Was my site hacked?

Discussion in 'Javascript' started by Royal Denning, Dec 5, 2004.

  1. I have a website that I haven't examined in a while, but recently when
    I did a view source on the page I found that someone had apparently
    inserted Javascript that turns the main pages of my site into a single
    frame (presumably to prevent them from being indexed by search
    engines). Upon examining the actual code of my index page I found the
    following script had been inserted:

    <script language="JavaScript">
    <!--
    //-->
    </script>

    <script language="JavaScript">
    <!--
    function MM_preloadImages() { //v3.0
    var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
    var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0;
    i<a.length; i++)
    if (a.indexOf("#")!=0){ d.MM_p[j]=new Image;
    d.MM_p[j++].src=a;}}
    }

    function MM_swapImgRestore() { //v3.0
    var i,x,a=document.MM_sr;
    for(i=0;a&&i<a.length&&(x=a)&&x.oSrc;i++) x.src=x.oSrc;
    }

    function MM_findObj(n, d) { //v3.0
    var p,i,x; if(!d) d=document;
    if((p=n.indexOf("?"))>0&&parent.frames.length) {
    d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
    if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++)
    x=d.forms[n];
    for(i=0;!x&&d.layers&&i<d.layers.length;i++)
    x=MM_findObj(n,d.layers.document); return x;
    }

    function MM_swapImage() { //v3.0
    var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array;
    for(i=0;i<(a.length-2);i+=3)
    if ((x=MM_findObj(a))!=null){document.MM_sr[j++]=x; if(!x.oSrc)
    x.oSrc=x.src; x.src=a[i+2];}
    }
    //-->
    </script>

    I would like to know the following:

    1. What is this script designed to do?

    2. How did it get inserted into the main pages of my site?

    3. How can I remedy this and prevent it from happening again?

    4. Is there any way to find out who might have done this.

    Also on a tertiary page (that I know never had any Jscript on it) I
    found another unfamiliar script:

    <script language="JavaScript">
    <!--

    function MM_preloadImages() { //v1.2
    if (document.images) {
    var imgFiles = MM_preloadImages.arguments;
    var preloadArray = new Array();
    for (var i=0; i<imgFiles.length; i++) {
    preloadArray = new Image;
    preloadArray.src = imgFiles;
    }
    }
    }

    function MM_swapImage() { //v1.2
    var i,j=0,objStr,obj,swapArray=new
    Array,oldArray=document.MM_swapImgData;
    for (i=0; i < (MM_swapImage.arguments.length-2); i+=3) {
    objStr = MM_swapImage.arguments[(navigator.appName ==
    'Netscape')?i:i+1];
    if ((objStr.indexOf('document.layers[')==0 &&
    document.layers==null) ||
    (objStr.indexOf('document.all[') ==0 && document.all
    ==null))
    objStr = 'document'+objStr.substring(objStr.lastIndexOf('.'),objStr.length);
    obj = eval(objStr);
    if (obj != null) {
    swapArray[j++] = obj;
    swapArray[j++] = (oldArray==null ||
    oldArray[j-1]!=obj)?obj.src:eek:ldArray[j];
    obj.src = MM_swapImage.arguments[i+2];
    } }
    document.MM_swapImgData = swapArray; //used for restore
    }
    //-->
    </script>

    What is this one supposed to do?

    Thanks in advance..
     
    Royal Denning, Dec 5, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?cmVyZGF2aWVz?=

    CultureInfo getting hacked during page load.

    =?Utf-8?B?cmVyZGF2aWVz?=, Apr 30, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    413
    Natty Gur
    May 2, 2004
  2. David Carter

    Have I been Hacked???????

    David Carter, Jan 23, 2005, in forum: ASP .Net
    Replies:
    5
    Views:
    546
    Kevin Spencer
    Jan 24, 2005
  3. Christian Schuhegger
    Replies:
    0
    Views:
    334
    Christian Schuhegger
    Dec 6, 2003
  4. Christian Schuhegger
    Replies:
    0
    Views:
    315
    Christian Schuhegger
    Jul 1, 2004
  5. Arne

    Getting hacked?

    Arne, Sep 19, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    141
    Rakesh Rajan
    Sep 26, 2005
Loading...

Share This Page