National Security… ok not quite

Today, I awoke to find that my website was not quite behaving like normal. I was getting a lot of PHP errors and my brother reported getting a virus warning when logging into my forum. It turns out that someone had exploited a security hole in some software that drives the site. Fortunately, all they did was append a bit of code to files (instead of removing files or something more malicious). Unfortunately, it was quite a few files and it took me a while to fix them all. The files affected all had names containing the words index, login, header, footer, default… things like this. The big of code they included was:

I’m putting it here as I couldn’t find anywhere on the web any description of who these guys were or what the site they were linking back to was about (the site just timed out when I tried to go there directly). So if anyone knows anything about these guys, I’d be interested in hearing about it.

<IFRAME name=’StatPage’ src=’‘ width=5 height=5 style=’display:none’> </IFRAME> <IFRAME name=’StatPage’ src=’’ width=5 height=5 style=’display:none’> </IFRAME>

It turns out that the hole was easily fixed by my hosting company, which is nice. But it still caused more stress and wasted effort than I’m happy with.

2 thoughts on “National Security… ok not quite”

  1. Hey you very helped me, same thing here, also i dont know how they put that line in my index.php

    now i deleted it and page is owkay again.

    if you remember, what were the names of the files they put on your server?

  2. They didn’t put any actual files on my site, they just modified many of the existing files to have that line in them. Most .php and .html files seemed to have it.

    I’m glad I was able to help. My web hosting service said that it was a vulnerability in cpanel, so you might look into making sure you have the most up-to-date version.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.