Hacked - file replaced


#1

Curious how this could happen. I am not much in understanding file security and such but on one of my websites the /lang/en.php (file for the English translation of the site) file was replaced last Friday with a short script in the php:

<script> window.location='http://blacksiteamrussi.webcindario.com/polipo.htm'; </script> Fortunately is did not work in redirecting, just gave an error. However, how was this done? The directory has drwxr-xr-x permissions and the file itself has -rw-r–r-- permission. Any ideas and thoughts on this so that I can understand the cause a bit better.

Thanks.

Allan


#2

Either someone was able to FTP in as you, or, more likely, there’s a security hole in the software you’re running on your site.

-Scott


#3

Thanks. The software is “phprecipebook” and they just recently put out a “SQL Injection” patch. Reviewing my SQL, it looks like they got that too so they may have used this vulnerability. So updating. Thanks again.