Strange script!

I was going to make a minor update on my website when I found this strange script at the buttom of the code just after the html:

Its wierd since I havn't put it in myself and don't know where it came from. Anyone have any idea about this? Don't think its from addthis or google analytics. This is my site: www.howtomodyourwii.com

 

My avast anti virus won't let me open your site due to it containing
JS:Bulered [Trojan]
it's some sort of java redirect thing ... could be used for cookie stuffing or redirect to install something


Have a read of http://www.stopbadware.org/home/security

 

I haven't got a clue what that means, but I'm guessing it's something that shouldn't be there. It doesn't look like normal code at all. I recommend removing it ASAP.

 

Ok it is removed now! Are you able to enter the site now without warnings? And how the h*ll did someone manage to put that piece of code in there? >.> I'll check "stopbadadware" asap ty

 

Good news and bad news.

Good news first. Yep page opens ok now without the warning

Bad news, just looked at the other site in your sig file, and that has it as well

 

Damn they are linked to the same account - makes sense... THANK ALOT! Atleast they didnt change my affilliate links >.>

... BTW I guess it's time to change password, contact my host or something like that?

 

I'd would definitely change your passwords immediately. Are you using a free host for your site? Sometimes they like to add scripts to your site for ads and such but I never heard of any using a trojan.

 

No im not using a free host. This is a trojan? Can't be?

 

LOl very big script

 

From what we saw, welll its considerable um well, gibberish.. So it could have been encrypted, but congrats on taking it off both sites.. You may want to make sure everyday that someone didnt hack you again... LOL... We as a team disagree on what the script is, but it could've been some little information stealing buggart, thats what he thinks, but I think either one of the big boy team players saying hey, thats not right, or someone that was mad at you or bored, just wanting to screw with you. Either way, its something new that we haven't seen before, I think im going to check it out and see what it does. I wonder if one of the programmers would look at this and tell us what it was.... We are going to run it through a script reader and see what it comes out to be.. LOL... Wish us luck

 

It could have been injected to your website by XSS (cross site scripting). Make sure you:

a) filter and validate all data that can be displayed on your website before inserting it into database (use filters before validation, after validation I recommend using HTML Purifier to remove all possible XSS attacks)
b) escape all dynamic content that is rendered in XHTML documents (by htmlentities() if you are using PHP)

Another option - less likely - is that someone got access to your ftp username/password and inserted the code to your pages manually. This shouldn't be the case unless you have very weak password such as "mypassword" etc. If that is the case, make sure to use stronger password: http://strongpasswordgenerator.com/

Finally, after taking all these precautions, if the problem persists, contact your web hosting provider and tell them they have severe security issues on their servers and urge them to fix them asap.

 

Thanks alot thenewnumber1 and risoknop

 

This is trojan hourse, worm like activity...actually your web pages are infected and it must infected your entire website...use something to remove by using online virus/worm/trojan tools, otherwise it will infect many other people.