Results 1 to 5 of 5
  1. #1
    Join Date
    Mar 2001

    Bloodhound.Exploit.6 on my PHP file

    Please help me here.

    We received a few calls saying that they are getting a warning when they visit our websites. The warning from Norton is that the pages are infected with Bloodhound.exploit.6

    I have checked Symantec and it says that this does not affect Linux!

    I found the following code at the end of index.php page on the server:

    <iframe src="" frameborder="0" width="0" height="0" style="dispaly:none; visibility:hidden" ></iframe>

    Please help me here, how can I locate and remove the problem.

    My site is on a shared host server is Linux, running on CPanel

    Any help is very much appreciated.


  2. #2
    Join Date
    Aug 2003
    Maybe some of the following will help:

    The main issue is figuring out how the code is getting appended to those files. Try removing the code and refreshing the page. If it's still there, something is actively attaching the code to those pages as they get called. Maybe hiring a security/administration company is in your best interest. Good luck!

  3. #3
    Disable dl in /usr/local/lib/php.ini (or wherever yours is)

    enable_dl = Off

    and restart apache after making this change - It looks like someone is loading that dynamically into your php.

  4. #4
    Join Date
    Mar 2001
    I am on a shared host, therefore I don't have access to php.ini file.

    My host replied me:
    We have not had any other users having this problem.

    Again you will need to have your scripts update so that users can not input code and post it to your page. Using a strip command you can do this.
    The correct command will remove any form of code.

  5. #5
    Join Date
    May 2002
    your host support is correct. most likely you have some bad coded script which have a security hole. many popular free scripts (and paid too) have a many vulnurabilities. if you have installed any free or paid scripts, check vulnurabilities warnings for approriated scripts and if you find anything, update your scripts to newest version and you will be safe (temporarily).
    if you have own scripts, check where you allow to visitor, upload any code to your account. for example many beginners not check include function, or use GET requests without checking who send it and from where (not check referer) and so on.
    Rustelekom LLC Dedicated server since 2002, RIPE NCC member, LIR, AS51168

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts