I went to check out my site today and low and behold, some spyware try loading itself and some .wmv file tryed to run from the main page....

I was like "wtf mate lol", anyway I went into my cpanel file manager and checked out the index files source and someone has managed to add an iframe to the end of the source going to some advertising rubbish or some such.

Is there anyway people can do this without my login details? If not can I request a change of password somehow

>> LINK <<

Check the above link, recently posted my m^e. A Similar problem had happend at asta, and its believed to be the advertiser who is at fault. Check the post and see if that helps.

Regards
Dhanesh.

Mine wasn't that site but a similar problem that it is via an iframe, but it was many websites, about 8/10. None of them to my knowledge were the one listed in that main post.

It hasn't seem to have come back yet and it's the first time it has happened since I have been here, about 5+months.

Could it be to do with the google ads on my site or something? It's a bit weird because it was directly injected into the main index file itself.

Sorry for the double post.

It has happened again, and some functions.php file keeps appearing in my main site folder that is 158kb's.

The site the iframe linked to this time is (http://www.brucemeisterman.com/) which I checked out and is just some photographer site or something.

I reset my password for cpanel and removed my mysql account but for some reason I cannot gain access to my cpanel now to re-setup user for the database (it wouldn't let me modify only delete so I had to delete and then try to re-create with new password).

Whew what a pain heh.

EDIT: Hmmm mysql from cpanel won't even let me create a new user now or database (it seems it completely removed the old one...... luckily I keep this stuff backed up heh heh ).

EDIT: Ok I have managed to re-setup the database user with new password, got no idea why it wasn't working before but it's mysteriously started working *shrugs*. I have also went and password protected all my folders so they can't be viewable and will fail unless an index file is present in them heh heh oh and all the password resetting of course.

If it happens again than I have no idea how they managed it lol.

This post has been edited by Chesso: Aug 29 2006, 12:27 PM

Be sure to set the permissions on your template directory correctly.

I had a problem in Mambo once where I used the built in editor to edit my templates which required that I set the permissions on the folder and files to 777. I stopped using the internal editor and left my files read only and haven't had any problems since.

That is the only way I can think of to directly edit your file to insert an iframe into a file.

Hope you don't have any more problems with this.

vujsa

I don't use any of that mambo and template stuff. It's call done from scratch .

But I think I know what you mean, I don't really need write permissions of any files except besides from the cpanel file manager, that wouldn't be affected?

OMG, this has triggered some serious thoughts with myself. I had given 777 permissions to certain folders since a php scripts requires it to be that way....

I will write away change it back to 755

Don't do it unless you're positive you can. Some scripts will not function unless the files and/or folders are CHMODed to 777. Configuration scripts should NEVER be set to 777 unless they're blank and the installer needs to right to them but after that you should set the permissions back.

But like you said, "I had given 777 permissions to certain folders since a php script requires it to be that way...."
Keywords in bold. It must require it, so don't change the permissions. The script probably needs to write, read and execute to files inside those folders. The script will probably have limited functionality if you did this.

Upload folders MUST have 777 permission or else no one could upload stuff. The server would reject all uploads through the browser.

Just consult the manual (or installation guide) about file permissions.

NEVER give your public_html directory full permissions either.

[N]F

So, are you having any more problems lately? Hehe, always keep your watch over those security holes!! It's always easy to overlook them and wow... it must suck when you have those huge files 158kbps in your storage. Haha, I've had odd things happen to my site too.

Actually, my SQL files and databases we're messed up and I couldn't access the software!! Not even the panel... and doh! I had to uninstall (more like reformat) the software... well by deleting everything from my Astahost account drive and reinstalling the webboard software.

So, I have to say KUDOS FOR YOU!!! Backups are always great to have and more the merrier... and better if you have 'em every week or so

Well I test everything locally and use a somewhat identical content database, plus I wrote everything from scratch and it's pretty lean.

So if something got bunged that bad, I can just nuke and re-upload (re-run sql) in a couple of minutes and I'm back up again *shrugs* heh heh .