Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
Malicius script inserted
Hi All
I have been using textpattern happily for some years now. some time ago I tried upgrading to the at that time lates release, but I failed and kept running version 4.0.4.
the site is galakse[dot]dk
I think I have been exposed to some sort of ftp hack, and have accordingly disabled some ftp accounts and changed the passwords on the remaining accounts.
In all index.html and index.php the last line in the file has the foreign script inserted. I have manually removed all of those occurrences of the script but it is still present at the top of all textpattern files. I have searched through all the textpattern files and have not found any occurrences of the script I even searched through the database tables and did not find the script (I might not have searched thoroughly there though).
You can see the foreign script at the top of all textpattern pages on my website.
Any suggestions to what I can do to remove the script?
all the best
Sune P
Removed direct link. Do not click if you don’t know what you are doing. The site has JavaScript calls that link to the attacker’s external server. -Gocom
Last edited by Gocom (2010-07-16 12:06:22)
Offline
Offline
Re: Malicius script inserted
Try reading this which deals with the same pantscow.ru issue and could get you off in the right direction.
Last edited by joebaich (2010-07-16 12:04:21)
Offline
Re: Malicius script inserted
HI all thanks for the quick replies.
Regarding the back ups… the usual story… real men don’t back up, they cry :(
And the webhostingtalk forum already made me change accounts and passwords.
and I have managed to successfully remove the script from all non php pages.
I was wondering if anyone has any insights into which textpattern files the script could get into the page? I would like to remove it, manually. otherwise I will have to install everything all over again.
Sune
Offline
Re: Malicius script inserted
sunep wrote:
I was wondering if anyone has any insights into which textpattern files the script could get into the page?
Any file that the frontside uses, which basically means, any and every. You might want to look into the file timestamps. The files that were modified most recently. Or you could open all the files and search for the malicious code. Most syntax editors can do searches.
Tho, no one can guarantee that there isn’t anything else added into the files, if you don’t compare them to the originals.
Offline
Re: Malicius script inserted
well, I tried searching through all the files in the textpattern folder and removed it whereever I found it, which was only at the bottom of the pages.
now when I download ll textpattern folders and grep for pantscow.ru nothing shows up. perhaps it is time to dump the structure completely and then figure out how to create a new site… it is about time anyway… if only I had the time.
Sune
Offline
Pages: 1