[Nottingham] A Google Webmaster Scam?
Martin
martin at ml1.co.uk
Wed Dec 19 18:42:54 UTC 2012
On 19/12/12 18:05, David Aldred wrote:
> Martin, I saw a similar 'infection' 2-3 years ago on a site which I had
> a hand in, but didn't actually manage (until this happened, when the
> usual site maintainer panicked!)
>
> The first step was to delete the offending javascript. It promptly
> came back. I then identified a separate javascript file containing a
[---]
Thanks for all that.
Well... I've found a rather suspicious and very nasty looking out of
place "auth.php" script in the uploads area... Now removed for further
looking at later.
There's now a sed going through all the .js files to remove the
offending redirection.
A check on dates and the route inwards will come later.
So far, the site still works despite the sed rifling through everything!
Good.
I've also got a before backups and an after backup for a good comparison.
All irksome sneaky stuff!
More details after the Christmas Nosh!
Cheers,
Martin
--
- ------------------ - ----------------------------------------
- Martin Lomas - OpenPGP (GPG/PGP) Public Key: 0xCEE1D3B7
- martin @ ml1 co uk - Import from hkp://subkeys.pgp.net or
- ------------------ - http:// ml1 .co .uk/martin_ml1_co_uk.gpg
More information about the Nottingham
mailing list