1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Strange script!

Discussion in 'HTML & Website Design' started by KasperKnop, Jul 18, 2009.

  1. #1
    I was going to make a minor update on my website when I found this strange script at the buttom of the code just after the html:
    SEMrush
    Its wierd since I havn't put it in myself and don't know where it came from. Anyone have any idea about this? Don't think its from addthis or google analytics. This is my site: www.howtomodyourwii.com
     
    KasperKnop, Jul 18, 2009 IP
    SEMrush
  2. vagrant

    vagrant Peon

    Messages:
    2,284
    Likes Received:
    181
    Best Answers:
    0
    Trophy Points:
    0
    #2
    My avast anti virus won't let me open your site due to it containing
    JS:Bulered [Trojan]
    it's some sort of java redirect thing ... could be used for cookie stuffing or redirect to install something :(


    Have a read of http://www.stopbadware.org/home/security
     
    vagrant, Jul 18, 2009 IP
  3. MervinKoops

    MervinKoops Member

    Messages:
    405
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    45
    #3
    I haven't got a clue what that means, but I'm guessing it's something that shouldn't be there. It doesn't look like normal code at all. I recommend removing it ASAP.
     
    MervinKoops, Jul 18, 2009 IP
  4. KasperKnop

    KasperKnop Peon

    Messages:
    87
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Ok it is removed now! Are you able to enter the site now without warnings? And how the h*ll did someone manage to put that piece of code in there? >.> I'll check "stopbadadware" asap ty :)
     
    KasperKnop, Jul 18, 2009 IP
  5. vagrant

    vagrant Peon

    Messages:
    2,284
    Likes Received:
    181
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Good news and bad news.

    Good news first. Yep page opens ok now without the warning :)

    Bad news, just looked at the other site in your sig file, and that has it as well :(
     
    vagrant, Jul 18, 2009 IP
  6. KasperKnop

    KasperKnop Peon

    Messages:
    87
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Damn they are linked to the same account - makes sense... THANK ALOT! Atleast they didnt change my affilliate links >.>

    ... BTW I guess it's time to change password, contact my host or something like that?
     
    KasperKnop, Jul 18, 2009 IP
  7. Rad_Dev

    Rad_Dev Peon

    Messages:
    62
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I'd would definitely change your passwords immediately. Are you using a free host for your site? Sometimes they like to add scripts to your site for ads and such but I never heard of any using a trojan.
     
    Rad_Dev, Jul 18, 2009 IP
  8. KasperKnop

    KasperKnop Peon

    Messages:
    87
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    No im not using a free host. This is a trojan? Can't be?
     
    KasperKnop, Jul 30, 2009 IP
  9. -X- Manager

    -X- Manager Greenhorn

    Messages:
    97
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    18
    #9
    LOl very big script
     
    -X- Manager, Jul 30, 2009 IP
  10. thenewnumber1

    thenewnumber1 Well-Known Member

    Messages:
    342
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    128
    Articles:
    47
    #10
    From what we saw, welll its considerable um well, gibberish.. So it could have been encrypted, but congrats on taking it off both sites.. You may want to make sure everyday that someone didnt hack you again... LOL... We as a team disagree on what the script is, but it could've been some little information stealing buggart, thats what he thinks, but I think either one of the big boy team players saying hey, thats not right, or someone that was mad at you or bored, just wanting to screw with you. Either way, its something new that we haven't seen before, I think im going to check it out and see what it does. I wonder if one of the programmers would look at this and tell us what it was.... We are going to run it through a script reader and see what it comes out to be.. LOL... Wish us luck
     
    thenewnumber1, Jul 30, 2009 IP
    KasperKnop likes this.
  11. risoknop

    risoknop Peon

    Messages:
    915
    Likes Received:
    24
    Best Answers:
    0
    Trophy Points:
    0
    #11
    It could have been injected to your website by XSS (cross site scripting). Make sure you:

    a) filter and validate all data that can be displayed on your website before inserting it into database (use filters before validation, after validation I recommend using HTML Purifier to remove all possible XSS attacks)
    b) escape all dynamic content that is rendered in XHTML documents (by htmlentities() if you are using PHP)

    Another option - less likely - is that someone got access to your ftp username/password and inserted the code to your pages manually. This shouldn't be the case unless you have very weak password such as "mypassword" etc. If that is the case, make sure to use stronger password: http://strongpasswordgenerator.com/

    Finally, after taking all these precautions, if the problem persists, contact your web hosting provider and tell them they have severe security issues on their servers and urge them to fix them asap.
     
    risoknop, Jul 30, 2009 IP
    KasperKnop likes this.
  12. KasperKnop

    KasperKnop Peon

    Messages:
    87
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #12
    Thanks alot thenewnumber1 and risoknop :)
     
    KasperKnop, Aug 12, 2009 IP
  13. linkers

    linkers Peon

    Messages:
    26
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    This is trojan hourse, worm like activity...actually your web pages are infected and it must infected your entire website...use something to remove by using online virus/worm/trojan tools, otherwise it will infect many other people.
     
    linkers, Aug 12, 2009 IP