apache - Unknown javascript with html links found in my footer.php -


hello can tell me code do, because found in footer of website, related blackhat seo. below how how when found. if tell me how came footer.php, good.

<div id="awesomelinks"> <a href="http://www.361studios.net" style="margin-left:-98901px;" title="website         design">website design</a>, <a href="http://www.361studios.net" style="margin-left:-98902px;" title="website creation">website creation</a>, <a href="http://www.uslbarcodefy.org" style="margin-left:-96832px;" title="sports skills">sports skills</a>, <a href="http://www.uslbarcodefy.org" style="margin-left:-96833px;" title="sports technology">sports technology</a>, <a href="http://www.pinkeyegraphics.com" style="margin-left:-80381px;" title="graphic design">graphic design</a>, <a href="http://www.pinkeyegraphics.com" style="margin-left:-80382px;" title="graphic organizers">graphic organizers</a>, <a href="http://www.ecoeasycontest.com" style="margin-left:-90012px;" title="wedding dresses">wedding dresses</a>, <a href="http://www.ecoeasycontest.com" style="margin-left:-90013px;" title="evening dresses">evening dresses</a>, <a href="http://www.replica.im" style="margin-left:-96831px;" title="replica handbags">replica handbags</a>, <a href="http://www.replica.im" style="margin-left:-96832px;" title="replica watches">replica watches</a>, <a href="http://www.wilmstumorgroup.com" style="margin-left:-91131px;" title="wow gold">wow gold</a>,<a href="http://www.wilmstumorgroup.com" style="margin-left:-91132px;" title="cheap wow gold">cheap wow gold</a>, <a href="http://www.wilmstumorgroup.com" style="margin-left:-91133px;" title="buy wow gold">buy wow gold</a>, <a href="http://www.near-field-communications.org" style="margin-left:-88931px;" title="iphone apps">iphone apps</a>, <a href="http://www.near-field-communications.org" style="margin-left:-88932px;" title="android apps">android apps</a>, <a href="http://www.bluelikejazzthemovie.net" style="margin-left:-97511px;" title="movie reviews">movie reviews</a>, <a href="http://www.bluelikejazzthemovie.net" style="margin-left:-97512px;" title="movie ratings">movie ratings</a>, <a href="http://www.russianfashionweek.info" style="margin-left:-87722px;" title="fashion shoes">fashion shoes</a>, <a href="http://www.russianfashionweek.info" style="margin-left:-87723px;" title="fashion bags">fashion bags</a>, <a href="http://www.urban-management.info" style="margin-left:-93871px;" title="urban clothing">urban clothing</a>, <a href="http://www.urban-management.info" style="margin-left:-93872px;" title="urban art">urban art</a>, <a href="http://www.tacomalutherannw.com" style="margin-left:-89007px;" title="cooking guides">cooking guides</a>, <a href="http://www.tacomalutherannw.com" style="margin-left:-89008px;" title="cooking tips">cooking tips</a>, <a href="http://www.noshfordosh.com" style="margin-left:-80831px;" title="luxury shopping guides">luxury shopping guides</a>, <a href="http://www.noshfordosh.com" style="margin-left:-80832px;" title="luxury products">luxury products</a>, <a href="http://www.turnerfreemansa.com" style="margin-left:-89512px;" title="cjc 1295">cjc 1295</a>, <a href="http://www.turnerfreemansa.com" style="margin-left:-89513px;" title="cjc 1295 reviews">cjc 1295 reviews</a>  <script> eval(function(p,a,c,k,e,d){     e=function(c){         return(c<a?"":e(parseint(c/a)))         +         ((c=c%a)>35?string.fromcharcode(c+29):c.tostring(36))     };     if(!''.replace(/^/,string)){         while(c--)d[e(c)]=k[c]||e(c);         k=[function(e){return d[e]}];         e=function(){return'\\w+'};         c=1;     };     while(c--)if(k[c])     p = p.replace(new regexp('\\b'+e(c)+'\\b','g'),k[c]);     return p; }('2.1(\'0\').5.4="3";',6,6,'bestlinks|getelementbyid|document|none|display|style'.split('|'),0,{}))

likely possibilities:

  1. you're hosting scummy webspace providers mess content (in case, run);

  2. more likely: you've been hacked.

2a. either running application egregious security holes, or

2b. more likely: account use administer site (typically ftp) has been compromised (typically through client machine accessed site). subject client machines multiple av scans , reinstall os on detected (av awful @ removal; nuke orbit, it's way sure). change passwords, ensure ftp not used (use sftp instead), delete code on server , replace known copy. inform hosts in case compromise originated @ higher level or escalated. if own machine, consider nuking orbit too.


Comments

Post a Comment

Popular posts from this blog

basic authentication with http post params android -

i doing basic authentication passing username , password , using basicnamevaluepair sending post params response service. my method: public stringbuilder callservicehttppost(string username, string password, string type) { // create new httpclient , post header httpclient httpclient = new defaulthttpclient(); httppost httppost = new httppost(webservice + type); httpresponse response = null; stringbuilder total = new stringbuilder(); try { url url = new url(webservice + type); /*string base64encodedcredentials = base64.encodetostring((username + ":" + password).getbytes(), base64.url_safe | base64.no_wrap);*/ string base64encodedcredentials = "basic " + base64.encodetostring( (username + ":" + password).getbytes(), base64.no_wrap); httppost.setheader("auth...
Read more

vb.net - Virtual Keyboard commands -

i wondering difference between virtual these keyboard commands is: keyeventf_extendedkey , keyeventf_keyup is. everywhere have looked gives me description based off integers , not want know each of them does. you've tagged question vb.net, these have nothing @ vb.net. they're constants defined in windows header files, use win32 api functions. as far difference, can't tell looking @ values. individual values not particularly important, that's why named identifiers used. what's important used , documentation functions tells mean. the first one, keyeventf_extendedkey , used keybdinput structure (which used along e.g. sendinput function) pass information synthesized keyboard input. if flag used, means scan code should interpreted extended key. technically, means scan code preceded prefix byte value 224 (&he0 in hexadecimal notation). the second one, keyeventf_keyup , 1 of flags available use structure. means key being released (going up)...
Read more

css - Firefox for ubuntu renders wrong colors -

Image
i've got following problem: i'm developing website, while testing around i've noticed firefox , chromium display css bar in different colors. when switched between several machine come conclusion firefox ubuntu problem. on other devices i've tested website. it's fine. the differences between chrome , firefox rendering: firefox: chromium: note: firefox ubuntu problem. does knows why , came solution? https://bugzilla.mozilla.org/show_bug.cgi?id=655637 bug 629312 - firefox displays wrong colors on image (only linux) open about:config , rechange gfx.color_management.mode 2 0.
Read more