Somehow someone is injecting content into every page on my site, it seems to be coming from the channel module, I dont want to put any details up publicly, can someone let me know who to PM in order to pass on more details. Thanks
This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.
The active forums are here.
August 04, 2011 7:14pm
Subscribe [4]#1 / Aug 04, 2011 7:14pm
Somehow someone is injecting content into every page on my site, it seems to be coming from the channel module, I dont want to put any details up publicly, can someone let me know who to PM in order to pass on more details. Thanks
#2 / Aug 05, 2011 7:48am
Hi eoghan,
Thanks for reporting this. We take security very seriously and will do our best to work with you on figuring out what’s going on. To that, we need some additional information from you…
1. EE version and build (found at the bottom of your control panel)
2. Other scripts on your account, whether in use or not (phpBB, etc…)*
* If this is a shared hosting environment, the host can make a determination if the attack came through scripts on another account on the server, which is commonly the case with these types of hacks.
While we work through this, please check through these files:
* path.php (if using EE 1.x)
* config.php
* index.php
to ensure that there is no unusual code such as iFrames or Javascript includes; if you do find that code, then please back-up the file and remove said code. If you are unsure of what does or doesn’t belong in these files, do not hesitate to ask.
You may also wish to refresh your files by following the build update instructions.
Also please ensure that you report this to your host immediately as they can help identify where the attack originated from so that steps can be taken to prevent this in the future.
#3 / Aug 05, 2011 7:49am
Feel free to PM myself any other relevant details
#4 / Aug 05, 2011 11:03am
Hey John,
Thanks for the quick reply! I was thinking about this a bit more and I think its more to do with the host, than the software, however I would like to take all necessary steps to prove that.
My EE version and build are 1.7.0 / 20101018
There are no other scripts or systems on the domain but there are on the hosting account.
path.php, config.php and index.php are clean.
I’ve contacted my host and I’ll report back with any updates.
Cheers
#5 / Aug 05, 2011 6:27pm
Okay, got some support from my host, apparently the intrusion occurred on another domain in another file which infested across all domains on my hosting account. Its not EE, thank God!
Crisis over! You can consider this matter closed 😊
#6 / Aug 05, 2011 6:41pm
That’s unfortunately pretty common, SF9. Thanks for the update and glad you found the culprit!