I keep getting hacked... - Page 2 - GoFuckYourself.com

RevSand · 09-28-2006, 10:46 PM

For those in the know who might have some ideas since I have seen this shit on at least a half dozen sites that are all running diff configs and scripts, here is the coding that seems to get attached to parts of the page..

Quote:

Or some shit similar...

FelixFlow · 09-28-2006, 11:04 PM

Quote:

Originally Posted by BusterPorn

He said he had issues on his page and you clicked the link. He is trying to get it sorted out. If your pc is not protected why click a link when it is typed out that it has issues he is seeking help to fix?

he said his page was getting hacked

he didnt fucking say there is a virus on his page that will spread to other users that visit his page

LiveDose · 09-28-2006, 11:09 PM

The script kiddies creating this shit should be hunted down and killed.

cess · 09-28-2006, 11:19 PM

Quote:

Originally Posted by HairToStay

If you don't know how, ask your host to read Apache logs to see what was compromised and how.

Then, change hosts to someone who will actually help you.

Which host would you suggest? I always see people suggesting webair around here.

RevSand · 09-28-2006, 11:27 PM

Quote:

Originally Posted by cess

Which host would you suggest? I always see people suggesting webair around here.

I think this BS is across the board... I have heard of it on at least 3 diff hosts that all have goof reputations..

L0rdJuni0r · 09-28-2006, 11:49 PM

these virus things scare me....

RobV · 09-28-2006, 11:51 PM

Quote:

Originally Posted by LiveDose

The script kiddies creating this shit should be hunted down and killed.

I agree.

SinSational · 09-29-2006, 12:46 AM

this has happened to a couple customers of ours.

the first issue was that the customer had WordPress installed and was using some 3rd party template or counter which was inserting a javascript trojan downloader in to the page on the fly. once the customer removed the template/counter, the issue went away.

the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.

contact me if you have any other questions.

RobV · 09-29-2006, 12:52 AM

Quote:

Originally Posted by SinSational

this has happened to a couple customers of ours.

the first issue was that the customer had WordPress installed and was using some 3rd party template or counter which was inserting a javascript trojan downloader in to the page on the fly. once the customer removed the template/counter, the issue went away.

the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.

contact me if you have any other questions.

I think I will be contacting you shortly. You wouldn't mind another customer would you?

SinSational · 09-29-2006, 01:00 AM

Quote:

Originally Posted by RobV

I think I will be contacting you shortly. You wouldn't mind another customer would you?

of course not.

from what you pasted above for the code, it definitely sounds like wrong permissions on some of your files. for wordpress i believe it should be:

Folders => 755
Files => 644

woj · 09-29-2006, 01:26 AM

get a decent host, if everything is tight on the server, your sites shouldn't get owned even with security bugs in any scripts you may use....

Pipeline Q · 09-29-2006, 01:32 AM

bump for this

darksoul · 09-29-2006, 01:35 AM

Quote:

Originally Posted by SinSational

the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.

contact me if you have any other questions.

Seriously tho.
It doesn't really matter if that file is 777 (some scripts really need that) most php writes that are not run through cgi.
The problem is with the script that allows an attacker to execute/upload on your server.

en21 · 09-29-2006, 04:04 AM

try what we called antivirus

justsexxx · 09-29-2006, 04:40 AM

Quote:

Originally Posted by RobV

My host is webair. I have asked them 10 times with the responce of, "Its all your fault, nothing is wrong on our end."

Great service

emthree · 09-29-2006, 04:48 AM

Wow, that's nasty.
I cant believe webair wasent more helpfull.

Verbal · 09-29-2006, 07:48 AM

I'm having the same problem and have contacted Webair about it twice now. they are 'looking' into it.

DateDoc · 09-29-2006, 07:52 AM

Where is webair in this thread to try and help out their customer? They seem to manage to make it to every thread that is looking for hosting but not this one?

darksoul · 09-29-2006, 07:58 AM

Quote:

Originally Posted by FelixFlow

he said his page was getting hacked

he didnt fucking say there is a virus on his page that will spread to other users that visit his page

switch to FF

Hunter_ST · 09-29-2006, 08:05 AM

keep us posted...

onlineriches · 09-29-2006, 08:06 AM

Not much you can do about it, looks like the virtual hosting box is compromised and this is likely happening to everyones pages on the box.

It probably searches for any web content and adds that into every file.

:/

The Duck · 09-29-2006, 08:10 AM

I have the same problem with my sites on webair, trojan javascript at the top of the page just pops out of nowhere...

WEBAIR SOLVE.

darksoul · 09-29-2006, 08:14 AM

oh, this is a virtual server.
That explains it.

