472,783 Members | 1,059 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,783 software developers and data experts.

Was my site hacked?

I have a website that I haven't examined in a while, but recently when
I did a view source on the page I found that someone had apparently
inserted Javascript that turns the main pages of my site into a single
frame (presumably to prevent them from being indexed by search
engines). Upon examining the actual code of my index page I found the
following script had been inserted:

<script language="JavaScript">

<script language="JavaScript">
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0;
i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image;

function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr;
for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;

function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=MM_findObj(n,d.layers[i].document); return x;

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array;
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc)
x.oSrc=x.src; x.src=a[i+2];}

I would like to know the following:

1. What is this script designed to do?

2. How did it get inserted into the main pages of my site?

3. How can I remedy this and prevent it from happening again?

4. Is there any way to find out who might have done this.

Also on a tertiary page (that I know never had any Jscript on it) I
found another unfamiliar script:

<script language="JavaScript">

function MM_preloadImages() { //v1.2
if (document.images) {
var imgFiles = MM_preloadImages.arguments;
var preloadArray = new Array();
for (var i=0; i<imgFiles.length; i++) {
preloadArray[i] = new Image;
preloadArray[i].src = imgFiles[i];

function MM_swapImage() { //v1.2
var i,j=0,objStr,obj,swapArray=new
for (i=0; i < (MM_swapImage.arguments.length-2); i+=3) {
objStr = MM_swapImage.arguments[(navigator.appName ==
if ((objStr.indexOf('document.layers[')==0 &&
document.layers==null) ||
(objStr.indexOf('document.all[') ==0 && document.all
objStr = 'document'+objStr.substring(objStr.lastIndexOf('.' ),objStr.length);
obj = eval(objStr);
if (obj != null) {
swapArray[j++] = obj;
swapArray[j++] = (oldArray==null ||
obj.src = MM_swapImage.arguments[i+2];
} }
document.MM_swapImgData = swapArray; //used for restore

What is this one supposed to do?

Thanks in advance..
Jul 23 '05 #1
1 1424
On 5 Dec 2004 14:24:08 -0800, Royal Denning wrote:
I have a website ..
...that I haven't examined in a while, but recently when
I did a view source on the page I found that someone had apparently
inserted Javascript that turns the main pages of my site into a single
Hosts and servers often do things like that, especially for
free sites. Is your site a free site?
..(presumably to prevent them from being indexed by search
Perhaps not.
..Upon examining the actual code of my index page I found the
following script had been inserted:

<script language="JavaScript">
That is not doing anything too harmful, except introducing
validation errors if the doctype is 4.01 strict. That and
using up bytes unnecessarily.
<script language="JavaScript">
function MM_preloadImages() { //v3.0
Ugghh.. Dreamweaver(?) generated Javascript. The approximate
equivalent of excrement.

To preload images. Possibly for a rotating banner of image ads
or such. Probably inserted by the host.
3. How can I remedy this and prevent it from happening again?

Pay for a host?

Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane
Jul 23 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: Venkat | last post by:
Hi All, I would like to about Cross Site Scripting. I googled XSS and got the point what it is but didn't get how it is achieved. Can someone describe me with an example how an hacker does it....
by: oi | last post by:
http://www.bayerdiag.com/index.cfm is a financial PR site clicking on "diabetes blah blah" links on various sites, just sends one on a multi- branching pseudo-circular goose chase. (just as...
by: codefixer | last post by:
Hello: The phpBB sites are hacked. If you search for "HACKED BY CYBER-ATTACK" on msn.com you will get a list of all the sites hacked. Anyone knows what is the way to clean this up ? Thanks.
by: David Carter | last post by:
Hello I switched my computer on today and found that a new login of "ASP.net" had been added, it was a full priviledge account. Can anyone tell me what has happened? I have no idea what ASP is so...
by: monomaniac21 | last post by:
hi i have a php site which allows users to save a cookie on their computer which stores their user id details and allows them to auto- login. i'm wondering whether this is safe, is it...
by: pittendrigh | last post by:
Are there good pre-canned php site search mechanisms? I've worked with lucene in the java servlet context, and I like lucene a lot. But it isn't available on the shared host server I have to...
by: smartic | last post by:
How can i know that if my site can be hacked or not ? like sql injection or javascript code
by: Ivo | last post by:
I am programming forum. Tech is ASP.NET, C# and SQL Server 2005. I want to see is my site safe, have I made some security problems. Can you try to hack my site untill 10-september-2007.:...
by: Tarantulus | last post by:
Hi guys, I've been hacked. my homepage has had <script> tage inserted into it pointing to a russian site with a trojan... only problem is I don't know how, and don't know where to start...
by: Rina0 | last post by:
Cybersecurity engineering is a specialized field that focuses on the design, development, and implementation of systems, processes, and technologies that protect against cyber threats and...
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
by: Rina0 | last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
by: lllomh | last post by:
How does React native implement an English player?
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.