Emergency - malicious script detected!
Today i visited my photoblog (pixelpost version 1.7.1) and AVG Antivirus detected a malicious script!
And that was not from the template files! Therefore it must have been generated by pixelpost code. Got my site hacked?
These are the suspicious lines:
Have anybody actually got a similar problem?
I have replaced the infected index.php by the original one.
Just wondering how that attack could have happened...! Of cource, i have not touched the index.php at all since the last update to 1.7.1!
Depending on your settings it is likely the computer your site runs on was hacked. Only with a CHMOD of 777 on the index file it is actually writable. If that is not the case, the attack originated from somewhere else.
It is likely your server runs several sites (also known as a shared box). Lot's of people use the server and might use outdated or insecure software, vulnerable to exploits. It is also possible the hacker used a well-know exploit in the software used by your hosting company to gain access to the system. If one of these exploits is severe enough the hacker could gain access to the other sites as well, since they are on the same box.
My guess would be an automated script is run, adding malicious code to every file starting with index. These can be HTML, PHP and so on. Could it have been caused by Pixelpost? Yes, there is always a possibility due to the fact you can use addons. We don't know if every addon is safe or if it contains vulnerabilities for these kind of attacks. The Pixelpost core code, which we do have under control, has undergone several independent security based cleanups to ensure the core code is very secure.
Many thanks for your reply, Dennis!
|All times are GMT. The time now is 09:25 PM.|
Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.