Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
Am new here. I am running a Windows IIs server and i have been getting some script code added to the end of each html page on all domains i am running. Most of the time the code is the same. I was running phpbb forums and suspect the virus came from there but not sure. I contacted the support forum for phpbb community and they said they would look into the security part of the code but never a response from them. So i deleted the databases for those forums and ftp'd the pages on all sites again only to find after a week all domains and pages are infected again. Below is the script code i am finding. I changed the script tag just in case <>
Any help would be appreciated.
<!--[Q]--><*iadded this so it will not function>document.write(unescape("%3Cscript%3Eif%28rqX%21
%7Dvar%20rqX%3D1%3C/script%3E"))</i added this so it will not function><!--[/Q]-->
[edited by: encyclo at 8:23 pm (utc) on Oct. 14, 2007]
[edit reason] fixed side-scroll and obfuscated exploit code [/edit]