By ratnesh aarohi on
The body of many many nodes seemed to have been appended with a whole lot of content by a hacker The content is appended with the html tag
<div style="display: none;">
which has lead to this content being there while not visible when the node is displayed.
This content is being appended to even new nodes being created! - as if some script is running.
How do i stop this?
Here is the content being added
<div style="display: none;"><!--651562766--><br />
<a href="http://konvalinka.org/moodle/calendar/set.php/?khqn=0">of jewish dating</a><!--72217019--><br />
<a href="http://learn.goarch.org/moodle/calendar/set.php/?ubki=7">dating free</a><!--359006446--><br />
<a href="http://www.scorepp.eu/index.php/?page-info=14">girl for dating</a><!--827755692--><br />
<a href="http://fp.watertown.k12.wi.us/?free=10">japanese dating sites</a><!--120845275--><br />
<a href="http://dfhaskell.com/gallery/main.php/?dvxv=15">dating non christian</a><!--775357118--><br />
<a href="http://elearningneeds.com/index.php/?hpxy=10">kid dating chat</a><!--596011889--><br />
<a href="http://designsbylizhenley.ladyaleta.com/odscareer/index.php/?duor=2">dating marriage statistics</a><!--159759712--><br />
<a href="http://lnx.learnholistically.it/moodle1_8/calendar/set.php?kjob=3">dating fat</a><!--888697206--><br />
<a href="http://ept4.sgu.ac.jp/index.php/?mwiw=12">dating+</a><!--151385742--><br />
<a href="http://exduceretec.com/moodle/index.php?zzkl=17">ask dating</a><!--931066209--><br />
<a href="http://www.ahefner.com/moodle/?jtky=2">dating</a><!--394565374--><br />
<a href="http://www.mra-acup.net/learn/calendar/view.php/?ujth=17">vidya balan dating</a><!--621004605--><br />
<a href="http://www.starkengenharia.com.br/velociraptor/veiculo.php?get-item=1">dating boyfriend girlfriend</a><!--635265184--><br />
<a href="http://softtester.org/drupal4work/biblio/author/Özcan?advise-id=6">dating map</a><!--709444248--><br />
<a href="http://omnitechca.com/joomla/index.php/?kyrm=12">free black dating</a><!--560506436--><br />
<a href="http://www.iesvila-seca.cat/moodle/moodle/course/info.php/?kzla=2">dating new site</a><!--320592289--><br />
<a href="http://www.design-principles.org/moodle/help.php/?page-about=11">dating bureau</a><!--102678446--><br />
<a href="http://www.netwider.it/rosa20/mod/resource/view.php?iail=16">top dating agency</a><!--589259978--><br />
<a href="http://m1university.com/index.php/?uvtj=6">blucas dating</a><!--779184470--><br />
<a href="http://www.sintresis.it/lsgramsci/moodle/calendar/set.php/?hauz=13">dating</a><!--1139299--><br />
<a href="http://www.boltontlc.org.uk/?free=7">personals</a><!--144730412--><br />
<a href="http://www.marzconsulting.com/training/calendar/set.php/?item-page=10">kristin cavallari dating</a><!--119636836--><br />
<a href="http://www.muratkoylu.com/interactive/calendar/set.php/?ivxw=18">chat n dating</a><!--379362216--><br />
<a href="http://kmseltc.eduplus2u.com/calendar/set.php?lhel=3">gaymen dating</a><!--797431519--><br />
<a href="http://elearning-erkunden.de/?pbav=13">dating the</a><!--411122564--><br />
<a href="http://www.can-it.eu/index.php/?advise=12">friends dating reunited</a><!--155477773--><br />
<a href="http://www.quickandeasytoolkit.com/members/help.php/?nkla=9">slovenian dating</a><!--403305020--><br />
<a href="http://math-ed.com/talk2me/mod/forum/index.php/?zfgt=19">asian dating advice</a><!--165196271--><br />
<a href="http://moodle.educarchile.cl/moodle/theme/standard/styles.php/?huld=10">deadhead dating</a><!--10103480--><br />
<a href="http://moodle.fyhrie.com/user/view.php/?uipl=19">dating sie</a><!--1324147--><br />
<a href="http://39.subnet216.astinet.telkom.net.id/index.php/?pq=9">singles online dating</a><!--327827221--><br />
<a href="http://www.meeting.cl/index.php/?page-id=13">free dating sites only</a><!--301513538--><br />
<a href="http://www.openfireacademy.org/home/calendar/set.php?get-help=18">affair</a><!--188092933--><br />
<a href="http://www.fad.ideasolidale.org/calendar/view.php/?page-info=4">dating vietnamese women</a><!--483099684--><br />
<a href="http://ontimepay.co.cc/moodle/calendar/view.php/?nigb=13">olbermann dating</a><!--736132973--><br />
<a href="http://science.jext.us/calendar/set.php/?jygh=0">dating in southport</a><!--284619528--><br />
<a href="http://sanmartinbaq.edu.co/index.php/?info-id=13">single match dating</a><!--659543314--><br />
