Inserting into the index - Page 2

cecilia · 06-12-2009, 09:19 PM

No I dont use anything else, I write it myself all of it. .. wait...

I just checked it, there is something its this Fantastico SMF Discussion board that we never really used, I just tried to see what it looks like and forgot to remove it. Im removing this NOW. It also says theres an update for it.

This I guess has been a fault of mine too. Honestly, I dismissed the thought that the site could be attacked through something that Im getting from my web host. That if it would be its from my own scripting.

Ive been thinking about it. The iframes may point to other locations outside of lunarpages but maybe the agent thats actually spreading it is from a site hosted by lunarpages and is affecting its neighbors somehow.

Well, I didnt get attacked today atleast thats cool. Ill still check the index everyday at different intervals I guess.

As for logging, I will start to do something like that now. Im getting tired of this really. Ill add things to the login page too, things that ive always wanted to put but never had the time.

Randy · 06-13-2009, 01:05 AM

Fantastico is technically not on LunarPages side, it is a 'plugin' for cPanel so it would be on their end but if they got in via phpbb then it was phpbb's scripting, still looking into this myself.

Randy · 06-14-2009, 06:49 AM

Same thing has happened to my friend, he is hosted at: vivical hosting. different code different ip but looked into it, seems to be the same basic stuff, all he is running is wordpress.

Avast Forum:
http://forum.avast.com/index.php?topic=45142.0
Google Forum:
http://www.google.com/support/forum/...1cdd4279&hl=en

rguy84 · 06-15-2009, 07:44 AM

@Cecila Iam guessing that your server has had a dDOS attack. I would pull your site for now and alert your tech support at your host asap.

cecilia · 06-25-2009, 03:00 PM

Thank you all for the support. Sorry I was out for a while... just personal problems. Somehow its somewhat simpler to deal with programming problems than those with humans. Just that... somehow theres always a way to fix things and... well this is not supposed ot be for such talks so Ill end it there i guess. So far til my last post I havent been attacked and for that I am glad, all 3 accounts that I manage, uhm 4 now.

Ill look more into this dDOS attack. Though I dont deal with them personally, Id like to know more about it. As for pulling it out I cant. Honestly im starting to consider other webhosts now seriously even if its gonna be such a big hassle to move that thing.

Wildhoney · 06-25-2009, 03:41 PM

You have a point there, Cecilia. Don't be afraid to share your problems with us

We are a community after all! One big family!

Thankfully you've had no more attacks recently. Are you still on the same host? It may be that they simply got an influx of attacks on that particular day.

codefreek · 06-25-2009, 04:56 PM

@Cecilia, i added some highlight to make your code more, readable

cecilia · 06-25-2009, 07:35 PM

Guess what, after I said its been ok, I found out that it did it again. Another incarnation of this thing was found again at the index.php. Too bad I wasnt able to save a copy. This time I made a ticket to lunarpages.

I read somewhere that these attacks are server farm wide, when they happen. Just one more and im leaving that host.

As for my problems, Ill think about it, but thank you still for the thought.

Codefreek, what do you mean?

codefreek · 06-25-2009, 07:45 PM

Quote:

Originally Posted by cecilia

Codefreek, what do you mean?

Prettifying Pasted Code on TalkPHP

I, wrapped your code in [highlight] tags..

cecilia · 07-07-2009, 06:16 PM

After some more reading it was said that:

It appears to be caused on shared webhosting servers. Infected accounts gain access to change other users files. Doing so changes the ownership of the file to the infected user's account name.

One Solution is to chmod the index.php to 444

I also tried redirecting the domain to another file, the page doesnt even open even if it still gets infected after that.

After reading again, it seems that is what other people are doing too to deal with this problem.

Atleast I have a clear name for it now, I believe this malicious crap is called iframe injection