Malicious script (cgi35.plala.or.jp/BTO/) is constantly being injected in site

[alenavesna]

<script src=hxxp://cgi35.plala.or.jp/BTO/data/entry/css.js></script>

The script above is constantly being injected in my website. I am still puzzled how, but seems to be an SQL Injection.

http://google.com/safebrowsing/diagnostic?site=cgi35.plala.or.jp/bto/&hl=en-us - you can check here Google confirmation about this script and how many site it infected!

Some is injecting this script into my database tables. That person also installs (still no sure how, but probably through vulnerability) phpSPY, although then deletes it after script installation.

- Please - any recommenations?
- Any ideas about what the script does?
- Can Avast find it and "cure" it?
- Any knowledge about phpSPY?

Many thanks.

 

[Jtaylor83]

Can you remove the script?

[alenavesna]

Every time I manually remove it from my database tables - I am getting an attack again. This is happening since February 14 (when Symantec also had SQL injection attack). Someone is doing it to my site on a daily basis. 

I would really like to get more help on this issue.

Thanks!

[DavidR]

You need to speak to your site HOST as php or sql injection is something that they should be aware of and taking steps to prevent it. As far as PHP goes older versions of the software have vulnerabilities which are being exploited.

Change your site passwords to something a little stronger to see if that helps and seek help from your HOST provider, ensuring they have the latest versions of PHP/SQL, etc...

Obviously once exploited your site would become a soft target, so at the very least you need strong passwords and change the chmod permissions for pages so they aren't able to modified by other than the owner.