Javascript Injection Attack

[Skylink]

Hello, both my site and that of another VA have been hit today by a Javascript injection attack. Mine was hit about 1300 GMT, his approx. 1000 GMT today.

Has anyone else been hit by such an attack? We're running two totally different servers (mine is dedicated, his is virtual), at different data centers by different providers. Only things in common are phpVMS and SMF (I'll be making a similar post on the SMF forum soon!)

Anyone?

Thanks!

Chris

[Skylink]

Update, for me, the infected files were:

/index.php

/core/Modules/Login/Login.php

And the SMF file was

/<FORUM LOCATION>/index.php

[James142]

Sorry to hear that. How much damage was done?

[Skylink]

Some encrypted Javascript was injected, so not really sure what it did! Full scan of my server (thankfully my other sites were set up as virtual hosts, so it didn't get to them), revealed nothing else. Seems the Javascript tried to re-direct users to another website, though.

[Tom]

SMF is terribly insecure from what I've heard. Sounds like that's the cause of the problem... you should probably switch to phpBB or something custom.

[Skylink]

Hi Tom,

Heard where? I've used SMF for a good number of years on other sites, never once had a problem - maybe I've just been lucky?

At any rate, I shall continue to monitor my logs and hope it doesn't happen again. SMF are pointing the finger and phpVMS, and here we're pointing the finger at SMF - ahh well!