<a href="http://lnx.funteaching.it/moodle/calendar/view.php?isij=11">web dating site</a><!--590280063--><br />
<a href="http://comes.umy.ac.id/calendar/view.php/?pq=0">vin diesel dating</a><!--666444736--><br />
<a href="http://vc.clt-interactive.com/calendar/set.php/?get-info=13">love dating tips</a><!--456544011--><br />
<a href="http://snabblan.info/calendar/view.php/?cash=7">dating com</a><!--539609282--><br />
<a href="http://conf.emacs.uni.lu/?cujr=19">emo dating site</a><!--882463145--><br />
<a href="http://www.rau.ro/elearning/login/index.php?get-help=5">professionals dating</a><!--88858877--><br />
<a href="http://lwc.oresoft.com/moodle/index.php/?jvbf=9">fishel dating</a><!--544727162--><br />
<a href="http://moodle.tg.fh-giessen.de/calendar/set.php/?page-about=16">pua online dating</a><!--646514716--><br />
<a href="http://lab.n-fukushi.ac.jp/ka/calendar/set.php/?ezlt=6">zac efron dating</a><!--709028144--><br />
<a href="http://welchsworld.com/theme/chameleon/styles.php/?entt=2">gigandet dating</a><!--275698324--><br />
<a href="http://www.km.fgg.uni-lj.si/moodle/calendar/set.php/?cwqw=2">dating internet</a><!--846472399--><br />
<a href="http://www.labenglish.com/practice/calendar/overlib.cfg.php/?sfia=2">nepali dating</a><!--402503200--><br />
<a href="http://www.sawhitehouse.com/moodle/calendar/set.php/?ptwq=0">dating solutions</a><!--492311606--><br />
<a href="http://www.itlcmp.org/help.php/?fyry=17">lady for dating</a><!--20468925--><br />
<a href="http://distance.eled.duth.gr/lex/pages/show.php?srux=2">dating durban</a><!--383504085--><br />
<a href="http://techbasv.com/joomlamain/index.php/?take=17">dating chat room</a><!--152432531--><br />
<a href="http://myclassrooms.org/index.php/?waen=2">rate online dating</a><!--175879832--><br />
<a href="http://elearning.olaservices.com/calendar/set.php/?eknz=3">dating franco</a><!--414897408--><br />
<a href="http://asofono.org/index.php/?info-about=16">together dating service</a><!--588947753--><br />
<a href="http://lib.wru.edu.vn/index.php?show-page=14">filipina dating</a><!--517225254--><br />
<a href="http://sales-certification.com/?gddd=12">dating ottawa canada</a><!--338517747--><br />
<a href="http://research.yorkcentral.org/moodle/course/?qnqo=12">dating</a><!--498985056--><br />
<a href="http://konation.dk/moodle/calendar/set.php/?nxzm=2">christian dating match</a><!--941746996--><br />
<a href="http://moodle.gianini.biz/login/index.php/?ihmb=6">american dating services</a><!--809321510--><br />
<a href="http://www.elo.venema-croese.com/calendar/view.php?take=14">polish girl dating</a><!--61286449--><br />
<a href="http://www.buesd.k12.ca.us/joomla/index.php/?info-about=4">sugar mummy dating</a><!--123808958--><br />
<a href="http://www.lightlearnpro.net/moodle/help.php/?cxmf=18">dating idaho jewish</a><!--232166710--><br />
<a href="http://moodle.campbell.kyschools.us/course/category.php/?wlwd=5">russian dating girls</a><!--753423492--><br />
<a href="http://www.medienzentrum-oberhausen.de/moodle/mod/forum/user.php/?show-id=6">attractive dating</a><!--128851899--><br />
<a href="http://moodle.crea-mt.org.br/moodle/calendar/set.php/?mcym=8">dating directory free</a><!--954407846--><br />
<a href="http://www.st-catherines.bolton.sch.uk/?free=19">deangelo dating</a><!--512871491--><br />
<a href="http://maimonidesu.org/classes/index.php/?mbux=5">dating northampton</a><!--198493961--><br />
<a href="http://www.liceoeuropeo.it/didattica/calendar/view.php/?unlo=18">dating cacee</a><!--478051047--><br />
<a href="http://www.ursuccess.com/webcal/day.php/?best=8">www dating tubely</a><!--439380992--><br />
<a href="http://iaesmevr.org/e107_plugins/calendar_menu/event.php/?show-info=18">100free dating</a><!--664734404--><br />
<a href="http://www.clueb.eu/riviste/help.php?best=5">dating looking</a><!--12802916--><br />
<a href="http://www.monamour.gr/monamourgr/public_html/getsnap.php/?item-id=7">dating online india</a><!--452687535--><br />
<a href="http://kingdomservant.org/?jfxt=8">tootoo dating</a><!--314056121--><br />
<a href="http://www.vancestevens.com/moodle/calendar/set.php/?show-id=16">matchmakers dating</a><!--871716390--><br />
<a href="http://designsbylizhenley.com/odscareer/index.php/?duor=16">dating handbook</a><!--302019010--><br />
<a href="http://lnx.scuolainrete.com/fad/index.php/?jbxq=10">asian women dating</a><!--833007015--><br />
