My Website Hacked but can't find problem!

[Maxiseller]

Thanks all for the help.

 

[Maxiseller]

Code for page Google said is infected:

Code removed.

 

[junker]

I honestly have no business commenting here, as my JS knowledge is terribly weak, but I liked the challenge. 🙂

Would this be part of the problem maybe?

allowScriptAccess="always"

Does that allow foreign code to execute?

Hopefully someone else solves this, cause I'm curious too.

 

[junker]

Also, is this smiley allowed in JS scripting?

"clsid27CDB6E-AE6D-11cf-96B8-444553540000"

Whoa...it won't paste. Well for me between id and 27 in that line I have a smiley face graphic....odd. Do you see it in the MR forum or is just in my browser?

 

[designguy79]

Did you know that there is a link to http://www.internet-ink.co.uk at the bottom of your page?

If you didn't put it there, then someone else has access to your web files!

Do you use FTP to upload your files? If so, it is important to know that FTP is sent in "plain-text", so anyone on the same network that you are can very easily "sniff" your FTP info.

I would definitely change your FTP password and ask for a FTP log from your host (times and dates of FTP logins/login attempts)

HTH,

~ Jeremy

 

[aykhwang]

http://www.google.com/support/webmasters/bin/answer.py?answer=168328

You probably don't even have malware, just a Google fault. Follow the link above for instructions on submitting the website for review.

 

[angelwatt]

Did you know that there is a link to http://www.internet-ink.co.uk at the bottom of your page?

Yea, empty links hiding at the bottom of pages is definitely a red flag, and Google can spot these and very possibly is what caused the email to the OP. It's too bad Google's emails are never more helpful as it's their software that makes the detection.

 

[ChicoWeb]

Looks fine from here. Usually it's a pretty obvious JS or iframe that has been maliciously inserted and it sticks out.