Hack in all index.html and index.php with a script

[Melbezos]

Hi, I detected some problems in my pages and I see that all of them has a script into the index.html and index.php, and I did not write it. Opera and Firefox no problem, but IE asked mi about install an activeX control. Do you know about that?

From now, I will renew my passwords and make not writable this files to 404.

Thanks in advance

Here the (malicius?) script code:

(malware code removed)

[tvcrazyman]

I'm having the same problem. I translated the code with a binary translator that was on my site and it says

(malware code removed)

binary translator http://home2.paulschou.net/tools/xlate/

Now if I can just figure out if this info is useful or not

[Melbezos]

I try to access to http: // zctk. ru / liwe , and my kaspersky antivirus detected the Trojan-Downloader.JS.LuckySploit.l., and this script do an iframe of this page.

So, is it our problem or is a bluehost security problem?

[Early Out]

You are responsible for maintaining the security of your website. Bluehost's servers have not been hacked - your stuff has been hacked. BH lets you run pretty much any script you want, secure or not. If it's not secure, and you get hacked, you have to fix it.

[Melbezos]

Excuse me by my doubt, thanks for yor atencion, this is a usefull forum.

[Melbezos]

Ups, I changed my pass and run my antivirus and clean my index.xxx, and now they are infected another time. So, do I need change all permisions of my files and directories to 404?
From now, I did it in one of them, and this one is clean.
I saw in the forum other posts like mine.

[Early Out]

This means that you are still running a script of some sort that has security holes in it. Until you take care of that problem, you will keep getting reinfected.

[nirz]

Your site has probably been hacked by the gumblar.cn script. I posted 2 posts on this last night. 1 of the posts have been deleted, the other has been closed by the moderators and the replies in it have been deleted!

BH is not being very open and friendly about this. I just want them to check the servers-maybe run an anti virus software. They claim very few of the sites here get hacked, but google says quite different.

Read this link:
http://safebrowsing.clients.google.c...&site=AS:11798

This was reported by google last night.

[Early Out]

Enough, already. It's been explained, repeatedly, that you are responsible for ensuring that the scripts you're running are not open to being exploited. It's not up to BH to do this - they let you run pretty much whatever scripts you want. It's not up to BH to clean up the mess that results when you run swiss-cheese scripts.

BH and HM, together, are hosting over 1.5 million domains. The fact that 1141 of them have managed to pick up some sort of malware is hardly an indication that there's a problem with BH's servers. We're talking 0.08%. I wonder how many of them are, in fact, running the same insecure scripts (or plugins/addons).

Pissing and moaning about it in here is not going to solve the problem. The only one who can make your sites secure is you.