Malicious code injection

arunmane · September 25, 2019, 2:04pm

I have found that there is some redirection code get injected on my server index.php

<script>
         setTimeout(function(){
            window.location.href = 'http://example.com';
         }, 5000);
      </script>

I have checked date and time and it was not updated. My server team inform me that your page has some vulnerability that’s why it happened.
It happened for all the domain and code get injected before end of head tag.

Does it really happened by any malware.If it true then let me know.

What are the different technique to check code vulnerability ?

astonecipher · September 25, 2019, 2:07pm

frankbeen · September 25, 2019, 8:08pm

Security is a large thing on the web so while your question is short and clear, the answer is not.

There are tools available that checks your vulnerabilities but you should learn about them.

A good start would be to filter all input and escape all output. The latter is often forgotten.

Google is your friend.

astonecipher · September 26, 2019, 1:23pm

Not sure if you were referring to my answer, or what needs to be done in general.

The injection found would not be solved by filtering and encoding input and output. That is a file change, which could have a few ways, none of which would be caught by doing either of those things.

It looks like something that routinely happens on wordpress sites and other sites on shared hosting. Was this on a wordpress site?

arunmane · October 1, 2019, 9:10am

Thanks. No it was not wordpress site but it site is on shared hosting.

arunmane · October 1, 2019, 9:14am

Thank you, I have filter all input which through error for <, >, &, | and = these input.