Possible Duplicates:
My server's been hacked EMERGENCY
Did My Server Get Attacked?
My Apache server has been attacked and the PHPbb3 forum installed has several files which were modified to display an iFrame. The attack inserted a php variable and value which then decodes to javascript which commands the client to load an iFrame with external content. Also my HEADER.html (header for apache directory browsing) file was modified and potential others.
The variable name used in the injected php is "$somecrainsignvar". I found similar attacks online. I understand maybe the forumn software is outdated and a potential security leak or maybe other sections on the server could be potenital leaks however all access to the server is restricted via htpasswd/htaccess, therefore I do not understand how the attackers/bot were able to make any changes or even gain access to the site.
Any help would be greatly appreciated. also attached is the javascript code injected via php.
No comments:
Post a Comment