Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By theorichel on
All of a sudden my site is inaccessible. Error message: Parse error: syntax error, unexpected '<' in /home/www/klimatosoof/index.php on line 37
I have however not changed that file and it still is identical to the version I can download from the Drupal site. The date however suggests that the file was changed yesterday (jan 10 ). The permissions are 644.
Any explanation would be greatly appreciated.
Thanks
Theo Richel
Comments
Look at or post the contents
Look at or post the contents of index.php.
It is very likely your server has been compromised and miscreants have added code (HTML / JS) to index.php.
See also
http://drupal.org/node/99177
http://drupal.org/node/163833
There must be many other reports as well.
It's best to contact your hosting provider.
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
You are right, thanks
My hosting provider has informed me that some russian had added two lines both to index.php and index.cgi. They are removed and it works allright again. I have understood now that this isnt a Drupal issue.
Thanks again.
hosting?
can you please contact me, i have heard of claims as to hosting providers having internal compromise issues.
who is your host? and did you have them attempt to forward the ip, and needed information to the proper service centers for review and resolution? i ask because internet safty and content/admin level support and security seems to be a growing issue.
how did they ad that code? ive had errors whare this has happoned. how do you limit this?
please contact me if you have further information or if anyone reading this has information reguarding similar or situations surrounding such situations.
help us all be safer,
kj
Thanks for your help and support:
www.kasperjames.com/
My problems are solved so far
My webhost is olm.net and I am quite satisfied with them, the support is usually very quick and good. No I have not asked them to forward the ip. Where should they forward it to?
As to how this code was added, I dont know. It was added to index.php and index.cgi . This is what was added:
----------
#
#########
---------------
My host has checked the rest of my site and found no errors. I have changed my password since.
Of course I am interested in a much safer internet, but as for now I would know what to do about this.
Thanks
Me Too
My site was hacked just last night - and it was "down" all day. Two snippits of code were added. One looked like it belonged to the footer line and the other was placed way down at the bottom. The code that was added at the bottom created iframes to http: // beststat.net /in.cgi?holylol (without the spaces) and the "holylol" makes me think of something bad on the other end...
thanks everyone for putting the info on how to fix this here. It really helped a lot!
Doug Cowan
http://newideas.net
Here's more info about
Here's more info about similar issues:
http://www.mezzoblue.com/archives/2007/06/05/unsettling/
http://www.oscandy.com/hacking/454-dreamhost-hosting-platform-hacked
I wanted to post these earlier, but could find the links quickly enough.
I hope your host was able to remove the underlying vulnerability.
--
The Manual | Troubleshooting FAQ | Tips for posting | How to report a security issue.
I had this happen last
I had this happen last week.
After suspecting a compromise, and querying the ISP, the simplest explanation came down to a super-weak password (chosen by my client when they set up the hosting) and a robot coming in by FTP.
It happened twice in as many days, but after changing the password it hasn't re-occured.
No blame on the ISP or Drupal.
Blame from my client (shh) and of course blam the F***wad who set that robot loose to advertise viagra.
Actually the good thing is that the text injection was so badly done that it broke the site and we noticed immediately. Had their attempt actually worked we'd have been compromised without ever knowing.
.dan.
How to troubleshoot Drupal | http://www.coders.co.nz/
.dan. is the New Zealand Drupal Developer working on Government Web Standards