switched the "system" files to be hidden below the root and that does not look to be infected after this second wave of files.

I can ssh into the server and I have FTP access, user logs in the control panel looked normal and there were no abnormal logins to the site or the control panel.

Where should I start? what should i search for?
Avatar of adrake9
adrake9

ASKER

it seems to be going after the following files. all html files and javascript files above the root and dropping them in to the files most of the time at the end.
ASKER CERTIFIED SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of adrake9

ASKER

Was able to rollback the server and then change the passwords immediately. Lost some content, but nothing that wasn't available somewhere else.
Good, thanks for the points.  Make a big note and make sure you always have a backup copy of your site.