I've seen my site with those headers appended as well. and when I checked community forum, I also saw that, and now it displays PHP (since this forum is made thru PHP). please refer to the pictures. http://3.bp.blogspot.com/_e9QOpJsVmgQ/S_pyQRX1GDI/AAAAAAAAAXM/4ShWIDMHP0s/s1600/Winhosthacked2.jpg http://3.bp.blogspot.com/_e9QOpJsVmgQ/S_pxqyk7WwI/AAAAAAAAAXE/Jla3CyPMJWc/s1600/Winhosthacked.jpg My site also display the IFRAME and the headers exposed.
I suggest you open a ticket to the support department about this. They should be able to help you out a little more. At the same time, from what I have seen, rarely is the server ever compromised. In fact it is the persons personal computer that is often compromised. They often download a virus or a trojan program that compromises the security of their account. What you should do is to perform a full and thorough virus check on your computer and any computer that connects to the server and passes an account login and password. Once you have cleaned up your computer with all infected files, log into your control panel and update/reset all the passwords to your account.
Well we can pretty much say "never" for Winhost but I am reluctant to say it about other shared hosting services.
Oh, for sure. I know for a fact that some other (large) shared hosts have been compromised. Sometimes to a pretty severe degree. But the customer site hacks that we see are never done on a server level. Always on an account level, and as Ray said, usually because the user's passwords have been compromised.
A website I host with Winhost was also hacked on the 23rd or 24 th may. Nothing Malicious from what I can see just links put in the html of a few pages. The links were the same colour as the background. Any ideas??
For this I suggest you open a ticket to our support department. Try to rename the file. As an example index.html to index.old. Open the ticket and explain in detail what happened, the estimated time and date it may have occurred, and the name of the file and its path.
You also need to tighten up your local security and get rid of any viruses or malware on your local computer(s). 99% of the time that is the source of a site "hack." The other 1% of the time it is an exploit on the site itself; weak security, SQL injection, etc. Since you mentioned html pages you can probably rule out SQL injection and assume that someone is gleaning login information from your computer.
I've done a lot of posts today as i came to an impass in my programming, better let this one be the last but thought I ought to comment. Did the guys at Winhost panick? the title is 'Winhost server hacked?' nope, no panic, they are quite sure of their programming prowess and the security of Winhost, they know that Winhost has not been hacked, they obviously know what they're doing which makes me as a customer feel yet more secure in my choosing of Winhost. hackers 0 Winhost 1 P.S can I get a years free subscription for all my positive posts? hehe ;-) ian
I'm unfamiliar with the code shown in your images, but developers concerned about security for their sites should spend some time investigating some of the more common methods of compromising a site (other than just gaining hosting access by stealing/discovering your password). Interested developers should read up on: Code injection via form input (http://en.wikipedia.org/wiki/Code_injection) Session Hijacking (http://en.wikipedia.org/wiki/Session_hijacking) Clickjacking (http://en.wikipedia.org/wiki/Clickjacking) Cross-site scripting (http://en.wikipedia.org/wiki/Cross-site_scripting) It would be lengthy and beyond the scope of this thread to discuss solutions for protecting against these attacks, and the method of protection is dependent on your languages and technologies you are using to build your site, but it's important to be aware of these issues so you develop secure and trustworthy content for your users.