I just got a HTML:Script-info Malware Blocked warning when I visited the following site: hXXp://www.coupondad.net/blog/blockbuster-express-free-rental-codes/ (XX=tt)
I have been to this site many times with no warning. Just started today. Is this a false positive, or is the web site owner starting to get a little nasty ? Any help would be appreciated.
the post below this contains a bunch of people getting the same problem I am getting on different sites. It doesn’t shed any light on my question though. Thanks though. Hopefully, someone can help. I will be patient as I see you have a lot of others with similar problem.
Update your virus definitions and move on. BTW, I have posted the above link into about every thread that “doesn’t shed any light on my question”. Apparently people plain won’t read, no matter what.
Hello I’m the owner of a website and since a few days (maybe a month, I can’t be sure) I began to see strange connections while my homepage was being loaded. Something about a camerapoint.com and others. Today I open my site and encounter the Avast Alert. Malware HTML:Script-inf!!! What a hell? I start removing my google ads code from adsense to see if the problem persist or if some ads were generating the Avast alert. Nothing happened so I turn to google and find this thread and others similar. After several hours I start removing part of my index.php code and found this f**k*in%g shi#t in the upper part, in the first line:
<?php
So this garbage sites were put there by someone that wasn’t me:
But who the hell put that there? Take a closer look, it’s before my <?php tag.
Ideas???
I have some but… take your own conclusions:
I’m hosting my site in Godaddy.com, could they put that without prompting?
Someone discover my pass and account and via FTP put that there.
What to do?
Open the Source Code window in our favorite browser and do a Search for these texts: internetmarketing, digitalcamerapoint, birkul and if you find any coincidence warn the webmasters about this. If you don’t find nothing also alert them because this bull%shi#t makes money loose and overload servers bandwidth.
Please ‘modify’ your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
To me it sounds like your site was hacked, commonly this is through content management software, PHP in your case by what you say. There may well be insertions in your PHP templates also.
This is commonly down to out of date software with vulnerabilities being exploited. So you need to ensure that you have the latest version of PHP, that however may be provided by your host. They shouldn’t be placing anything on ‘your’ site after all you are paying for the hosting.