The / Hack and how to get rid of it

- by

Saturday morning a couple of my sites were hacked by something I’ve not found a lot of info about. I’ll call it The Drunkjeans Hack. I’ve also found this being inserted from other domains (see below).

Some idiot has inserted a piece of code into the main index.php file that looks like this:


If you enjoy my content, please consider supporting me on Ko-fi. In return you can browse this whole site witout any pesky ads! More details here.

43 thoughts on “The / Hack and how to get rid of it”

  1. we got it pretty bad

    Search ".ru" (4255 hits in 1298 files)
    not all of them are the address but most are

  2. Same here. They “hacked” our website i think through ftp and installed the above code. The url of the javascript doesn’t exist and the funny thing is that google got it just before i could do something. (i found it straight away)

    Now i changed ftp password and changed also the infected files. (mostly .js files) and just one php file.

    They dont hack your FTP or server directly (might be, but smaller chance).
    They infect the machine (probably with a .sys driver (try out bitdefender addon for FF)) that you used to upload your sites files to your webspace.
    If u stored your FTP credentials on it … they connect to your webspace and alter the the index and js files.
    So beware, changing FTP PW is only working until you log on to your space again if u dont clean your machine first !!!

  4. we got ( infected our blog most of them on .js files.
    sorry for your loss bro, [Search “.ru” (4255 hits in 1298 files)] its really a big deal. you should clean your PC first.

Add your voice!

This site uses Akismet to reduce spam. Learn how your comment data is processed.