RobV · 09-29-2006, 08:22 AM

Quote:

Originally Posted by Verbal

I'm having the same problem and have contacted Webair about it twice now. they are 'looking' into it.

Since you got webair to look into it, can you have them look into mine as well. YOu must communicate better than I.

Thank You.

E$_manager · 09-29-2006, 09:35 AM

Ask your hosting.

DateDoc · 09-29-2006, 06:51 PM

did u get it fixed?

SinSational · 09-29-2006, 11:54 PM

Quote:

Originally Posted by BusterPorn

did u get it fixed?

yeah, wondering if you got this squared away.

gooddomains · 09-30-2006, 01:18 AM

redo your complete server setup (including OS install) and the problems will go away.

teomaxxx · 10-02-2006, 12:39 PM

anyone on webair knows more about it?
i found some of my domains hosted on webair hacked too (only root index.php files although)...not sure if its coming from my computer or it was some hack of webair accounts.

RobV · 10-02-2006, 08:53 PM

I started a new thread.

Gillespie · 10-04-2006, 09:52 AM

Whenever a server has been compromised, it is best to start from scratch. Reinstall the OS, reupload everything, import dbs.

The attacker might have left stuff on there that you didn't catch. That's why, in most cases, it happens over and over again.

So my advice is that you format your server, start from scratch and search the web for security information of every single script or software that you plan to put on there.

Violetta · 10-04-2006, 09:53 AM

this shit sucks... I working on the wordpress chmod now! Also installing the latest version.

emthree · 10-04-2006, 05:08 PM

Quote:

Originally Posted by Rockatansky

this shit sucks... I working on the wordpress chmod now! Also installing the latest version.

I have the latest WPVersion, and still the same shit.

emthree · 10-04-2006, 05:09 PM

RobV what is the status on your situation?

JD · 11-20-2006, 10:31 AM

buuuuump just got hit AGAIN today

RobV · 11-20-2006, 10:54 AM

Quote:

Originally Posted by emthree

RobV what is the status on your situation?

Webair changed my password (however my original password was VERY strong). Since the second password change I have not been hacked.
And oddly enough this only hit 1 blog I had on the server, everything else was untouched.

cosis · 11-20-2006, 11:00 AM

Quote:

Originally Posted by RobV

My host is webair. I have asked them 10 times with the responce of, "Its all your fault, nothing is wrong on our end."

same thing happened to me, my host was CANDID HOSTING though, got the same reply from them......... So I said fuck you and switched hosts. Haven't had any problems since.

Ange · 02-04-2007, 12:38 PM

trojan alert!!!!!!

Big_Red · 02-04-2007, 12:43 PM

Quote:

Originally Posted by RobV

Yeah I am reading about that, the only thing that gets me is I have Norton Internet Security (and virus scanner) and I have the most up to date definitions and its not pulling anything on the sytem (yet I do still think its on my comp) Any ideas?

Secondly I have asked webair for help, honestly about 5 times with the same reply of "nothing we can do, its all on you, make sure your wordpress is uptodate."

yeh, first ditch Norton and get a real Antivirus.

09-28-2006, 11:09 PM	#53
LiveDose Show Yer Tits! Industry Role: Join Date: Feb 2002 Location: Somewhere Out there... Posts: 25,792	The script kiddies creating this shit should be hunted down and killed. __________________ Scammer Alert: acer19 acer [email protected] [email protected] Money stolen using PayPal

09-28-2006, 11:49 PM	#56
L0rdJuni0r Confirmed User Industry Role: Join Date: Oct 2004 Location: Cancun, Mexico Posts: 5,883	these virus things scare me.... __________________ Affordable video and picture editing. junior[at]jampackproductions[DOT]com ICQ: 605429331

09-29-2006, 12:46 AM	#58
SinSational Confirmed User Join Date: Oct 2004 Location: Boston, MA Posts: 1,723	this has happened to a couple customers of ours. the first issue was that the customer had WordPress installed and was using some 3rd party template or counter which was inserting a javascript trojan downloader in to the page on the fly. once the customer removed the template/counter, the issue went away. the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well. contact me if you have any other questions. __________________ ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details Virtual from $14.95/month, Dedicated from $149.95/month Dual-Core Xeon > 1000GB @ $149.95 \| 1500GB @ $169.95 \| 10Mbps @ $269.95

09-29-2006, 01:26 AM	#61
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	get a decent host, if everything is tight on the server, your sites shouldn't get owned even with security bugs in any scripts you may use.... __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

09-29-2006, 04:04 AM	#64
en21 Confirmed User Join Date: May 2006 Posts: 2,640	try what we called antivirus __________________ Free Asian Sex : http://www.asian4free.com Free Amateur Sex : http://www.lustamateur.com Free Porn : http://www.mysexbookmark.com Free Sex : http://www.goliathlist.com Free Hardcore : http://www.xlust.com Sex For Free : http://www.sexforfee.com

