All the index.htm's, etc on all the websites on my server (there are a lot) had malicious javascript inserted which re-routed them to Russian & Turkish sites. I found this index.php sitting in my albums directory in coppermine: (1.4.17). I am currently deleting coppermine in its entirety & uploading 1.4.18 instead. I changed all my FTP & database passwords just in case & uploaded files from my PC to overwrite the infected ones. A big pain. Here is the code I found in coppermine:
<html>
<head>
<title>Hacked by TheWayEnd 1923Turk DaDaSLaR</title>
</head>
<style>
<!--
body { scrollbar-face-color: #000000; scrollbar-shadow-color: #CC0000; scrollbar-highlight-color: #CC0000; scrollbar-3dlight-color: #000000; scrollbar-darkshadow-color: #000000; scrollbar-track-color: #000000; scrollbar-arrow-color: #ffffff }
-->
</style>
<body background="http://i5.piczo.com/view/1/j/9/q/4/k/0/0/y/t/k/9/img/i83784551_80817.gif">
</body>
<!--
if (document.all&&!window.print){
leftright.style.width=document.body.clientWidth-2
topdown.style.height=document.body.clientHeight-2
}
else if (document.layers){
document.leftright.clip.width=window.innerWidth
document.leftright.clip.height=1
document.topdown.clip.width=1
document.topdown.clip.height=window.innerHeight
}
function followmouse1(){
leftright.style.pixelTop=document.body.scrollTop+event.clientY+1
topdown.style.pixelTop=document.body.scrollTop
if (event.clientX<document.body.clientWidth-2)
topdown.style.pixelLeft=document.body.scrollLeft+event.clientX+1
else
topdown.style.pixelLeft=document.body.clientWidth-2
}
function followmouse2(e){
//move cross engine for NS 4+
document.leftright.top=e.y+1
document.topdown.top=pageYOffset
document.topdown.left=e.x+1
}
if (document.all)
document.onmousemove=followmouse1
else if (document.layers){
window.captureEvents(Event.MOUSEMOVE)
window.onmousemove=followmouse2
}
function regenerate(){
window.location.reload()
}
function regenerate2(){
setTimeout("window.onresize=regenerate",400)
}
if ((document.all&&!window.print)||document.layers)
window.onload=regenerate2
//-->
</script>
<script language="JavaScript">
function ambos(e) {
if (navigator.appName == 'Netscape' && (e.which == 1 || e.which == 3 || e.which == 2)){
alert('Los botones del mouse han sido inhabilitados')
return false;
}
else if (navigator.appName == 'Microsoft Internet Explorer' && (event.button == 2 ||
event.button == 2)){
alert('[! By_AD!GE !]')
}
}
document.onmousedown=ambos</script>
<bgsound src=dht.mid loop=infinite>
<body bgcolor=black>
<script language="Javascript1.2">
<!--
var mymessage = "1923TURK-GRUP";
function rtclickcheck(keyp){
if (navigator.appName == "Netscape" && keyp.which == 3) {
alert(mymessage);
return false;
}
if (navigator.appVersion.indexOf("MSIE") != -1 && event.button == 2) {
alert(mymessage);
return false;
}
}
document.onmousedown = rtclickcheck
//-->
</script>
<center><b><br>
<img src="http://adiqe.funpic.org/resimler/hack.png"><br>
<font face="Courier New" size="5px" color="#d50000">BiZ OSMANLI Torunu TURKIYE Cumhuriyeti Evladiyiz</font><br>
<img border="0" src="http://img100.imageshack.us/img100/6844/turaas3.gif" width="500" height="422"><br>
<font face="Courier New" size="6px" color="#d50000">NE MUTLU TURK'UM DiYENE</font><br><br>
<P>
<FONT color=white>
</FONT></FONT><P>
<P>
<FONT color=white>
</FONT></FONT><P>
<P>
<p>
<p>
<script language="javascript" src="/mynet_sistem/hostingad.js"></script><script language="javascript" src="http://mysite.mynet.com/common/hostingad_1.js"></script>
<br><br>
<center><EMBED
style="BORDER-RIGHT: #0b78ff 1px solid; BORDER-TOP: #0b78ff 1px solid; FILTER: xray; BORDER-LEFT: #0b78ff 1px solid; BORDER-BOTTOM: #0b78ff 1px solid; BACKGROUND-COLOR: #0b78ff"
src=http://www.elnino.gen.tr/depo/ELNINO&JETAYDIN-KALBINI-KIRARIM.mp3 width=0 height=0 type=audio/x-ms-wma>
</TD></TR></center>
<div id="leftright" style="width:expression(document.body.clientWidth-2)"></div>
<div id="topdown" style="height:expression(document.body.clientHeight-2)"></div>