LovePotion Trojan
HELP! Anyone else experiencing this hack on your web site?
Looks like they got me about a week ago 12/28/2007. (I rarely update my site, let alone visit it.) Every page with the word index in it had the trojan code added. I've checked with my domain host and get explanations/remedies that are beyond my understanding. In the meantime, I've overwritten the hacked pages with correct ones, but don't really understand how they got in or how to keep them out.
Greg K posted this at 19:04 — 4th January 2008.
He has: 2,145 posts
Joined: Nov 2003
check back OFTEN if this happened even once.
Our company switched to a "cheap" hosting company, and the servers are set that any scripts you have run as your own username, therefore can rewrite any pages you upload. Well the person who set this up installed some script somewhere that will nightly rewrite our index.html pages to include two hidden IFRAMES.
Even after changing login info and reuploading the index.html files, later that night (file modification times vary, but are in the evenings after we are closed) they are re-modified.
The funny thing is on the server, from a real brief look, didn't see any scripts, however as it can write to anywhere our user can write to, many places to look yet....
-Greg
Dami posted this at 19:20 — 4th January 2008.
She has: 88 posts
Joined: Sep 2001
Greg, then how can you stop it? That seems incredible it can happen.
I don't even know where to start looking or what to look for. I have javascripts I wrote, Matt Wright's formmail.cgi (it doesn't work though--don't know how to fix that, either.) and a small mysql db and some php to go with it. Anything there that might be the culprit?
JeevesBond posted this at 20:56 — 4th January 2008.
He has: 3,956 posts
Joined: Jun 2002
This is the most likely to cause problems. If it doesn't even work, just delete it, it's an insecure script.
As for PHP and MySQL, have you written any scripts in PHP? If you haven't written any scripts, it's unlikely to be an avenue of attack.
a Padded Cell our articles site!
Dami posted this at 21:22 — 4th January 2008.
She has: 88 posts
Joined: Sep 2001
Okay, so what do you recommend for forms mailing? I only have a portion of my site set up for php, so I'm not ready to use one in php. Any suggestions?
JeevesBond posted this at 22:09 — 4th January 2008.
He has: 3,956 posts
Joined: Jun 2002
Personally I use a PHP script, that I've checked the security of myself.
I've used NMS Formmail successfully before though.
Dami posted this at 22:36 — 4th January 2008.
She has: 88 posts
Joined: Sep 2001
Thanks. I'll look into that.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.