|
Posted by Jonathan N. Little on 01/07/08 20:49
John Clayton wrote:
>>> Looking at the source code there is some stuff in comments I never put in
>>> there.
>>> I'll remove it in next day or so, but before I do can any one please tell
>> me
>>> what it might be?
>>>
>>> Our hosting company (Netcetera) has just yesterday altered ftp access
>> codes
>>> for both sites as part of their "security review".
>>> Seems to me this one's been hacked into.
>>> Can anyone guess to what purpose please?
>>> Many thanks.
>>>
>>> The code is just after <body bgcolor= , which is now repeated - as is
>>> this
>>> "cuckoo code". this starts off "var msg=314, d=document
>>>
>>> This page is;- www.ossettmouldings.com/default.htm
>> I don't think anyone here is going to be in a hurry to open this page.
>> Looks like they've added a little javascript. Posting the offending code
>> would be better.
>> Vince
>>
>>
> Vince,
> As you say, it looks to me also like a bit of script. It reads;-
>
> <!--
> var msg=314,d=document;
> eval (unescape ('%20%77%69%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%- this
> continues for absolutely ages and concludes with ;))
> //-->
Well the first part translates "window.status='D"
> The "cookie" appears to originate from ;- tanikinata.cn
>
> I'm just wondering what it's doiong/ attempting to do?
Something *not* good. If they have to hide it there is a reason....
--
Take care,
Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
[Back to original message]
|