Js redirector trojan7/28/2023 ![]() ![]() if your application is infected, then I think there are tow posiibilities:ġ.they have used some security hole in YOUR application to inject some code into your server, so now they have changed some of your PHP files, or some of your database information. PHP Programs are actually simple text files that run on the server by the PHP interpreter. They may be able to help, and it would be wise to let them know about this. If you are not the server administrator, talk to the server admin. A few people who have complained about this mentioned that they use Gallery (ie PHP Gallery). But you will also need to fix the security vulnerability that allowed this to happen in the first place.Ĭhances are it's some insecure app, or an app you installed some time ago but have not updated recently. If you have source control or a recent version, you may be able to do a whole-site diff. Not sure if this is what is involved here.įixing this may involve restoring your web site from backup, if you have no way of knowing what has been modified. ![]() ![]() When searching for information on gumblar.cn, it looks like they use a trojan called JS-Redirector-H. :)Ĭhances are, there is an application on your server with a known vulnerability that has been attacked, and something has modified files on your web site or installed a new file. The nature of the attack (an import of malware from a site that appears to do this kind of thing en masse) suggests that you were running an exploitable application or that your username/password combination was not sufficiently strong, but the administrators at your provider are really the only ones able to supply accurate details on how this happened. Make sure your host has good policies on this and make sure that none of your software unequivocally trusts local connections or users. Shared hosts also have many people with access to the same local machine, so things like file permissions and patching of locally-accessible exploits both within your application and generally is very important. They may not have noticed anything unusual for instance, if you have an easy password, or if this attack was perpetrated by a trusted individual, or if you have an unpatched exploit in a custom PHP application, there would be nothing to indicate an improper use. Work with the administrators at your hosting provider to understand what happened in this particular case and do things to correct it. This should help keep people from bruteforcing your credentials for enough time for competent sysadmins to take action against the attackers. It should also be reasonably long, ideally more than 26 characters. It should have nothing to do with your life, it should have no readily available acronyms or mnemonics, it should not resemble a dictionary word, and it should contain a healthy interspersing of different characters numbers, letters of different cases, and symbols. A strong password is a long, random list of characters. It's very possible to gain access to local files through exploits in PHP programs, so keep any third-party applications you're running on their latest versions (especially very widespread programs like Wordpress and phpBB), and do whatever you can to ensure that your server is running the correct versions of its services (PHP, Apache, etc.). No one here can provide a conclusive solution based on the information you provided, so all we can suggest is that you follow good security practices and standards and correct any weak points immediately. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |