Webmastersite.net
Register Log In

Security Alert! possible code Injection

Comments on Security Alert! possible code Injection

Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Feb 20, 2009 - 12:12 PM:

Without any details, I can't begin to guess what vector could've been used to hack your website, or whether they even came in through WSN (of course, any server vulnerability could allow them to change WSN files). Do you see anything suspicious in your apache log files? Does your web host have any ideas?

Also, where specifically was this HTML inserted? Was in placed in your wrapper template, or in some other file?

I don't want enter in my admin section because I have fear about this injection can sent my passwords to the "hacker".

Somebody obviously has control of your server already, so it's pointless to think you can hide anything from them now. They don't need or want your password, they have your website already.
Paul
developer

Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California

Total Topics: 61
Total Comments: 7868
Paul
Posted Feb 20, 2009 - 12:20 PM:

Looks like it's in your wrapper template. That doesn't really narrow anything down though.

At any rate, if this isn't even in a live site yet, it's extremely odd for it to be the first site affected by what looks like an automated, drive-by exploit. That style of exploit happens on popular sites, months after a vulnerability has been posted -- but I see no current vulnerabilities posted anywhere online (just many years old, long-fixed stuff). For an automated pagerank stealer to write an undocumented exploit into their script would be pretty much unheard of. So, look carefully at the rest of the server environment for any standard, documented holes in software you have installed -- the linux kernal, apache, php, mysql, and any other scripts.

Also consider your passwords carefully. Could your SSH or cpanel password be vulnerable to dictionary attacks? WHM has an option to limit SSH attempts per IP, but I don't believe it's on by default.
Search thread for
Download thread as
  • 0/5
  • 1
  • 2
  • 3
  • 4
  • 5



Sorry, you don't have permission to post posts. Log in, or register if you haven't yet.