MeenaInc Posted June 18, 2009 Share Posted June 18, 2009 Guys, about once a week I have to re-upload the index.php files in the root and admin directories because a php script has been appended to the very end of the files. The script is a google analytics script and is heavily encrypted.The site belongs to a client of ours and he assures me that they are not altering the files, and of course, we are not either.Anyone have a clue as to why this script keeps popping up on these two files?? Should I chmod them both to 444?By the way, the next time it happens, I will copy the script here for you to see.Thanks,Meena, Inc. Link to comment Share on other sites More sharing options...
Patric Posted June 18, 2009 Share Posted June 18, 2009 Is the Google Analytics module activated ? Link to comment Share on other sites More sharing options...
MeenaInc Posted June 18, 2009 Author Share Posted June 18, 2009 Zendik, the module was installed but never configured with an id. I just uninstalled it however.I also just noticed it installed the script on the login.php file in the admin directory. Here is the script:<?php echo '[removed]var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");[removed](unescape("[removed][removed]"));[removed][removed]try {var pageTracker = _gat._getTracker("UA-32645524-1");pageTracker._trackPageview();} catch(err) {}[removed]'; ?>Any ideas?Thanks,Meena, Inc. Link to comment Share on other sites More sharing options...
.png.022b5452a8f28f552bc9430097a16da2.png)
Recommended Posts