As usual Niels comes to the rescue :) Since there is injection happening - which isn't a big surprise, it might as well have been modified several times.
In any case, you'd have to identify how the hacker gained access, either by using your scripting or by gaining access through ftp. So make sure you check the logfiles against the date last modified. Also double check the PC for keyloggers and backdoors. Kent On Oct 2, 10:48 pm, "Steve Thompson" <[EMAIL PROTECTED]> wrote: > Denis - > Good point. I just assumed that it was a typo or maybe the domain changed, > i don't know. I have searched everywhere with grep and on mysql databases > for google-analytize.com and have found nothing though... unless it is below > my domain folder on the server, which I'm not sure about. > > I did ensure that all files/directories have secure permissions now. Again, > I'm not 100% certain how that .js file became writable in the 1st place. I > did a server transfer not too long ago, maybe some of the permissions got > mixed up during that. Please advise if you know of any other way for me to > isolate the actual listed domain that Google has on the diagnostic page. > > In my webmaster tools, the 'warning' is gone, however, the site is still > flagged on Google's index. I'm sure the index takes a while to take the > warning off, but thought I should point that out? > > AGAIN THANKS SO MUCH for all the great help. > steve > > > > > > On Thu, Oct 2, 2008 at 1:24 PM, UseShots <[EMAIL PROTECTED]> wrote: > > > Niels, > > > So what about the "google-analytize .com" reported on the > > diagnostics page? I don't think it was just a typo, do you? > > > Should Steve look further or not? > > > Anyway, Steve, you should now find out why this file had write > > permissions, if there any other files and directories with too > > liberal permissions, and, of course, how the malicious code was > > inserted into this file, so that you can prevent re-infection. > > > Denis > >http://UnmaskParasites.com > > -- > > :::steve thompson:::http://www.stevejthompson.com- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message through the Google Groups "stopbadware" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/stopbadware?hl=en -~----------~----~----~----~------~----~------~--~---
