: What does this code mean that was placed in my hacked Web site? My website was hacked, with the following code added to the end of the page: <img heigth="1" width="1" border="0"

@Lengel546

It is not enough to simply delete that snippet of code. And this is not what you do first.


First you need to look for a newly added folder on your server called .log. Delete it.
Then you need to delete one or two bogus .php files placed either on root or in subfolders
Then you need to either delete a .htaccess folder placed on your server, or rewrite an existing one (please see blog.unmaskparasites.com/2011/05/05/thousands-of-hacked-sites-seriously-poison-google-image-search-results/ Finally, you delete that code snippet you mention

Vote Up Vote Down

@Sarah324

imgddd.net shows up on MalwareDomains.com's list (as of 4/26/2011) as a malware distributor; it appears as though the t.php script has been taken down, however, the main page remains active with what appears to be a Flash-based exploit; I'm not interested in seeing it in action, and would advise against testing it out yourself.

There are a variety of maliciously-crafted image file exploits in the wild - this was probably an attempt to launch one.

If your browser crashed, there is a possibility your machine was compromised by viewing the image file in question. Take appropriate precautions by scanning your machine for viruses, malware, and rootkits.

You will also need to audit your hosting account to determine how the malicious image link was added to your page - start by contacting your hosting provider.

Vote Up Vote Down