09-29-2006, 01:32 AM	#62
Pipeline Q Confirmed User Join Date: Dec 2004 Posts: 3,891	bump for this

09-29-2006, 04:48 AM	#66
emthree Dialer Kingpin Join Date: Jun 2003 Location: New York Posts: 10,816	Wow, that's nasty. I cant believe webair wasent more helpfull. __________________ • Sell Patches & Pills •

09-29-2006, 07:48 AM	#67
Verbal Confirmed User Join Date: Dec 2001 Location: Tampa, FL Posts: 3,420	I'm having the same problem and have contacted Webair about it twice now. they are 'looking' into it.

09-29-2006, 07:52 AM	#68
DateDoc Outside looking in. Industry Role: Join Date: Feb 2005 Location: To Hell You Ride Posts: 14,243	Where is webair in this thread to try and help out their customer? They seem to manage to make it to every thread that is looking for hosting but not this one? __________________

09-29-2006, 08:05 AM	#70
Hunter_ST Confirmed User Join Date: Feb 2003 Location: Getting messy... Posts: 763	keep us posted... __________________ Splosh Cash Wet and Messy Fetish Program I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.

09-29-2006, 08:06 AM	#71
onlineriches Confirmed User Join Date: Apr 2006 Posts: 308	Not much you can do about it, looks like the virtual hosting box is compromised and this is likely happening to everyones pages on the box. It probably searches for any web content and adds that into every file. :/

09-29-2006, 08:10 AM	#72
The Duck Adult Content Provider Industry Role: Join Date: May 2005 Location: Europe Posts: 18,243	I have the same problem with my sites on webair, trojan javascript at the top of the page just pops out of nowhere... WEBAIR SOLVE. __________________ Skype Horusmaia ICQ 41555245 Email [email protected]

09-29-2006, 08:14 AM	#73
darksoul Confirmed User Join Date: Apr 2002 Location: /root/ Posts: 4,997	oh, this is a virtual server. That explains it. __________________ 1337 5y54\|)m1n: 157717888 BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN Cambooth

09-29-2006, 09:35 AM	#75
E$_manager Too lazy to set a custom title Join Date: Apr 2006 Location: pink adult dreams Posts: 13,557	Ask your hosting. __________________ Enjoy more sales with EnjoyBucks! Homemade: Asian : Ebony : GFs : Voyeur : Nudist : Public : 3D

09-29-2006, 06:51 PM	#76
DateDoc Outside looking in. Industry Role: Join Date: Feb 2005 Location: To Hell You Ride Posts: 14,243	did u get it fixed? __________________

09-30-2006, 01:18 AM	#78
gooddomains Too lazy to set a custom title Join Date: Jul 2003 Location: Netherlands Posts: 10,127	redo your complete server setup (including OS install) and the problems will go away.

10-02-2006, 12:39 PM	#79
teomaxxx Confirmed User Join Date: May 2003 Posts: 2,734	anyone on webair knows more about it? i found some of my domains hosted on webair hacked too (only root index.php files although)...not sure if its coming from my computer or it was some hack of webair accounts.

10-02-2006, 08:53 PM	#80
RobV Confirmed User Join Date: Oct 2005 Posts: 111	I started a new thread. __________________ ICQ: 619221

10-04-2006, 09:52 AM	#81
Gillespie Confirmed User Join Date: Aug 2006 Location: Montevideo Posts: 1,391	Whenever a server has been compromised, it is best to start from scratch. Reinstall the OS, reupload everything, import dbs. The attacker might have left stuff on there that you didn't catch. That's why, in most cases, it happens over and over again. So my advice is that you format your server, start from scratch and search the web for security information of every single script or software that you plan to put on there. __________________ Blue Design Studios My choice for web design. Click this to see why. Get a REAL host. Try JaguarPC. 294-659-259

10-04-2006, 09:53 AM	#82
Violetta Affiliate Join Date: Jul 2004 Posts: 28,735	this shit sucks... I working on the wordpress chmod now! Also installing the latest version. __________________ M&A Queen

10-04-2006, 05:09 PM	#84
emthree Dialer Kingpin Join Date: Jun 2003 Location: New York Posts: 10,816	RobV what is the status on your situation? __________________ • Sell Patches & Pills •

11-20-2006, 10:31 AM	#85
JD Too lazy to set a custom title Industry Role: Join Date: Sep 2003 Posts: 22,651	buuuuump just got hit AGAIN today

02-04-2007, 12:38 PM	#88
Ange Registered User Join Date: Jan 2006 Posts: 44	trojan alert!!!!!!