- #1
bigdawg723
- 13
- 0
WEBSITE HIJACKED - Php code infected! - HELP!?
Hey All,
I've got a major *$%#@ problem. I'm freaking out here.
Check this out.
On my website, I have a way to allow visitors... to become distributors and sell my product as well. When they become a distributor, it creates a subdomain for them and, basically, an exact copy of my website in that subdomain folder.
So... not only do I have my set of about 20 php pages and a solid 20+ php includes... I have to multiple those numbers by roughly... 50 distributors or more!
Here's my problem.
EVERY, not just a few... not just the pages (also includes, etc)... not just my root directory (also all subdomains)... EVERY PHP FILE has a new line of code at the very top that is a Script to a php file (oo.php) on another website that redirects every visitor to a new site and it's one of those 'fake antivirus' programs that are, essentially, a virus in their own.
When I first saw the redirect, I knew I was hijacked... but I assumed it was just 1 thing injected into my SQL Databases... or a simple code change or file somewhere... but it is THOUSANDS of files... and yes, I could go ahead and remove that snippet of code from each php file... but I still wouldn't know where it came from and I can only assume that the process which infected those pages still exists and would reinfect them all again the the very near future.
I'm begging you for help.
I know my contact form doesn't "close" the inputs or something... because it sends all contacts to the database table... and there's some major vulnerability there... but I couldn't find any entry in that database with any malicious code... perhaps it auto-deleted itself or something?
Please, I beg you, please lend a hand if you know anything about this.
Thank You,
Josh
Hey All,
I've got a major *$%#@ problem. I'm freaking out here.
Check this out.
On my website, I have a way to allow visitors... to become distributors and sell my product as well. When they become a distributor, it creates a subdomain for them and, basically, an exact copy of my website in that subdomain folder.
So... not only do I have my set of about 20 php pages and a solid 20+ php includes... I have to multiple those numbers by roughly... 50 distributors or more!
Here's my problem.
EVERY, not just a few... not just the pages (also includes, etc)... not just my root directory (also all subdomains)... EVERY PHP FILE has a new line of code at the very top that is a Script to a php file (oo.php) on another website that redirects every visitor to a new site and it's one of those 'fake antivirus' programs that are, essentially, a virus in their own.
When I first saw the redirect, I knew I was hijacked... but I assumed it was just 1 thing injected into my SQL Databases... or a simple code change or file somewhere... but it is THOUSANDS of files... and yes, I could go ahead and remove that snippet of code from each php file... but I still wouldn't know where it came from and I can only assume that the process which infected those pages still exists and would reinfect them all again the the very near future.
I'm begging you for help.
I know my contact form doesn't "close" the inputs or something... because it sends all contacts to the database table... and there's some major vulnerability there... but I couldn't find any entry in that database with any malicious code... perhaps it auto-deleted itself or something?
Please, I beg you, please lend a hand if you know anything about this.
Thank You,
Josh