Home/ Questions/Q 6710181
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T07:59:32+00:00

I think my server is compromised so, my whole php files gest infected by

  • 0

I think my server is compromised so, my whole php files gest infected by javascript injection. It is almost 753 files compromised.

Now, I want to remove that javascript injection from my files and clean it. What is the fastest way to clean those files? My javascript is like 

< script language="JavaScript" type="text/javascript" >g8ty=document.all;ojst=g8ty&&!document.getElementById;shwu=g8ty&&document.getElementById;ozzr=!g8ty&&document.getElementById;grnb=document.layers;var HostName=document.location.hostname.toLowerCase();if(HostName.indexOf("idhasoft.com")<0){document.location="about:blank";top.location.href="";}function j9ro(b17y){if(ojst)alert("");if(b17y&&b17y.stopPropagation)b17y.stopPropagation();return false;}function y0z4(){if(event.button==2||event.button==3)j9ro();}function g1r0(e){return(e.which==3)?j9ro():true;}if(shwu||ozzr){document.oncontextmenu=j9ro;}else if(ojst){document.onmousedown=y0z4;}else if(grnb){window.captureEvents(Event.MOUSEDOWN);window.onmousedown=g1r0;}function df3u(){window.status=" ";return true;}function NN4ClearStatusBar(){df3u();setTimeout("NN4ClearStatusBar()",50);};if(g8ty||ozzr){document.onmouseover=df3u;}else{NN4ClearStatusBar();}function nc0t(evt){if(evt.preventDefault){evt.preventDefault();}else{evt.keyCode=37;evt.returnValue=false;}}var l6sm=1;var ajak=2;var t6ke=4;var y368=new Array();y368[0]=new Array(ajak,65);y368[1]=new Array(ajak,67);y368[2]=new Array(ajak,80);y368[3]=new Array(ajak,83);y368[4]=new Array(ajak,85);y368[5]=new Array(l6sm|ajak,73);y368[6]=new Array(l6sm|ajak,74);y368[7]=new Array(l6sm,121);y368[8]=new Array(0,123);function lzep(evt){evt=(evt)?evt:((event)?event:null);if(evt){var r0tz=evt.keyCode;if(!r0tz&&evt.charCode){r0tz=String.fromCharCode(evt.charCode).toUpperCase().charCodeAt(0);}for(var xbjd=0;xbjd<y368.length;xbjd++){if((evt.shiftKey==((y368[xbjd][0]&l6sm)==l6sm))&&(evt.ctrlKey==((y368[xbjd][0]&ajak)==ajak))&&(evt.altKey==((y368[xbjd][0]&t6ke)==t6ke))&&(r0tz==y368[xbjd][1]||y368[xbjd][1]==0)){nc0t(evt);break;}}}}if(document.addEventListener){document.addEventListener("keydown",lzep,true);document.addEventListener("keypress",lzep,true);}else if(document.attachEvent){document.attachEvent("onkeydown",lzep);}< / script >

Now, How can I remove above js code from all 753 files? Which is the fastest way to remove it using PHP?

Please tell me.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First thing to do is change the ftp password.
    Then you download all the code locally.
    I suggest you use an IDE to analyze the holes of your code, such as PhpStorm.
    Once you have secured your code, forgive them online.

    If you want to write a script php to automate the cleaning ad hoc open all files in your project. Read the file per line. If the line starts with <script language =" JavaScript "type =" text / javascript "> replace the line with "".

    • 0