: Malware script injection: tried everything, found nothing I am facing the following situation: Some of my websites started getting infected by malware infection (iframes loading malware scripts).
I am facing the following situation:
Some of my websites started getting infected by malware infection (iframes loading malware scripts).
I have tried everything that comes to my mind.
I checked FTP logs to find out if access was made via ftp.
I downloaded the home directories and scanned all files. Many times. My hosting company (very helpful so far) scanned my affected accounts. 2 or 3 times each.
I manually checked the code of all the files that are requested by the page that has the injected code.
I scanned for file size and file creation changes.
I found nothing.
One of these websites got listed as infected by google. I deleted all files from the server and used the production copy on my dev server. Before that, I changed the password to something theoretically unbreachable (password length 50 containing varchar and specialchars + max 5 failed attempts before the server locks down for brute force attack) and switched all my connections to SSL.
Note: SQL injection is out of the question as it uses no database.
Then I requested a new review through google webmaster tools. The site was found clean. That was 5 days ago. Today it is infected again!
I am out of ideas.
Any help?
More posts by @Ravi8258870
1 Comments
Sorted by latest first Latest Oldest Best
The problem got solved. After doing some research, I found out that Apache itself can be used to deliver malware.
Some more info on that www.symantec.com/connect/blogs/extending-apache-serve-malware-0
and www.stopthehacker.com/2011/05/23/apache-used-to-inject-malware/
Lot's of more info if you google it.
Thanks for your comments.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.