![]() |
![]() |
![]() |
||||
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
![]() ![]() |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
![]() |
#1 |
Confirmed User
Join Date: Nov 2005
Posts: 170
|
Traffic leak - AFF hack?
Hi,
So about a month ago traffic to my website decreased by around 20%. Initially I though it was google panda update and I was out of luck. The website is hornygamer.com However, I noticed something weird - traffic has decreased by a similar percentages from all sources - organic, direct, and referral. I am using trade expert paid version, as well as google analytics they both show a decrease in traffic from all sources, which made be alarmed, especially since I know for a fact that the traffic from certain referrals did not change. So, I made the following test: I purchased a monthly advert on juicyads and sent the traffic to hornygamer.com for about a week. Juicyads said the incoming traffic was about 400/day. Google analytics said it's about 200/day. Then after a week, I modified the juicyads advert only by changing the URL, leaving the banner the same, and I directed the traffic to a different website. Juicyads reported roughly similar daily traffic sent. However, the google analytics on my other website reported stats a lot more closer to juicyads figures. So, this led me to believe something is not right. Then right now I went on a bunch of proxy servers, and tried to access hornygamer.com First few times everything loaded normally, but then some proxy servers redirected to adultfriendfinder! So, I am suspecting that somewhere on my server there's some sneaky code that is hijacking a percentage of my traffic to AFF. Did this happen to anyone here before? Can you guys check if you get anything from adultfriendfinder when going to hornygamer.com? I got no pop-ups, sliders, or pop-unders, or redirects. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#2 |
Confirmed User
Industry Role:
Join Date: Jul 2006
Location: Somewhere between reality and total ape-shit bonkers.
Posts: 2,870
|
Google link to your site directed me to AFF landing page (pid=p1011105)
__________________
The best Adult Affiliate Programs reviewed and indexed by niche and feature. Easily find the sponsors that suit your needs. ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#3 |
Confirmed User
Industry Role:
Join Date: Jan 2011
Location: Somewhere in Germany
Posts: 817
|
Wanted hornygamer, got hornygamer. No redirect.
Checked on my android using Chrome.
__________________
I know, my english is bad. But your german might be even worse ![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#4 |
Too lazy to set a custom title
Join Date: Jun 2006
Posts: 18,939
|
hello i visit you website about 2 time per day and i've never seen this.
btw you were used to list shark's games and now i see that there is games from them listed on gamcore that aren't listed on your website. (it is the first time that you ar not the first to list them) |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#5 |
Confirmed User
Industry Role:
Join Date: Jul 2001
Location: Sacramento,CA
Posts: 1,540
|
1. Typing in hornygamer.com brought me to hornygamer.com
2. Searching hornygamer on google and clicking the link brought me to: Adult Dating and One Night Stands - AdultFriendFinder |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#6 | |
Too lazy to set a custom title
Join Date: Jun 2006
Posts: 18,939
|
Quote:
check your htaccess file |
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#7 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
Same....when going from the google result, I can see a total of three hops until it lands on an AFF page. On the second attempt it then goes to your regular front page. I will try to recreate and provide you with the identity of the hops so that you can get rid of the scum.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#8 |
Fakecoin Investor
Industry Role:
Join Date: Jul 2012
Location: New Delhi, IN
Posts: 7,128
|
all newbies eat ass
__________________
WARNING: Stay Away From Marlboroack aka aka Brandon Ackerman
https://gfy.com/21169705-post8.html Donny Long is Felon, Stalker, Scammer & Coward http://www.ripoffreport.com/reports/...lon-int-761244 |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#9 |
Confirmed User
Industry Role:
Join Date: Aug 2012
Posts: 898
|
Super strange, i've nerver seen something similar ... Better do something fast you're losing a lot of traffic...
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#10 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: NC
Posts: 7,683
|
its redirecting to adultfriendfinder pid=p1011105
someone got your website good., look htaccess
__________________
SSD Cloud Server, VPS Server, Simple Cloud Hosting | DigitalOcean
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#11 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
Also, appears to be IP based. It only redirects on the first visit to your site, but not on subsequent visits...even after removing cookies.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#12 |
So Fucking Banned
Industry Role:
Join Date: Sep 2014
Posts: 332
|
I've had similar issues in past. It is not just the obvious code that creates the problem, it is the sleeper files that put so far into your file structures.
What does host say? If you want another server manager to eradicate all the shit hit up Chris from admin at way3 dut com and tell him the guy who owns videostripgames.com said you may be able to help. How many sites do you have on the server, because it will likely effect them all. My breaches always stemmed from wordpress vulnerability. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#13 |
Confirmed User
Industry Role:
Join Date: Jan 2012
Location: Campbell, CA
Posts: 2,909
|
CrazyWhiteMan just send you a Private message.
