Know What This Is?
 

Someone told me my link to my webmasters page re-directed them to this page: http://ya.ru/ so I asked my server tech to look into it and he said he found this script but didn't know if it is legit or not. It's NOT on my hard drive copy of the page so does anyone know what this is and if you know what it is, how did it get on my page at the server? (fuckpage.com is one of my domains)

Well damn, now someone has found that script on one of my free sites. WTF is going on?

I would guess that you have been hacked.

Yep, you've been hacked. I would contact your host and see if they can help sort it out for you.

Yeah, the tech guy says I have that code embedded on multiple domains. Seems it's on every index page and main page of all my free sites and on my link lists. Tech guy said someond has my password but even I don't know what my password is. I have it saved in my FTP software and it just appears as ****'s when I upload files. They're looking into it. And here I thought I was coasting down hill to the weekend....|shocking|

Whining would be appropriate now|couch|

Just kidding I feel your pain Licker

Im seeing hacks more and more lately..crazy shit. Hope ya get it sorted out Licker

Server tech says that JS was added to 4000 of my pages on May 1st from an ISP in Italy. WTF? |huh Now I have to re-boot in safe mode to let Avast do a complete system scan to make sure my machine is clean before we do anything. How do I re-boot in safe mode?

Tech also said it might be easier to restore my data from back up rather than try to clean all the infected files. I sure as hell don't want to re-upload 4000 html pages. Isn't there some kind of "find and replace" software I can run to find the JS and replace it with nothing?

press F8 during boot up to get to the boot selection menu to choose Safe Mode

I believe there is a shell command for doing a search and replace on files on the server, but it's not for the feint hearted as there is no undo.

A similar script was installed on some of my sites a few months ago, I was hacked. I deleted it and changed my ftp password and it didn't come back. Problem for me was that google picked it up before I did and put a bigass warning in front my listings. Took two fucking weeks before they took the warning down, took two minutes to find and remove the code.

Tech guy says they have back-up files as of April 30 the day before the hack so they can restore everything. WHEW! Load off me for sure.

Well, in the big scheme of things thats some good news for you Licker..hope it solves the issues.

Wow - that's scary Licker! I'm glad you've got everything sorted out.

Sorry to hear that
|hammerI feel your pain.
Over 4000 index pages.Sh$$#t.
I had similar problem on my LL month ago.They access my admin area (not FTP) and include code on all my templates.


Damn spamers,hackers,mutherfuckers-kill them all

I don't know how that script works but I just checked and I had NO traffic for the first eight days of the month up until last night when the tech guy restored all my old pages which didn't have the script. That explains the lack of sales this month. |shocking| |angry|

That really sucks. I once had something like that, but the host could also put back a backup, so all the pages were clean again. After that both you and the host should take some countermeasures like changing passwords and maybe updating scripts ?
Good luck on it

A while ago my rss feeds stoped to work and i couldn't figure out what's wrong.. guess what! On all my pages was this javascript shit|crazy|
It redirected to go-piercing.com |angry|

I checked the ftp and control panel access logs and found two suspicious logins..

2008-06-09 20:20:39 85.17.138.39 Netherlands yes
2008-06-08 20:46:25 83.149.110.231 Netherlands yes


Looks like some script kiddies have new toys