473,320 Members | 2,029 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

Was my site hacked?

I have a website that I haven't examined in a while, but recently when
I did a view source on the page I found that someone had apparently
inserted Javascript that turns the main pages of my site into a single
frame (presumably to prevent them from being indexed by search
engines). Upon examining the actual code of my index page I found the
following script had been inserted:

<script language="JavaScript">
<!--
//-->
</script>

<script language="JavaScript">
<!--
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0;
i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image;
d.MM_p[j++].src=a[i];}}
}

function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr;
for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}

function MM_findObj(n, d) { //v3.0
var p,i,x; if(!d) d=document;
if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++)
x=MM_findObj(n,d.layers[i].document); return x;
}

function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array;
for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc)
x.oSrc=x.src; x.src=a[i+2];}
}
//-->
</script>

I would like to know the following:

1. What is this script designed to do?

2. How did it get inserted into the main pages of my site?

3. How can I remedy this and prevent it from happening again?

4. Is there any way to find out who might have done this.

Also on a tertiary page (that I know never had any Jscript on it) I
found another unfamiliar script:

<script language="JavaScript">
<!--

function MM_preloadImages() { //v1.2
if (document.images) {
var imgFiles = MM_preloadImages.arguments;
var preloadArray = new Array();
for (var i=0; i<imgFiles.length; i++) {
preloadArray[i] = new Image;
preloadArray[i].src = imgFiles[i];
}
}
}

function MM_swapImage() { //v1.2
var i,j=0,objStr,obj,swapArray=new
Array,oldArray=document.MM_swapImgData;
for (i=0; i < (MM_swapImage.arguments.length-2); i+=3) {
objStr = MM_swapImage.arguments[(navigator.appName ==
'Netscape')?i:i+1];
if ((objStr.indexOf('document.layers[')==0 &&
document.layers==null) ||
(objStr.indexOf('document.all[') ==0 && document.all
==null))
objStr = 'document'+objStr.substring(objStr.lastIndexOf('.' ),objStr.length);
obj = eval(objStr);
if (obj != null) {
swapArray[j++] = obj;
swapArray[j++] = (oldArray==null ||
oldArray[j-1]!=obj)?obj.src:oldArray[j];
obj.src = MM_swapImage.arguments[i+2];
} }
document.MM_swapImgData = swapArray; //used for restore
}
//-->
</script>

What is this one supposed to do?

Thanks in advance..
Jul 23 '05 #1
1 1431
On 5 Dec 2004 14:24:08 -0800, Royal Denning wrote:
I have a website ..
URL?
...that I haven't examined in a while, but recently when
I did a view source on the page I found that someone had apparently
inserted Javascript that turns the main pages of my site into a single
frame
Hosts and servers often do things like that, especially for
free sites. Is your site a free site?
..(presumably to prevent them from being indexed by search
engines).
Perhaps not.
..Upon examining the actual code of my index page I found the
following script had been inserted:

<script language="JavaScript">
<!--
//-->
</script>
That is not doing anything too harmful, except introducing
validation errors if the doctype is 4.01 strict. That and
using up bytes unnecessarily.
<script language="JavaScript">
<!--
function MM_preloadImages() { //v3.0
Ugghh.. Dreamweaver(?) generated Javascript. The approximate
equivalent of excrement.

To preload images. Possibly for a rotating banner of image ads
or such. Probably inserted by the host.
3. How can I remedy this and prevent it from happening again?


Pay for a host?

--
Andrew Thompson
http://www.PhySci.org/codes/ Web & IT Help
http://www.PhySci.org/ Open-source software suite
http://www.1point1C.org/ Science & Technology
http://www.LensEscapes.com/ Images that escape the mundane
Jul 23 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

7
by: Venkat | last post by:
Hi All, I would like to about Cross Site Scripting. I googled XSS and got the point what it is but didn't get how it is achieved. Can someone describe me with an example how an hacker does it....
0
by: oi | last post by:
http://www.bayerdiag.com/index.cfm is a financial PR site clicking on "diabetes blah blah" links on various sites, just sends one on a multi- branching pseudo-circular goose chase. (just as...
2
by: codefixer | last post by:
Hello: The phpBB sites are hacked. If you search for "HACKED BY CYBER-ATTACK" on msn.com you will get a list of all the sites hacked. Anyone knows what is the way to clean this up ? Thanks.
5
by: David Carter | last post by:
Hello I switched my computer on today and found that a new login of "ASP.net" had been added, it was a full priviledge account. Can anyone tell me what has happened? I have no idea what ASP is so...
7
by: monomaniac21 | last post by:
hi i have a php site which allows users to save a cookie on their computer which stores their user id details and allows them to auto- login. i'm wondering whether this is safe, is it...
4
by: pittendrigh | last post by:
Are there good pre-canned php site search mechanisms? I've worked with lucene in the java servlet context, and I like lucene a lot. But it isn't available on the shared host server I have to...
5
by: smartic | last post by:
How can i know that if my site can be hacked or not ? like sql injection or javascript code
12
by: Ivo | last post by:
I am programming forum. Tech is ASP.NET, C# and SQL Server 2005. I want to see is my site safe, have I made some security problems. Can you try to hack my site untill 10-september-2007.:...
4
Tarantulus
by: Tarantulus | last post by:
Hi guys, I've been hacked. my homepage has had <script> tage inserted into it pointing to a russian site with a trojan... only problem is I don't know how, and don't know where to start...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
0
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.