__________________
![]() ![]() telegram: courtneyrudolph |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#14 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
Here's your redirect sequence:
Google - Search for horny gamer First Hop: axuv.com Second Hop: escort-ankara.pro Final: AFF |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#15 |
Affiliate
Industry Role:
Join Date: Oct 2002
Location: Icq: 94-399-723
Posts: 24,432
|
most likely one of your scripts got hacked
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#17 |
Confirmed User
Join Date: Nov 2005
Posts: 170
|
Everyone - thank you for all your help, I appreciate it.
I'm trying to find the source of the leak now, and hopefully get this fixed ASAP. Will let you know how it goes. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#18 |
Please dont fuck animals
Industry Role:
Join Date: Jul 2010
Location: Henderson, NV
Posts: 3,988
|
someone snuck in a 301 or 302 redirect
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#19 |
Confirmed User
Industry Role:
Join Date: Sep 2014
Posts: 231
|
Searched on Yahoo and was sent to AFF from the search result.
2nd time it goes to your site. 3 hops as outlined above. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#20 |
Confirmed User
Join Date: Nov 2003
Location: Canada
Posts: 1,062
|
Sounds like a traffic hijack... either in htaccess or some other code on your website.
You may also sometimes see this with shady advertisers who will redirect a portion of your traffic. Contact me on an unrelated matter, would like to discuss with you. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#21 |
Confirmed User
Join Date: Nov 2005
Posts: 170
|
OK, I think I found what it is. I did a quick google search for "pid=p1011105" and seems other websites got infected with exactly the same thing. Which lead me to this:
Apache Binary Backdoors on Cpanel-based servers | Sucuri Blog Working with my host to fix this now... |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#22 |
Confirmed User
Join Date: Nov 2005
Posts: 170
|
Some more info on this exploit for those interested: Stealthy, malware-spewing server attack not limited to Apache ? The Register
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#23 |
So Fucking Banned
Industry Role:
Join Date: Sep 2014
Posts: 332
|
Interesting. My host never would install C-Panel on my servers even after asking for it. Was what I used with previous hosts. He has his own server admin software that I can add sites and all of that.
Anyway, good luck. If the issue keeps coming back and becomes "one of those things", give my previous post a read. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#24 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
In the meantime you can go to /usr/local/apache via ssh and do a string search in all files in the directory for axuv (which is first redirect) and you should be able to find the infected file and entry.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#25 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
Nevermind
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#26 |
Confirmed User
Industry Role:
Join Date: Feb 2007
Posts: 6,904
|
should those of us with cpanel hosting be worried? Any easy way to check all sites within a host?
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#27 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
Check out his last link above about the exploit. That article provides a script to check your files.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#28 |
Confirmed User
Industry Role:
Join Date: Feb 2007
Posts: 6,904
|
I'm a tech dumbass, so guess I'll be using the wing and a prayer method
![]() |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#29 |
Please dont fuck animals
Industry Role:
Join Date: Jul 2010
Location: Henderson, NV
Posts: 3,988
|
Sure hope AFF bans the webmaster with pid=p1011105.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#30 |
Confirmed User
Industry Role:
Join Date: Apr 2004
Posts: 975
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#31 |
So Fucking Banned
Industry Role:
Join Date: Oct 2007
Posts: 6,748
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#32 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
Unfortunately if Aff does ban him, the culprit will simply change the redirect destination to another program. As noted above, the page does not redirect directly to AFF, but instead hops through 2 sites first, allowing the final address to be altered without having to change the entries on the hijacked servers.
Best bet might be to send a complaint to the first hops, axuv.com, provider. That address is likely hardcoded into the exploit. If that site goes down, then at least no one will profit from stealing your traffic. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#33 |
Confirmed User
Industry Role:
Join Date: Feb 2007
Posts: 6,904
|
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#34 |
So Fucking Banned
Industry Role:
Join Date: Dec 2014
Posts: 241
|
You probably already know this....hornygamer.com is offline.
|
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#35 |
Confirmed User
Join Date: Nov 2005
Posts: 170
|
OK, I finally got this fixed.
We found the surest way to get rid of this malware was to reset the server, so I had the OS reinstalled, and all is good now. Thank you all for your help. |
![]() |
![]() ![]() ![]() ![]() ![]() |
![]() |
#36 |
Too lazy to set a custom title
Join Date: Jun 2006
Posts: 18,939
|
bump....
|
![]() |
![]() ![]() ![]() ![]() ![]() |