php decode hacked my sites. Is it Virus

chillboat

Joined: 2009-11-04
Posts: 1

Posted: Thu, 2009-11-05 05:35

I Found a problem on my site and when i compare the files on the server with my local files i found that every page (*.js or *.php) has this line on it
<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC
or a javascript line

so i knew that my site has been hacked..
so
1 - i want to know how to prevent anyone to hack my site?
i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST['name'])

is this true? and can it help me?
2- how did anyone hack my site??
3- how i can know what does this code mean???
thanks in advance and have a nice day

Please help me. i am in trouble..If this is not the right place to post.

Than i request to DP Admin that please move my post to right Forum.

thanks

spam link removed by moderator

Login or register to post comments

nivekiam

Joined: 2002-12-10
Posts: 9281

Posted: Thu, 2009-11-05 17:32

Quote:

1 - i want to know how to prevent anyone to hack my site?

Don't use FTP, only use SFTP. They most likely broken into your account and used FTP. They may have also used an insecure application on your server like WordPress.

Change your passwords and replace Gallery with a current install and upgrade to the latest version.
FAQ: How to upgrade Gallery2?
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

Login or register to post comments

alecmyers

Joined: 2006-08-01
Posts: 3369

Posted: Thu, 2009-11-05 18:09

I think this is actually a spammer. He doesn't mention Gallery at all, there was a nasty spam link in the post, and who is "DP Admin" when he or she is at home?

Oh, and this is fairly compelling evidence (sheesh, I really must have *nothing* constructive to do today...)

http://forums.digitalpoint.com/showthread.php?t=1539289

Login or register to post comments

nivekiam

Joined: 2002-12-10
Posts: 9281

Posted: Thu, 2009-11-05 19:49

I was wondering the same thing about "DP Admin" and had my suspicions about the spamminess of the post.

Hey, supporting the forums is constructive

____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

Login or register to post comments

alecmyers

Joined: 2006-08-01
Posts: 3369

Posted: Thu, 2009-11-05 19:53

Quote:

Hey, supporting the forums is constructive

It's like masturbation, only more intellectual and less messy.

Login or register to post comments

nivekiam

Joined: 2002-12-10
Posts: 9281

Posted: Thu, 2009-11-05 20:02

We're in a downward spiral here, but...

I don't think I get nearly the same enjoyment out of one of those....
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

Login or register to post comments

alecmyers

Joined: 2006-08-01
Posts: 3369

Posted: Thu, 2009-11-05 20:08

ROFL

Login or register to post comments

chillboat Joined: 2009-11-04 Posts: 1	Posted: Thu, 2009-11-05 05:35
	I Found a problem on my site and when i compare the files on the server with my local files i found that every page (.js or .php) has this line on it <?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKC or a javascript line so i knew that my site has been hacked.. so 1 - i want to know how to prevent anyone to hack my site? i made on every textfield or textarea on posting or getting it the htmlspecialcharacter($_POST['name']) is this true? and can it help me? 2- how did anyone hack my site?? 3- how i can know what does this code mean??? thanks in advance and have a nice day Please help me. i am in trouble..If this is not the right place to post. Than i request to DP Admin that please move my post to right Forum. thanks spam link removed by moderator
	Login or register to post comments XUser login Username: * Password: * Create new account Request new password
nivekiam Joined: 2002-12-10 Posts: 9281	Posted: Thu, 2009-11-05 17:32
	Quote: 1 - i want to know how to prevent anyone to hack my site? Don't use FTP, only use SFTP. They most likely broken into your account and used FTP. They may have also used an insecure application on your server like WordPress. Change your passwords and replace Gallery with a current install and upgrade to the latest version. FAQ: How to upgrade Gallery2? ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here
	Login or register to post comments
alecmyers Joined: 2006-08-01 Posts: 3369	Posted: Thu, 2009-11-05 18:09
	I think this is actually a spammer. He doesn't mention Gallery at all, there was a nasty spam link in the post, and who is "DP Admin" when he or she is at home? Oh, and this is fairly compelling evidence (sheesh, I really must have nothing constructive to do today...) http://forums.digitalpoint.com/showthread.php?t=1539289
	Login or register to post comments
nivekiam Joined: 2002-12-10 Posts: 9281	Posted: Thu, 2009-11-05 19:49
	I was wondering the same thing about "DP Admin" and had my suspicions about the spamminess of the post. Hey, supporting the forums is constructive ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here
	Login or register to post comments
alecmyers Joined: 2006-08-01 Posts: 3369	Posted: Thu, 2009-11-05 19:53
	Quote: Hey, supporting the forums is constructive It's like masturbation, only more intellectual and less messy.
	Login or register to post comments
nivekiam Joined: 2002-12-10 Posts: 9281	Posted: Thu, 2009-11-05 20:02
	We're in a downward spiral here, but... I don't think I get nearly the same enjoyment out of one of those.... ____________________________________________ Like Gallery? Like the support? Donate now!!! See G2 live here
	Login or register to post comments
alecmyers Joined: 2006-08-01 Posts: 3369	Posted: Thu, 2009-11-05 20:08
	ROFL
	Login or register to post comments

php decode hacked my sites. Is it Virus

XUser login