adrake9
asked on
malicious javascript keeps showing up in files on website
I have a site on a server that has been hacked. At first i thought it was a permissions error on the directory, but I went through and looked at all of the file permissions.
This is a server that was setup by someone else and the site was migrated to the server. I'm working in expressionengine and I tried to update the expressionengine version and thought I had gone through every file and whamo it started showing up again.
I will say however that when upgrading I switched the "system" files to be hidden below the root and that does not look to be infected after this second wave of files.
I can ssh into the server and I have FTP access, user logs in the control panel looked normal and there were no abnormal logins to the site or the control panel.
Where should I start? what should i search for?
This is a server that was setup by someone else and the site was migrated to the server. I'm working in expressionengine and I tried to update the expressionengine version and thought I had gone through every file and whamo it started showing up again.
I will say however that when upgrading I switched the "system" files to be hidden below the root and that does not look to be infected after this second wave of files.
I can ssh into the server and I have FTP access, user logs in the control panel looked normal and there were no abnormal logins to the site or the control panel.
Where should I start? what should i search for?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Was able to rollback the server and then change the passwords immediately. Lost some content, but nothing that wasn't available somewhere else.
Good, thanks for the points. Make a big note and make sure you always have a backup copy of your site.
ASKER