Webhosting hacked - How did they do it?

ormus7577 · Post by **ormus7577** » Fri Aug 01, 2008 12:40 pm

Hi,

My webhosting has been hacked. My websites contain some encrypted Javascript. I've already contacted my hosting company and they have a look. Only thing I can imagine right now is that they managed to get hold of my login password.

Still, here's a thing I do not understand: Why are my generated s9y pages also injected with that javascript? Check for example

Code: Select all

http://familie.lobenstein.info/

(ATTENTION: I suggest you disable Javascript, as the code is still there, though I'm somewhat sure it's rather harmless). The Javascript is near the end of the generated page. It is not found in the template. How does the caching work? I'm very confused how that Javascript ended up in a php-generated website. I can understand it for static html pages...

Can anyone please tell me a little more about the page creation and caching of s9y?

Post by **garvinhicking** » Fri Aug 01, 2008 1:12 pm

Hi!

The javascript might be encrypted so that you might not see it. There are various methods on how to inject code using PHP output buffering, PHP global auto/append methods or file traversal to inject the code.

So you might want to check the files index.php, .htaccess and files in templates_c (those contain compiled code from Smarty).

Regards,
Garvin

ormus7577 · Post by **ormus7577** » Sat Aug 02, 2008 1:58 pm

For the record, my hosting service (1und1) found out, that the security leak was in another software I used, so no need to worry about possible s9y flaws...

Webhosting hacked - How did they do it?

Webhosting hacked - How did they do it?

Re: Webhosting hacked - How did they do it?