I saw the "Maintenance Mode" code earlier in the thread. What the hacker put into my "Maintenance Mode" page seems much more malicious. Anyone with Javascript experience have and idea what this would have done had a user visited the site while it was on main't mode?
<HTML>
<HEAD>
<TITLE>Hacked by ALTANs - System Fucker</TITLE>
<META NAME="description" CONTENT="Bizim Gerçek K?ld?klar?m?za Onlar hayalleriyle Eri?emedi">
<META NAME="author" CONTENT="ALTANs">
<LINK REV="made" href="mailto:turkogluturk18@hotmail.com">
<META http-equiv=Content-Type content="text/html; charset=windows-1254">
<META content="MSHTML 6.00.2900.2722" name=GENERATOR></HEAD>
<BODY text=#000080 vLink=#000080 aLink=#000080 link=#000080 bgColor=#ffffff onload=init()>
<P align=center>
<DIV class=ttl1 id=ttl0>
<SCRIPT language=JavaScript>
var message="";
/////////////////////////////////// sa? tu? close
function clickIE() {if (document.all) {(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
</SCRIPT>
</DIV><BR>
<META http-equiv=Content-Language content=tr>
<STYLE type=text/css>B {
FONT-WEIGHT: bold
}
#ttl0 {
POSITION: absolute
}
.ttl1 {
FONT: 8pt Verdana,Arial,Helvetica,serif
}
.p {
color : #000080;
}
.d {
color : #000000;
background-color : #ffff00;
}
</STYLE>
<SCRIPT language=JAVASCRIPT type=text/javascript>var layers=document.layers,style=document.all,both=layers||style,idme=908601;if(layers){layerRef='document.layers';styleRef='';}if(style){layerRef='document.all';styleRef='.style';}function writeOnText(obj,str){if(layers)with(document[obj]){document.open();document.write(str);document.close();}if(style)eval(obj+'.innerHTML= str');}var dispStr=new Array("<font color=008000><!--#include file="database.asp"--></font><br><font color=008000><!--#include file="Server-CreateObject.asp"--></font><br><br><font class=d><%</font></b><br><font color=000080>If <b>hacked</b>.eof <b>then</b><br><font color=000080>Response.Write (" This Web Page Hacked ") <br>Response.Write ("<font color=800080><b> Hacked by ALTANs </b></font>") </b><font color=000080><br>Response.Write (" RSA key fingerprint : 4f:b8:e8:83:h7:82:1g:t4:2e:49:72:41:f2:19:66:ea ")<br>Response.Write (" Are you sure you want to continue connecting (yes/no)? ")<br>Response.Write (" yes ")<br>Response.Write (" Root: ALTANs ")<br>Response.Write (" password: ******* ")<br>Response.Write (" Md5 : 3f3082fd88c694198de78162285940bf ")<br>Response.Write (" Checksum : <b> --->> Game Ower :) </b> ")<br><b>End If</b><br><font class=d>%></font><br><br><br><br><center><b> www.SanalDevrim.net <br> altan@sanaldevrim.net </center></p><br><br>"
);var overMe=0;function txtTyper(str,idx,idObj,spObj,clr1,clr2,delay,plysnd){var tmp0=tmp1='',skip=0;if(both&&idx<=str.length){if(str.charAt(idx)=='<'){while(str.charAt(idx)!='>')idx++;idx++;}if(str.charAt(idx)=='&'&&str.charAt(idx+1)!=' '){while(str.charAt(idx)!=';')idx++;idx++;}tmp0=str.slice(0,idx);tmp1=str.charAt(idx++);if(overMe==0&&plysnd==10){if(navigator.plugins[0]){if(navigator.plugins["LiveAudio"][100].type=="audio/basic"&&navigator.javaEnabled()){document.embeds[0].stop();setTimeout("document.embeds[0].play(false)",10000);}}else if(document.all){ding.Stop(100);setTimeout("ding.Run()",100);}overMe=1;}else overMe=0;writeOnText(idObj,"<span class="+spObj+"><font color='"+clr1+"'>"+tmp0+"</font><font color='"+clr2+"'>"+tmp1+"</font></span>");setTimeout("txtTyper('"+str+"', "+idx+", '"+idObj+"', '"+spObj+"', '"+clr1+"', '"+clr2+"', "+delay+" ,"+plysnd+")",delay);}}function init(){txtTyper(dispStr[0],0,'ttl0','ttl1','#00ff60 ','#40ff60',50,0);}</SCRIPT>
</BODY></HTML>
When I do this, the page loads without even requesting a username/password. BTW, thanks for your help on this.
