My websites have been assaulted by a script kiddy very successfully. On a automated

Question

0

Asked: May 23, 20262026-05-23T04:54:18+00:00 2026-05-23T04:54:18+00:00

My websites have been assaulted by a script kiddy very successfully. On a automated

0

My websites have been assaulted by a script kiddy very successfully. On a automated basis, a hidden script is accessed on my server that causes a modification of all my index.php files, and adds an iframe to the top of them (base 64 encoded).

I’m having trouble getting my hosting provider to help, as they say they are rather helpless in this matter.

I suspect that If I can determine which scripts are making use of php’s fopen function then I will be able to discover the location of the master tamper script and remove it.

Any advice?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T04:54:19+00:00

Editorial Team

2026-05-23T04:54:19+00:00Added an answer on May 23, 2026 at 4:54 am

Use find to find all of the PHP scripts and then grep for fopen. If you don’t have shell access, download the whole directory with the scripts and do it on your machine.

find /base/dir/with/your/scripts -name '*.php' | xargs grep 'fopen'

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

My websites have been assaulted by a script kiddy very successfully. On a automated

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply