Tycoon Talk
Become a Big fish!
The number 1 forum for online business!
Post topics, ask questions, share your knowledge.
Tycoon Talk is part of Freelancer.com - find skilled workers online at a fraction of the cost.

PHP Forum


You are currently viewing our PHP Forum as a guest. Please register to participate.
Login


Tycoon Talk > Web Development and Programming Support > PHP Forum > Malicious code Injection. How to remove?? PLEASE HELP!!!

Freelance Jobs

Reply
Malicious code Injection. How to remove?? PLEASE HELP!!!
Old 07-24-2010, 01:28 AM Malicious code Injection. How to remove?? PLEASE HELP!!!
CircleOfLinks's Avatar
Extreme Talker

Posts: 243
Name: Danny
Location: Sydney
Trades: 1
Talkupation: CircleOfLinks is on a distinguished road
Hey guys

a clients site of mine has Malicious code inseted and I can't work out how to remove it. I have tried searching for it but can't find it.

I have confirmed with web-sniffer.net/ (used googlebot) via the drop down menu and can see hundredss and hundreds of external links.

Has anyone experienced this? I have searched all the main files such as index.php / footer.php / header.php etc and can't find anything wrong.

The site is no longer appearing google via the keywords, and now also has a caution next to it when the domain name is entered is google direct.

The domain name www.strathfieldonline.com.au

where else can the information be stored and how do i remove it.

I appreciate everyones time

thanks
__________________
Danny

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
Last edited by CircleOfLinks; 07-24-2010 at 01:31 AM..
CircleOfLinks is offline
Reply With Quote
View Public Profile Visit CircleOfLinks's homepage!
 
 
Register now for full access!
Old 07-24-2010, 08:50 AM Re: Malicious code Injection. How to remove?? PLEASE HELP!!!
chrishirst's Avatar
Missing! presumed drunk.

Latest Blog Post:
A Simple DHTML Tabbed Interface
Posts: 42,385
Name: Chris Hirst
Location: Blackpool. UK
Trades: 0
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
Well it is being inserted after

Code:
<!-- footer_eof //-->
So you need to be looking around there in your code.
__________________
Chris. ->>
Please login or register to view this content. Registration is FREE
 <<-
A foolish consistency is the hobgoblin of little minds
Thought for today:- Is SEO the only industry where all the cowboys are Indians?
chrishirst is offline
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Old 07-24-2010, 09:05 AM Re: Malicious code Injection. How to remove?? PLEASE HELP!!!
ThailandForum's Avatar
King Spam Talker

Latest Blog Post:
Re: Kow Hin Yok temple near Chaiyaphum?
Posts: 1,415
Name: Sir Richard Cranium
Location: Bangkok Thailand
Trades: 0
Talkupation: ThailandForum is just really niceThailandForum is just really niceThailandForum is just really niceThailandForum is just really niceThailandForum is just really nice
Drive-By Downloads (what's this?) Threats found: 1
Here is a complete list:
Threat Name: HTTP Fake AV Redirect Request Location: http://www.strathfieldonline.com.au/index.php
__________________
ThailandForum is offline
Reply With Quote
View Public Profile Visit ThailandForum's homepage!
 
Old 07-24-2010, 12:36 PM Re: Malicious code Injection. How to remove?? PLEASE HELP!!!
Skilled Talker

Posts: 79
Location: Devon, England
Trades: 0
Talkupation: paaaaaaaaaa is on a distinguished road
First of all you will need to look around your files on your server. Look for any new and large files that shouldn't be there. Also look for any open chmoded 777 folders. These need to be protected by either a htacces file or by changing the permissions of them back.

If you find any of these files then chances are they have come from an unsecure script that your website is using. Is there an upload box allowing php files to be uploaded?
__________________
Please add to my Talkupation if I was helpful. Thanks.


Please login or register to view this content. Registration is FREE
-
Please login or register to view this content. Registration is FREE
paaaaaaaaaa is offline
Reply With Quote
View Public Profile Visit paaaaaaaaaa's homepage!
 
Old 07-24-2010, 08:25 PM Re: Malicious code Injection. How to remove?? PLEASE HELP!!!
CircleOfLinks's Avatar
Extreme Talker

Posts: 243
Name: Danny
Location: Sydney
Trades: 1
Talkupation: CircleOfLinks is on a distinguished road
Hey thanks for everyones input. deffantly something i'll be looking into later on today.

I just got a question.

I have spoken to my hosting company and they told me that, that version of ecommerce is out of date and i should update it asap to prevent it happening again. is that true?

also is there any way of doing a search through ALL FILES for <!-- footer_eof //--> what program can i use to do that??

I have searched many many files and i can't find it??

thanks again for your help

really do appreciate it.
__________________
Danny

Please login or register to view this content. Registration is FREE
|
Please login or register to view this content. Registration is FREE
CircleOfLinks is offline
Reply With Quote
View Public Profile Visit CircleOfLinks's homepage!
 
Old 07-25-2010, 08:50 AM Re: Malicious code Injection. How to remove?? PLEASE HELP!!!
chrishirst's Avatar
Missing! presumed drunk.

Latest Blog Post:
A Simple DHTML Tabbed Interface
Posts: 42,385
Name: Chris Hirst
Location: Blackpool. UK
Trades: 0
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
Quote:
that version of ecommerce is out of date and i should update it asap to prevent it happening again. is that true?
No idea, what version are you using?

index.php is where you will find the code

PHP Code:
<!-- footer //-->
<?php require(DIR_WS_INCLUDES 'footer.php'); ?>
<!-- footer_eof //-->
<br>
</body>
</html>
<?php require(DIR_WS_INCLUDES 'application_bottom.php'); ?>
__________________
Chris. ->>
Please login or register to view this content. Registration is FREE
 <<-
A foolish consistency is the hobgoblin of little minds
Thought for today:- Is SEO the only industry where all the cowboys are Indians?
chrishirst is offline
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Old 07-25-2010, 09:01 AM Re: Malicious code Injection. How to remove?? PLEASE HELP!!!
chrishirst's Avatar
Missing! presumed drunk.

Latest Blog Post:
A Simple DHTML Tabbed Interface
Posts: 42,385
Name: Chris Hirst
Location: Blackpool. UK
Trades: 0
Talkupation: chrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond reputechrishirst has a reputation beyond repute
Oh change any and ALL FTP passwords and make sure that every machine that has had FTP access is scanned for trojans.
__________________
Chris. ->>
Please login or register to view this content. Registration is FREE
 <<-
A foolish consistency is the hobgoblin of little minds
Thought for today:- Is SEO the only industry where all the cowboys are Indians?
chrishirst is offline
Reply With Quote
View Public Profile Visit chrishirst's homepage!
 
Reply     « Reply to Malicious code Injection. How to remove?? PLEASE HELP!!!
 
Previous Thread | Next Thread Tycoon Talk > Web Development and Programming Support > PHP Forum > Malicious code Injection. How to remove?? PLEASE HELP!!!

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




   
RSS Feed  Feeds: RSS   JS   XML
RSS Feed  Feeds for this forum: RSS   JS   XML



Page generated in 0.25393 seconds with 12 queries