The client I'm working on mysteriously ended up running some malicious scripts on their site. I am a little puzzled that the site is static and not dynamically generated - no PHP, Rails, etc. At the bottom of the page, someone opened a new tag and script. When I opened the file on the web server and deleted the malicious content and reloaded, it was still there. How is this possible? And more importantly, how can I deal with this?
EDIT: To make it weirder, I just noticed that the script only appears in the source if the page is accessed directly as "domain.com/index.html" but not as "domain.com".
EDIT2: Anyway, I found some php file (x76x09.php) sitting on a web server that must have been updating the html file, despite my attempts to split it into a script. I am currently up to date, but I need to do some work to make sure rogue files do not just appear again and cause problems. If anyone has any suggestions about this, feel free to leave a comment, otherwise thanks for helping everyone! It was very appreciated!
source
share