<a href="http://unistreet.adasemua.biz/index.php/?kbpj=5">real dating sites</a><!--883974448--><br />
<a href="http://www.kiwad.com/chassespleen/spip.php/?get-id=19">singapore dating girls</a><!--165796732--><br />
<a href="http://sovereign-power.com/spmoodle/course/?reju=19">dating the woman</a><!--296792488--><br />
<a href="http://moodle.indianaceltic.org/mod/resource/view.php/?iihk=12">dating tip</a><!--660822252--><br />
<a href="http://218.1.117.143/moodle/index.php/?jqtj=0">sexless dating</a><!--26230913--><br />
<a href="http://203.172.176.75/?pq=6">fifth wheel dating</a><!--622296437--><br />
<a href="http://benjaminacademy.com/moodle/theme/standard/styles.php?kslx=10">polish dating com</a><!--444356014--><br />
<a href="http://ofs03065.asclafad.net/fad/help.php/?jpzh=14">to dating russian</a><!--508127390--><br />
<a href="http://deannamayers.net/mark/images/cloudy.gif/?afew=18">dating christchurch</a><!--437841129--><br />
<a href="http://www.johnw.idv.tw/ical/modules/vitapage/index.php/?show-page=2">dating websites usa</a><!--557436336--><br />
<a href="http://www.languagekey.com/index.php/image/claritylogo.jpg/html/html/html/writing-coach.html/?item-page=12">lil wayne dating</a><!--82556791--><br />
<a href="http://www.imat.maschinenbau.uni-kassel.de/ls/calendar/set.php/?advise-id=19">dating</a><!--268572076--><br />
<a href="http://wccftp.com/moodle/index.php/?vxvr=8">mallu</a><!--910146852--><br />
<a href="http://kahveci.boun.edu.tr/courses/mod/forum/user.php/?easy=14">dating services in canada</a><!--228141860--><br />
<a href="http://www.images-transformed.co.uk/?fecw=14">americas internet dating</a><!--404144053--><br />
<a href="http://www.biotgen.com/virtual/calendar/set.php/?show-info=9">iranian dating site</a><!--951321866--><br />
<a href="http://onlearn.biz/moodle/calendar/set.php/?free=3">dating</a><!--235205397--><br />
<a href="http://moodle.ncisc.org/calendar/view.php/?fyry=1">dubai dating girls</a><!--706885995--><br />
<a href="http://learnet.abiva.net/theme/ino-1/styles.php/?klvj=9">lds dating online</a><!--931522556--><br />
<a href="http://www.winghamps.webskewl.com/theme/standard/styles.php/?msve=16">herpes dating vancouver</a><!--872193983--><br />
<a href="http://esp.e-ucad.sn/fad/user/view.php/?solution=3">kiwi dating</a><!--884960704--><br />
<a href="http://roubawebsite.com/eslonmoodle/calendar/set.php/?voud=12">dating sligo</a></div>
Here is the content being added
Comments
now getting error when i visit my website
Further to problem reported earlier - now the follwing error appears at the top of each webpage
QUOTE
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 995
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 596
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 597
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 598
Warning: Cannot modify header information - headers already sent by (output started at /home/genie/public_html/index.php:2) in /home/genie/public_html/includes/bootstrap.inc on line 599
); ?> ); ?>
Try a different computer?
Try a different computer?
Looks like someone has had
Looks like someone has had file access permission to your system. I'd instantly change your root password using a secure channel (using SSH - putty etc).
Out of interest, what is in your index.php file? Wrap the code in < code > < / code > tags (without the spaces)
Alan Davison
Doesn't look like a Drupal
Doesn't look like a Drupal thing, found a couple other sites with this hack. One was custom PHP
Make sure that your password is at least 8 characters long, containing numbers and special characters (#$% etc) and mixed case letters
Alan Davison
reinstalled
Well i couldnt finally figure out what was wrong - but my site hosts told that they had found and worm and removed it. How the worm found its way - is to my dismay not known - and people from hosting service say that it is very difficult to find out.
Anyway my databases were safe - so all i did was reinstalled drupal latest version (6.10) as a fresh installed - copied back my files etc and reset the theme and the site was back again.
Yes i have changed my passwords to complex ones.
thanks for allt he help.
I will just say great
I will just say great information you share with us. I also have a blog Nice post about House Windows and thanks for sharing nice information.