tag:blogger.com,1999:blog-5365964245877416061.post1967055500731544192..comments2024-02-23T05:31:25.274+01:00Comments on XyliBox: js.php/counter.js/confdb.php/facebook.php infectionSteven Khttp://www.blogger.com/profile/00282466473904820396noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-5365964245877416061.post-78061864210411702182011-05-18T11:11:40.093+02:002011-05-18T11:11:40.093+02:00Hi Vince, i don't think IP blocking (193.105.2...Hi Vince, i don't think IP blocking (193.105.240.93) will be a solution.<br />It's a server IP not the bot IP, or if your server logs each ip who make a file modification ?<br />I guess that can be a solution but temporary..<br />like i've says to Hector, secure your code and change your database password, that the best way.<br /><br />.htaccess ~<br />order allow,deny<br />deny from 193.105.240.93<br />allow from allSteven Khttps://www.blogger.com/profile/00282466473904820396noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-10583252403274728612011-05-18T05:08:02.626+02:002011-05-18T05:08:02.626+02:00I've been hit by the bot as well and I'm w...I've been hit by the bot as well and I'm wondering if blocking the IP will work.?<br /><br />This seems to be fairly common because a friend of mine got hit as well and we're in 2 different countries and on totally different servers.<br /><br />Sucks to have to edit all of the index pages and remove the "virus" all the timeVincehttps://www.blogger.com/profile/15294175652719818352noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-78463216540025445642011-04-27T15:00:41.565+02:002011-04-27T15:00:41.565+02:00Hi Hector,
You need to secure your sql query when ...Hi Hector,<br />You need to secure your sql query when you call the database.<br />These infection come from a bot who crawl internet and search for potential sql injection vulnerabilities.<br />In PHP you can use mysql_real_escape_string()<br />if you want an example:<br /><br />$id = mysql_real_escape_string($_GET['id']);<br />$response = mysql_query('SELECT users FROM website WHERE id =\'' .$id. '\'');<br /><br />after i recommend you to check your whole code for php backdoors or others vulnerabilities (include, LFI, upload, etc..)<br />And if nothing check if the Safe Mode of your server is off (not secure) or activated.<br /><br />It's a simple injection sql but when you are infected... you should review and check all your code.<br />prevention is better than cure ;)Steven Khttps://www.blogger.com/profile/00282466473904820396noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-72861716260980433822011-04-27T05:57:45.195+02:002011-04-27T05:57:45.195+02:00Hi... my sites have been attacked with this code.....Hi... my sites have been attacked with this code.. how can i fix this??Hectorhttp://google.comnoreply@blogger.com