1

In my 2003 webserver there is a script added automatically in home page of websites. http://imgddd.net/t.php?id=16379119 How colud the link added in website. How to stop this kind of attack on server.

Please if anybody have solution give me.

Regards,

Jagat Sheth

Jagat Sheth
  • 71
  • 1
  • 5

1 Answers1

0

This looks like it has been injected on your server because of weaknesses in your server's and/or web application's and/or FTP security.

Here's some more really helpful information on the imgxxx.net malware hack and how to check the extent of infection and steps to remove and protect against.

(variations might contain url imgaaa.net,imgbbb.net,imgccc.net,imgddd.net)

To summarise:

Do you have anti-virus software installed? Do you have file upload capability in your site that is publically accessible? Have you altered the permissions to any folders in your website beyond those set by default by IIS or Apache?

Running Anti-virus software on your server is essential (try Microsoft Security Essentials 2 for initial protection). Else products like F-Prot, Nod32 and McAfee.

Review your security policies on RDP and FTP access and if possible restrict access to specific IP addresses.

And then also look at securing your application from Cross Site Scripting (XSS) and SQL injection vunerabilities. Products like URLScan 3 and products by companies like Port80 software are good too.

Andy

Andy Davies
  • 319
  • 2
  • 6
  • Hi Andy,Thanks for your reply. How it could injected, we have sophos endpoint security installed on our server, we have cisco pix firewall on our server. For application IIS security what I have to do for best security. Yes we have a upload facility also on our site. – Jagat Sheth May 26 '11 at 09:06
  • Hi Andy,Thanks for your reply. How it could injected, we have sophos endpoint security installed on our server, we have cisco pix firewall on our server. For application IIS security what I have to do for best security. Yes we have a upload facility also on our site. I have assign full rights for IIS users for particular website. 2003 server installed on our server. How to use urlscan in our server? it will affect server/application's performance or any other issue created if you know? please let me know solutions if you have. waiting for your reply. once again thanks. – Jagat Sheth May 26 '11 at 09:17
  • Hi Jagat, Information about IIS security and URLScan installation and configuration are available from [www.iis.net](www.iis.net) site as well as other questions/answers on this site. Spend some time researching IIS security for web application and FTP access. Andy – Andy Davies Jun 06 '11 at 12:52
  • Hi Jagat, Take a look at this blog post - [http://redleg-redleg.blogspot.com/2011/05/cleaning-up-imgaaanet-or-imgbbb-or.html](http://redleg-redleg.blogspot.com/2011/05/cleaning-up-imgaaanet-or-imgbbb-or.html) and review your FTP security. Consider logging FTP access and reviewing for suspicious activity. Also look at changing passwords and restricting access to specific IP addresses if possible. – Andy Davies Jun 06 '11 at 12:52