Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Code Injection Problem 1

Status
Not open for further replies.
vicvirk

vicvirk

Programmer
Feb 4, 2009
636
CA
I have a website with JS as the only scripting language used - all the wepages have HTML extensions. The server is a LAMP setup, but I am not using any PHP or MYSQL on the site, again all pages are static with NO CMS and no forms.

The website itself does not contain any scripting pages (i.e. .php) within the directory structure. All I am using is:

1. .HTML pages
2. .CSS for stylesheets
3. .JS for javascript functions (there are about 3-4 in total)
4. Google Analytics

I am now having a problem with CODE INJECTION where some of the pages contain that dreaded iframe tag with script tags pointing to trojan files.

I don't want to post a link to the site just in case someone who doesn't have virus protection goes to it.

At this point, I cannot turn off the site, but will be able to do so later this afternoon (I'm in the Pacific time zone - North America)

So my questions are:

1. Can someone (or thing) inject code using javascript - if yes, how do I prevent it (a link to a reference will do if it's a lot of information...I can't seem to find one)

2. What other ways (if not JS) could the code injection be happening (if no through JS)?

3. Is there a forum on this site dedicated to these type of issues???

Thanks everyone..


--------
GOOGLE is a great resource to find answers to questions like "how do i..."

If you don't know exaclty what you want to do or what to search on, try Google Suggest: --------
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javasc
 
Sort by date Sort by votes
Hi

As far as I know, static sites which uses no external resources can not be cracked. That would mean, the server's security was compromised.

Could we see that site ?

Feherke.
 
Upvote 0 Downvote
Code: 
Hi

As far as I know, static sites which uses no external resources can not be cracked. That would mean, the server's security was compromised.

Could we see that site ?

I do think the server's security was compromised, as I tried to log in yesterday and the password was changed. I sent an email out to my client, but have not yet heard back.

When I was asked to re-do the site, the old one was written in PHP, and was getting compromised. We changed the FTP login and password and got rid of everything that had to do with the old site and I re-built it with zero server side scripting and got rid of all the forms. I was concerned someone was getting in somehow.

We were OK for over a month - with no attacks, but now we've run into the issue again.

Here is the url, proceed with caution, you'll have to type it in - I didn't want anyone accidently clicking on it...if you view the source, you'll notice a bunch of stuff that obviously should not be there (script and iframe tags). It has been OK for me if I simply hit escape before the page fully loads and view the source, but I can't do that from work - to riskly to potentially bring in a virus (or whatever it is) to a network of 3000+ computers.

[!]
----------------------------------------------------------------------------------------------------------------------
ON MAY 19, 2009 THE FOLLOWING SITE WAS COMPROMISED, PROCEED WITH CAUTION

a m b l e p a t h (dot) com (slash) index.html

----------------------------------------------------------------------------------------------------------------------
[/!]​

^ that's one word after the first dot (no spaces) - just don't want any search engines finding the name of the complex and having it come to a site saying there is a potential virus on it.

Here is the code from the homepage (obtained from w3c validator):


You'll notice right after the closing </head> tag there is a bunch of additional code, on the rest of the pages, besides the homepage, there are IFRAME tags located at the bottom and some have script tags inserted at the top.

Thanks for the help



--------
GOOGLE is a great resource to find answers to questions like "how do i..."

If you don't know exaclty what you want to do or what to search on, try Google Suggest: --------
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javasc
 
Upvote 0 Downvote
Looks like it was an issue with the hosting company - I got in touch with someone there and they said that a lot of other sites on the same box were infected with the exact same thing. The source is unknown at this time.

I'll be "fixing" it tonight, and have suggested to my clients that the site be moved to another host as soon as possible - they agree.

Thanks everyone for your help...

--------
GOOGLE is a great resource to find answers to questions like "how do i..."

If you don't know exaclty what you want to do or what to search on, try Google Suggest: --------
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javasc
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

rogerte
  • Locked
  • Question
Code that works on Windows, Android and Iphone
Replies
0
Views
293
rogerte
rogerte
amrmnabil
  • Locked
  • Question
React Problem
Replies
0
Views
138
amrmnabil
amrmnabil
bs6600
  • Locked
  • Question
Nested accordion problem
Replies
1
Views
95
bs6600
bs6600
tyutghf
  • Locked
  • Question
Konami code help 3
Replies
10
Views
183
tyutghf
tyutghf
deepumay15
  • Locked
  • Question
array input value how to replace decode value as Output using JavaScript code
Replies
1
Views
99
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top