polonus
1
That blacklisting: https://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.duo-herzklappe.de%2Findex.html&hl=en
See: https://www.virustotal.com/nl/url/a5496f1995d0068e120be0dafa77c4f351a777a2c5836e1409ffc7640abc6a26/analysis/1387057098/
5 detect. malicious iFrame detection here: http://urlquery.net/report.php?id=8392438 see executed javascripts there - marked yellow code.php hack
with inserted code via "window.location = “http://yourServer.com/etc.” - no I won’t give details,
I am a website security researcher not an attacker - pol
see: http://jsunpack.jeek.org/?report=4d96fd2670a47557b735a03a708bb9cb92f1b567
View above link in browser with NoScript and RequestPolicy extensions active and running in a sandbox/VM. For security researchers only!
Also see: http://jsunpack.jeek.org/?report=131181e91fad7e350153885f1496a77f3fe2f06e
window.location = “htxp://kvwebsolutions.com/code.php” blocked as malware by Bitdefender’s TrafficLight
You have reached this page because the website has been hacked. If you are the owner of please remove the following code from your webpage this will stop your site from landing at this page.
We are not the people responsible for this attack just as you our site was hacked.
This is not helping security - 119 websites on one and the same IP: http://sameid.net/ip/80.67.28.211/
Re: http://website.informer.com/80.67.28.211
polonus
polonus
2
Donovan
3
Hi Polonus,
The custom message and comment of “//hack” in the source is rather interesting to me.
~!Donovan
polonus
4
Donovan
5
Hi Polonus,
That’s Piwik Analytics, a free alternative to Google Analytics that runs on your own server. I used it some months ago on one of my sites for testing purposes.
Also see: http://piwik.org/
~!Donovan
polonus
6
Hi !Donovan,
That code is vulnerable, a backdoored version can open the file piwik/core/Loader.php. (piwik-coreloaderphp-trojan)
Piwik has a history with malicious code added via particular XSS-attacks.
(Especially 2012 was a bad security year for Piwik trackware).
It is always found that kernel CMS software on websites comes rather secure.
It is always sufficiently updated and fully patched.
It is not there that eventual problems arise.
It is the (free) themes, plug-ins and other additional CMS code that is creating these security problems.
Remember code injection is one of the most dangerous website infecting techniques,
polonus