My webspace has been hacked!


#1

This or a variation of this code has been added to all my index.html files

It opens various other websites, or tries to download a trojan

I can’t find out how they did it. The access logs don’t show anyone else logging in. support never got back to me. I have deleted all my users, changed my ssh and ftp passwords.
Google now show me as an attack site!!

Suggestions?

–cut

-cut

#2

[quote]I can’t find out how they did it. The access logs don’t show anyone else logging in. support never got back to me. I have deleted all my users, changed my ssh and ftp passwords.
Google now show me as an attack site!![/quote]
Read http://wiki.dreamhost.com/Troubleshooting_Hacked_Sites or find someone who can do all that for you.

:cool: openvein.org -//-


#3

I’ve fixed quite a few hacked sites on DH accounts that used index file script embeds as their primary target. Most are WordPress exploits, but with the most recent one the hackers hadn’t cleaned up after themselves correctly and had left files on the user’s account that indicated a PERL attack. Check your root userspace for any PERL scripts, as you might be able to glean info from the contents if they remain present.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost