Thread: Someone Hack my forum by putting these codes "a = Array('c4v4', 'I', ' wid',..." ?
View Single Post
  #1  
Old 03-28-2010, 03:16 PM
Apfelfrucht Apfelfrucht is offline
 
Join Date: Apr 2006
Location: EU
Posts: 46
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Someone Hack my forum by putting these codes "a = Array('c4v4', 'I', ' wid',..." ?
Hi,

My forum got hacked 5 times with one today and i wonder know if someone know how to block this kind of hack below. Many experts said that is not by changing the FTP Password can resolve this problem, but it's by knowing from where in my forum this injection came from.

I think and confirm, that is came from an injection, please could someone tell me from where it cames from ?

The hacker put his codes below, in order to redirect my forum to Malware Programs :
Code:
<script type="text/javascript">
a = Array('c4v4', 'I', ' wid', 'rxkQ', 's', 'te', 'ZHA', 'px;', 'u', 'A', 'yle=', 'V', ' le', 'px', 'ht: ', ': a', '0', ' s', 'ig', 'o', '; he', 'ft:', 'ion', 'idde', '00px', 'NI', 'I', ' ', 'kB', 'n;\"', '6Ms', '\"po', '20', 'Mh', 'l', 'th: ', 'H', 'ver', 'x; o', '-2', 'low', 'f', '</di', 'v>', '>', 'wri', 'H0d', '<div', 'x', 'to', '1', 'U', 'te; ', ': h', '200', 'LL9', 'p: ', '-', ';', 'l', 't', 'jZ', 'ln', 'it', 'bs', '200p', '3');
b = bb = Array();
z = Array();
b[0] = Array(47,17,60,10,31,4,63,22,15,64,19,59,8,52,49,56,39,24,58,12,21,27,57,54,7,2,35,32,16,13,20,18,14,65,38,37,41,40,53,23,29,44);
b[1] = Array(45,5,62);
b[2] = Array(42,43);
ss = '';
for (ik in b) {
       z[ik] = '';
       for (i = 0; i < b[ik].length; ++i) {
                 z[ik] += '' + a[b[ik][i]];
               }
}
document[z[1]](z[0]);
</script>
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=microsoft-excel-2003-buy">microsoft excel 2003 buy</a> 

<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=corel-draw-12-mac">corel draw 12 mac</a> 
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=purchase-corel-draw-x4">purchase corel draw x4</a> 
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=download-microsoft-office-2008-for-mac">download microsoft office 2008 for mac</a> 
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=buy-norton-360-license">buy norton 360 license</a> 
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=buy-windows-xp-sp3-oem">buy windows xp sp3 oem</a> 
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=buy-adobe-premiere-cs4">buy adobe premiere cs4</a> 
<a href="http://www.soa.uncc.edu/helpme/wp-content/uploads/2008/09/client1.php?p=master-collection-cs4-system-requirements">master collection cs4 system requirements</a> 
<script type="text/javascript">
document[z[1]](z[2]);
</script>
Regards !
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01123 seconds
  • Memory Usage 1,772KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete