hey i site have be hacked with eval(base64_decode(

Why? Oh Why? You do not using m-walker? http://www.magic-net.nl/m-walker.php

 

Before anyone downloads that "m-walker" , make sure it is clean. You can get a worse
infection at times from things that are advertised as "fixes".

No offense to the poster, but this file is an "unknown player" at the moment.

 

What are you talking about? Are you blind? Wat you want do download? Where?

Please read first!

 

Read what ? Your site ? To answer that stupid question; "no".

Why so defensive ? According to your post HERE

...that is your creation. You say : "M-Walker is a scheduled task". What schedules it if
not software ?

A full thirty percent of "anti-malware" is actually malware.

Where are some ( believable ) reviews of your product ? You have questions, I do too.

 

Ok, sorry for my bad english, software, software at my server. Internet Explorer and some other tools that can sniff internet traffic.
All active connections are put in a log file and then be searched or IP addresses in malware ip databases appear. Than you just receive a email with result.
I'm do not need to decode difficult scripts, everything does IE. If IE was connected with bad IP you receive email with warning.
I walk into danger himself to get a virus and not offer others peoples to download something.
You can not download m-walker!

Only one link at my site offer people to download something. And this is an add-on for Firefox.

 

Okay, no problem.

Do you have some reviews for your service/software ? If it is good, you could use an affiliate program. It would help you and help those who are suffering because of the bad guys and eventually end up getting rid of the problem, hopefully.

 

Here's a neat idea. grep your logs, if your not on a vps or dedicated server forget it, and see exactly how these are being adding to your files. I've seen these infections coming from foreign IPs compared to the user who is 'hacked' and is auth'ing with the username and password, and the other was an insecurity in TinyMCE.

Everyone comes on to this forum to complain about these infections and no one has hard evidence proving their theory on how it happened, and others just want it fixed. When people begin to actually have root access to a server, then they can begin showing evidence of this and a solution can then be proposed. Look into SuHosin. It doesn't catch them all, but it will catch alot.

 

If it is Godaddy related, then you should use the solution that is found on sucuri.net. Make a cronjob and let it run every our to search for the eval(base64 and let it remove. Should remove it for now until Godaddy fix there server problemens.

 

this is a good way, its the dodaddy problem i think beause i have many other ftps at my pc only the godaddy have problem

 

who know is there a way to disable ob_start() i think this can fix this problem

 

I don't think disabling output buffering would help any.

 

site hacked with eval(base64_decode( ....

i explain all details there, have a look you will understand

 

Good work. I hope more people read your site, and help get rid of this nuisance.

 

Yep a Godaddy problem, Every1 needs to email them and let them know its THERE fault and not OURS

 

You should first change your password and then scan all the computers you are using to login into your sites FTP. There is no need to blame the host, I think.

 

this the problem happen there is better but if can get rid of the hack source thats cool

 

Hmmm... I am looking at that statement two different ways; You can do it on your hosting account or you can go after the hackers.

 

i HAVE FACE THIS PROBLEM 3 TIMES LAST MONTH.IF YOU ARE USING ANY THIRD PARTY PHP CODE LIKE PLUGINS MINIFY JS AND CSS THEN REMOVE IT.

 

I could be wrong, put if there inserting that code then surly its a permissions problem? I don't know about the hosts themselves as not used them be we had a problem with a iframe injection, where, in a simular case to this random code was inserted into the PHP files. Turned out the file permissions were wrong. Maybe locking them down to 644 might solve the problem.

 

from that malicious script, it try to connect to hxxp://kdjkfjskdfjlskdjf.com/kp.php which is of course a malicious site.

For more information, maybe you can read this:

http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html
http://wordpress.org/support/topic/394255

Or try googling it with keyword "kdjkfjskdfjlskdjf.com/kp.php", and you will find many way how to resolve it.