What's new
By:
Filters
TerraForums Venus Flytrap, Nepenthes, Drosera and more talk

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Weird code in my webpage..

scottychaos

scottychaos

I dont what is going on here..some kind of weird hijacking or something..
one of my webpages, this one:

http://gold.mylargescale.com/scottychaos/Ariens/Page5.html

has all kinds of code in it that I didnt put there!

look at the source, and search for "yimg"..lots of code like:
//l.yimg.com/a/lib/uh/js/uh_utils- (I didnt post the whole url, on purpose)

I know its javascript,
and it looks like yimg.com is yahoo messenger..
(or something to do with yahoo)
I tried deleting it all, re-uploaded the page, and it all came back..
how can this get added into my code?
and how can I get rid of it??
anyone have any ideas?

I started that page from scratch, as an empty HTML document..
I never added any javascript into it myself..
I have no idea how all this yahoo messenger junk got in there..

(I do have one embedded youtube video..could it be coming from that?)

thanks,
Scot
 
Its a hacker. Not sure how to fix it though. Did you try to create a new page exactly like the old one was instead of trying to fix that one and just remove all the links to it? (I would wait for more advice though)
 
Have you tried uploading your source documents to the server again? If the code comes back, it may be inserted by the webhost automatically when the page is retrieved. I doubt anyone would bother to hack you individually - there is the possibility of a virus of some sort getting to the server though. It also seems unlikely that this is a malicious exploit, as yimg.com is a legitimate Yahoo server:
http://whois.domaintools.com/yimg.com
~Joe
 
If you don't own your own domain who knows what the server company may feel entitled to stick on your site. That's why I have an account with hostultra. I don't know if you're interested in going that route where you can control everything but, it's the cheapest I know of but still very good with tons of site add-on "server technology" stuff I don't have a clue how to use though I could, should I bother to learn.
 
Its definitely not being inserted by my webhost..I know that for a fact.
and its not being inserted by me..

I guess its nothing malicious..I just cant figure out how its getting there!
I suspect it might be youtube..
very strange..

thanks,
Scot
 
This happened to me on my site. Somebody inserted their malicious code in my website. I had the original "clean" file, so I simply reuploaded the good version.
 
How do you upload your pages to your host? ftp/sftp? If you can use the same method to look at and retrieve the contents of your page, does the weird code appear there as well?
I don't see references to any scripts or executables that don't originate from Yahoo! or YouTube. There are a few JavaScript snippets that seem to be logging the amount of time the page is displayed on the user's screen. By the wording of the variables used, it might be an ad banner script.
~Joe
 
im 90% sure its the embedded youtube video..

I just took out ALL the javascript code, plus the embedded youtube..
re-uploaded..its staying clean..

now I will (tomorrow) just add a link to the youtube video, rather than embed it, and see fi the code stays clean..

thanks,
Scot
 
Good luck man, hope you can get rid of it. I can see something like that getting annoying real quick!
 
  • #10
Maybe... I don't know of any way that YouTube would be able to rewrite your html documents as they're sent from a third-party server though. If it were scripts loaded by YouTube's Flash players, they wouldn't appear in the source of your document. They would be loaded on-the-fly after the actual html file was rendered. The originating server decides entirely what the content of your html will be, unless you're in some place like China where they monitor and scrub webpages as they're transmitted along intermediary servers.
I just checked, and it's all still there.
~Joe
 
  • #11
seedjar said:
I just checked, and it's all still there.
~Joe
Click to expand...

you were probably looking at the cached page..
if you refresh, all the funky code should be gone..
tomorrow I will add the youtube video back in, and see what happens..

thanks,
Scot
 
  • #12
Hmm, strange, there must be a cache proxy on the network at my job. I was on different machines before and after noon. It indeed looks good now (or, at least, from here at home on my Comcast line.) So did it come back before you tried removing the YouTube stuff? I'm really curious to know how it all happened.
~Joe
 
  • #13
Well it seems to be gone now..and its not coming back..

here is what happened.

1. Initally I had the page uploaded with an embedded youtube video, embedded in the page.

2. months later, I noticed a LOT of javascript in the page! lines and lines of it..all something to do with yimg.com (yahoo) (MUCH more code than just the few lines of the youtube "embed code")

the extra javascript was probably 30% of the total code!

3. I deleted ALL the javascript..re-uploaded the page.

4. all the javascript CAME BACK! all I code I deleted returned to the page..

5. deleted all the script again, and removed the embedded youtube link.
re-uploaded, extra code does not return.

6. just now, minutes ago, I added just a link to the youtube video, re-uploaded..its still clean.

I might try once more and RE-embed the video..or I might not bother..

thanks,
Scot
 
  • #14
yimg.com are Yahoo's image servers, primarily flickr.

Earlier this year (around June) China blocked sites, domains and addresses associated with Twitter, YouTube, HotMail, Flickr and others. This was because of the 20th anniversary of Tiananmen.

It's is possible your page was hacked to serve as a proxy to reach flickr and YouTube.

The other possibility is that you unknowingly picked up the code into your cut and paste buffer when editing the HTML and did not notice the unwanted code - easy to do if you are editing webpages in WYSIWYG mode.

Odds are your page was hacked. The very least you should have done as soon as you were aware of this was to change your password and notify your hosting company so they can do a security audit of their servers and your webpages.
 
  • #15
Not a Number said:
The very least you should have done as soon as you were aware of this was to change your password and notify your hosting company so they can do a security audit of their servers and your webpages.
Click to expand...

already done! ;)

I just found the same/similar code in another page!

http://gold.mylargescale.com/Scottychaos/NY-Alcos/

This page has some messy tables in it..that I created years ago by converting excel sheets into HTML code..which I now know is a very messy way to create HTML code, but years ago when I made the page, I didnt know any better..I thought the "mystery code" might be from excel, but no..because:

I have old versions of that page going back to 2005..

2005 does not have code.
2006 does not have the code..
2007..clean..
2008..clean..

only this year's version of the page has the yimg code..hmmm..

im not going to do anything with the NY Alcos page until I hear back from my web host..

Scot
 
  • #16
Hey, the javascript actually has readable white space in this one.
The plot thickens - I was looking at the script and found an error at the beginning, right after the part where your stuff says, "ex Allied Chemical." There were a few characters missing from the first statement in the script, but when I opened the source in another window and looked again, it was gone. Very bizarre.
~Joe
 
You must log in or register to reply here.
Back
Top