?
Solved

malicious javascript keeps showing up in files on website

Posted on 2013-05-27
6
Medium Priority
?
205 Views
Last Modified: 2013-05-31
I have a site on a server that has been hacked. At first i thought it was a permissions error on the directory, but I went through and looked at all of the file permissions.

This is a server that was setup by someone else and the site was migrated to the server. I'm working in expressionengine and I tried to update the expressionengine version and thought I had gone through every file and whamo it started showing up again.

I will say however that when upgrading I switched the "system" files to be hidden below the root and that does not look to be infected after this second wave of files.

I can ssh into the server and I have FTP access, user logs in the control panel looked normal and there were no abnormal logins to the site or the control panel.

Where should I start? what should i search for?
0
Comment
Question by:adrake9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 2

Author Comment

by:adrake9
ID: 39200037
it seems to be going after the following files. all html files and javascript files above the root and dropping them in to the files most of the time at the end.
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 668 total points
ID: 39200450
Change all logins and passwords and change them all at the same time so no one can sneak in one after you change the others.  If they have the user logins then there wouldn't be anything odd in the logs.
0
 
LVL 53

Assisted Solution

by:COBOLdinosaur
COBOLdinosaur earned 668 total points
ID: 39201812
Sounds like an inside job.  You might have to timestamp logins, and log all file changes to find the culprit. What kind of damage is the scripting doing?

Cd&
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 2

Assisted Solution

by:Uwe Degenhardt
Uwe Degenhardt earned 664 total points
ID: 39210403
Try to get a malware scanner additionally and scan every single file.
Google after: maldet (it is extremely useful)

Also try to see, if you have rootkits on board which you don't see yet. Try rkhunter and/or chkrootkit (go and search again on the net for the exact URLs to download them).

If you can't stop it after all these measures, go and re-install the whole engine.
0
 
LVL 2

Author Closing Comment

by:adrake9
ID: 39210427
Was able to rollback the server and then change the passwords immediately. Lost some content, but nothing that wasn't available somewhere else.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39211573
Good, thanks for the points.  Make a big note and make sure you always have a backup copy of your site.
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question