Malware Related > Compromised Servers

bla.php script added to website

<< < (3/3)

100%Agave:
SysAdMini,

Thanks for the response.  It is IIS and the infections were definitely occuring before there was a database.  I checked the database for anything malicious that might have been attached to a field and did not find anything.  I removed the url redirects that were in the iframe and the meta-equiv tag this morning as soon as I came in.  Unless they are getting more active, it will be about a month before it happens again.  I am beginning to think that maybe the customer has a bad index page that he keeps replacing the good one with but I will have to check the logs for that.

I will check for the patches and make sure that they are up to date.  I was pretty sure that this was done just recently but let me run the update and see what comes up.

Thanks for taking a look.  I have changed the FTP and FP access passwords for this site.  I guess I will just have to wait and see if it happens again.

I am going to look through the log files and see if I can find out who may have logged into that site.

Thanks again.

Navigation

[0] Message Index

[*] Previous page