Virus code entered in PHP files

Question

Virus code entered in PHP files

I have a website running on LAMP - Linux, Apache, mySQL and PHP. Over the past 2-3 weeks, PHP and jQuery files on my site have been infected by malware from gumblar.cn

I don’t understand how this malware enters my PHP files and how I can prevent it from happening again and again.

Any ideas?

UPDATE:

Looks like this is a cpanel exploit

+3

php server-side shared-hosting virus

Vinayak May 01, '09 at 6:28

source share

10 answers

Francis · Answer 1 · 2009-05-01T06:34:56+0000

Your site is hacked , so crackers simply replace your files.

You should always update your Linux, Apache, MySQL, PHP, and PHP web programs whenever a security warning is issued.

Linux-, , , .

jeffcook2150 · Answer 2 · 2009-05-02T18:11:52+0000

, , , , .

, . PHP-, , ( , Wordpress phpBB), , (PHP, Apache ..).

. . , , ; , . , 26 . , .

-, , , -, . , ; , PHP, , .

, , , . , , .

( , , , ) , - , , , . .:)

thomasrutter · Answer 3 · 2009-05-04T06:34:21+0000

, , , - - .

gumblar.cn, , JS-Redirector-H. , , .

- , , . , . , .

, - , , . , , , Gallery (, PHP Gallery). , .

, . , .

Andrioid · Answer 4 · 2009-05-04T06:46:52+0000

Google: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://gumblar.cn ( )

. , .

PHP ( PHPBB, Mamboserver ). - PHP-, , .

, , . , (, ) ( ) PHP- ( ).

farzad · Answer 5 · 2009-05-04T05:23:37+0000

PHP- - , PHP. , , :

1. - , PHP .

, , ( , , cookie,...), , . , . , , ( ), . Zend_Filter Zend Framework . .

2.they , PHP. - - / script , .

, , . , .

markus · Answer 6 · 2009-05-04T06:43:10+0000

, , SO - , , , / ppl .

, , ppl , , , , , .

: google gumblar.cn, , .

, , , :

Google , , . , , . "".
( ) FRESH INSTALL!!
(, ) . , php, .
PHP, . , , , .

user58777 · Answer 7 · 2009-05-16T12:13:35+0000

/ . , :

1) TROJAN . , ( > ... Windows + R) "cmd" "regedit". , , Js: Redirector. , aVast Malware Bytes - ( , ). , , , , , .

2) , -, - inflash pdf-, , , t Internet Explorer!

, , , , Windows "", ( - ..), , , , , . , -IE ! , , .., , BAD Windows. : Windows , (aVast Web Shield + Network Shield).

3) , FTP-, , !

4) lceanup Malware aVast, , ".ctv" 14 . ( ), ( , , , , HiJackThis , , )

5) , , , !

6) FTP, IP- script/hacker .

7) "" , .

8) DONT ! aVast Home Edition "Web Shield", .

Dan Klassen · Answer 8 · 2009-05-01T17:30:45+0000

, , .

ftp- - . , . , "", - ftp-, , , . ftp, , , IP-, . , IP- .

Stuart · Answer 9 · 2009-05-03T02:27:44+0000

- (gumblar.cn, ) . : http://www.siteadvisor.com/sites/gumblar.cn/postid?p=1659540

Kibbee · Answer 10 · 2009-05-16T12:29:27+0000

- -. - - - Apache, PHP , . , , PHP HTML . , , , . , , , , , , , ( ), , , , , .

Needless to say, I quickly switched hosting providers right after the infection of my site. My hosting provider was pretty bad in many other ways, but that was pretty much the final straw.

Virus code entered in PHP files

More articles: