471,119 Members | 1,376 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,119 software developers and data experts.

Was my site hacked?

I have a website that I haven't examined in a while, but recently when
I did a view source on the page I found that someone had apparently
inserted Javascript that turns the main pages of my site into a single
frame (presumably to prevent them from being indexed by search
engines). Upon examining the actual code of my index page I found the
following script had been inserted:

<script language="JavaScript">
<!--
//-->
</script>

<script language="JavaScript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0;
i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image;
d.MM_p[j++].src=a[i];}}
}

function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr;
for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document); return x;
}

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array;
for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc)
x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>

I would like to know the following:

1. What is this script designed to do?

2. How did it get inserted into the main pages of my site?

3. How can I remedy this and prevent it from happening again?

4. Is there any way to find out who might have done this.

Also on a tertiary page (that I know never had any Jscript on it) I
found another unfamiliar script:

<script language="JavaScript">
<!--

function MM_preloadImages() { //v1.2
if (document.images) {
var imgFiles = MM_preloadImages.arguments;
var preloadArray = new Array();
for (var i=0; i<imgFiles.length; i++) {
preloadArray[i] = new Image;
preloadArray[i].src = imgFiles[i];
}
}
}

function MM_swapImage() { //v1.2
var i,j=0,objStr,obj,swapArray=new
Array,oldArray=document.MM_swapImgData;
for (i=0; i < (MM_swapImage.arguments.length-2); i+=3) {
objStr = MM_swapImage.arguments[(navigator.appName ==
'Netscape')?i:i+1];
if ((objStr.indexOf('document.layers[')==0 &&
document.layers==null) ||
(objStr.indexOf('document.all[') ==0 && document.all
==null))
objStr = 'document'+objStr.substring(objStr.lastIndexOf('.' ),objStr.length);
obj = eval(objStr);
if (obj != null) {
swapArray[j++] = obj;
swapArray[j++] = (oldArray==null ||
oldArray[j-1]!=obj)?obj.src:oldArray[j];
obj.src = MM_swapImage.arguments[i+2];
} }
document.MM_swapImgData = swapArray; //used for restore
}
//-->
</script>

What is this one supposed to do?

Thanks in advance..
Jul 23 '05 #1
1 1397
On 5 Dec 2004 14:24:08 -0800, Royal Denning wrote:
I have a website ..
URL?
...that I haven't examined in a while, but recently when
I did a view source on the page I found that someone had apparently
inserted Javascript that turns the main pages of my site into a single
frame
Hosts and servers often do things like that, especially for
free sites. Is your site a free site?
..(presumably to prevent them from being indexed by search
engines).
Perhaps not.
..Upon examining the actual code of my index page I found the
following script had been inserted:

<script language="JavaScript">
<!--
//-->
</script>
That is not doing anything too harmful, except introducing
validation errors if the doctype is 4.01 strict. That and
using up bytes unnecessarily.
<script language="JavaScript">
<!--
function MM_preloadImages() { //v3.0
Ugghh.. Dreamweaver(?) generated Javascript. The approximate
equivalent of excrement.

To preload images. Possibly for a rotating banner of image ads
or such. Probably inserted by the host.
3. How can I remedy this and prevent it from happening again?


Pay for a host?

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane
Jul 23 '05 #2

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

7 posts views Thread by Venkat | last post: by
2 posts views Thread by codefixer | last post: by
5 posts views Thread by David Carter | last post: by
4 posts views Thread by pittendrigh | last post: by
5 posts views Thread by smartic | last post: by
12 posts views Thread by Ivo | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.