CPanel PHP Website - cleanup hijack scenario

views:

answers:

CPanel PHP Website - cleanup hijack scenario

Someone had changed my .htaccess, and I have removed that. But I still have phantom pages like this: http://www.biztalk-training.com/?puqr=usoe

I don't have any 404.php, 404.shtml, or 404.html pages. I checked CPanel for redirects on 404, and it looked empty (but would have created a 404.shtml if I filled it in).

If I type in something like this in the browser, I get a 404; http://biztalk-training.com/anything.html

I'm looking for what to kill, remove or fix to get red of the phantom page. I'm a developer (other platforms) with moderate familiarity with PHP and CPanel sites. I'm used to seeing domainname.com/progname.php?parm=test and I know how that works. But I don't know how the ?puqr=usoe is producing content on my site. They have other pages similar discovered by doing a site: search on google.

Thanks,

Neal Walters

+1 A:

Have you checked your index page? Under normal circumstances, http://www.example.com/?foo=bar will pass the query string (?foo=bar) to the index of example.com and will not produce a 404.

If these malcontents got write access to your server - and it sounds like they did - they could have easily modified your index page.

emmychan 2010-01-21 04:48:06

I think that's it. I renamed index.php to index2.php, created an index.php that just echoed "Hello World" and the problem went away. I'm using PHP-Fusion, I guess there is a vulnerability with their software for this injection to occur.

NealWalters 2010-01-21 14:21:20

ansaurus

tags:

views:

answers:

CPanel PHP Website - cleanup hijack scenario

related questions