Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 08:09:34 PM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: hundreds of links added to the bottom of my index.html code  (Read 1917 times)
taylor12k
Space Explorer
***
Offline Offline

Posts: 7
« on: July 10, 2009, 06:11:23 AM »
this is really getting frustrating.. at least 10 times a day someone is adding hundreds of links to the bottom of the code on my index.html page. the links don't show up when you browse the website, but i can see t hem in the code.

many times a day i replace the index file on the server with the un-hacked one from my hard drive, but then it just happens again a couple of hours later.

i have read references to "iframe" but do not find any iframe links on the index page.

what can i do to stop this???

the only SCRIPT i use is some built-in ROLLOVER script from Dreamweaver.. would that be causing a security hole?

help help! i'm not a coder.. so i'm really at a loss about this stuff..

thanks..
Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #1 on: July 11, 2009, 09:25:48 AM »
If you clean out the added junk code, and it comes back within hours, that means that the site has been compromised somewhere else. Check your other files for "iframe", "base64", "display: none", "invisible", and "urldecode". If there are any that you can't account for, comment them out or make backups and erase the suspicious code. This is the problem with using page editors such as DW: you don't know what's going on "under the hood" unless you can read and understand HTML, CSS, Javascript, PHP, etc. Is DW the only thing you use to work on your site?

Also change all your passwords (site access, control panel, FTP, etc.). Do a spyware scan on all PCs you use to access and administer your site, and see if there's a password sniffer or a keystroke logger installed (that's passing on your passwords to a hacker). Make sure your PC's firewall is enabled. If you use any "canned" scripts (forum, store, gallery, blog, etc.) elsewhere on your site, make sure you keep up to date on them. Security-related fixes are frequent. Keep updated on DW, in case there are any security-related patches there. I doubt that a rollover script (Javascript?) is going to present a security hole, but you never know.
Logged
taylor12k
Space Explorer
***
Offline Offline

Posts: 7
« Reply #2 on: July 12, 2009, 07:50:12 AM »
thanks for the reply.. i've been trying to find some of this code....

i did find a PHP file in my Forum (simple machines (up to date)) that had the base64 junk.. i've cleaned that out.

i did a malware scan on my home computer (it's a Mac, not a PC) and it came up clean.

i deleted all of my FTP acocunts...

dreamweaver is the only thing i use to edit my site (and photoshop)...

the junk code gets added back within MINUTES of me replacing the index file...


Logged
bryantrv
Guest
« Reply #3 on: July 12, 2009, 11:38:25 AM »
Look at http://www.simplemachines.org/community/index.php?topic=313201.0  - iirc, there have been a *lot* of exploits to this.
Logged
etech97
Space Explorer
***
Offline Offline

Posts: 7



WWW
« Reply #4 on: August 30, 2009, 10:33:39 PM »
Quote from: bryantrv on July 12, 2009, 11:38:25 AM
Look at http://www.simplemachines.org/community/index.php?topic=313201.0  - iirc, there have been a *lot* of exploits to this.

I would upgrade your site like bryantrv has suggested it does resolve a lot of known exploits. Also, I would add a comprehensive .htaccess file where you can block the offending ip addresses and known exploits. I have posted an abbreviated example of an .htaccess file that you can have a look at. it is located here http://www.lunarforums.com/lunarpages_security_center/example_of_an_htaccess_file-t53352.0.html If you have any questions about it. I'm always available for more help. The section of known exploits will have to be searched on the Internet an added manually as they change almost on a daily basis. It is a good starting point, and will help, but no guarantees that it will help keep all intruders away. It just acts as a firewall. Since I implemented my .htaccess file I have not had any weird bots or the offending IP addresses visiting my websites anymore!  Clapping

I'm also more diligent in keeping on top of the scripts that I run to make sure that known exploits are patched immediately. I run Linux as my desktop, so running anti-virus, and malware is not as important, but I do anyways.

I would do everything that has been suggested in this forum, and Backup your website once it is clean to your computer, it is much easier to restore later on.  Very Happy

Cheers!
eTech97  Yep 
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: