Knowledgebase

File injected. How come?

Posted by sniperscope, 10-15-2012, 01:50 AM
Hello All Today i found out that all of my customer accounts' has file injected(some php code only index.php and some of footer.php) files and i have checked that injected files permissions was 0755. The another interesting point is this code always added right after first closing php tags ( ?> ) I really appreciate for any help or any idea. Regards This is what was injected into all files
Posted by Dr_Michael, 10-15-2012, 07:54 AM
Usually it comes from FTP if they have hacked the passwords. Did you check the logs to see where it comes from? Are we talking about hosting clients or you have created their sites? Do you personally had access to all those accounts? If yes, then it might be your pc infected and the hacker got all of the ftp passwords.
Posted by sniperscope, 10-15-2012, 08:10 AM
Dear Michael After very loooong day research i found that you are right. I have many accounts in my servers and only accounts which i maintained was infected. I use Filezilla for FTP client. What i have done so far Removed Filezilla. Change entire accounts passwords (of course sent mail to every single customers to let they know) Changed root password of all servers. Scan all servers clamav update all servers' software update all servers' whm/cpanel Hope this steps saves someone else time. Thanks for reply and interest. Have a great day.
Posted by Dr_Michael, 10-15-2012, 08:16 AM
Filezilla is fine except the fact that it saves the passwords in a single text file without encryption. There is a way to make Filezilla to secure the saved passwords. If you google it, you may be able to find the solution. You have also to check your personal computer. Install this free software: http://www.malwarebytes.org/products/malwarebytes_free/ and perform a full scan to your hard drives. Last but not least, change the passwords by using the random password generator of WHM. This will secure very strong passwords, hard to guess or hack. Change all the passwords from time to time!
Posted by sniperscope, 10-15-2012, 08:56 PM
Fantastic Thank you for your interest and help. Best Regards
Posted by BestServerSupport, 10-16-2012, 09:08 AM
I would also suggest you to scan your local machine from where you do FTP using latest anti-virus/anti-trojan software. It may be possible that your local system is infected with some of of trojan/malware which steals passwords. The second thing is that do not share your passwords with others and also store them in a secure place.


Was this answer helpful?

Add to Favourites Add to Favourites

Print this Article Print this Article
Also Read
VPS with cPanel no longer resolving (Views: 557)
extending LVM (Views: 627)
I'm looking for a good hosting service in Europe (w/ cpanel) (Views: 603)
Cloud Hosting with cPanel (Views: 631)
Optimize lighttpd for video site (Views: 607)


Language:

Client Menu

 

Client Login

Email

Password

Remember Me

Search



  
 

Clients

Hosting

VPS Hosting

About Us

Contact Us

Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.