Website Hacked With Ads at Top Left and Sometimes Redirects?

[wehateporn]

Basic 1 page HTML site, nothing in HTML or CSS, where else can it be hiding?

Thanks in advance

[Mediamix]

You must have pissed off some illuminati figure.. There is no other explanation.

[MrBottomTooth]

Sure its not in your browser? Probably something to do with chemtrails.

[Sly]

Those damn lizards sure can be a bitch.

[shake]

There is a hidden section built into ASCII by the NSA just to spy on you. Someone hacked it and put ads in there.

[wehateporn]

Quote:

Originally Posted by Mediamix

You must have pissed off some illuminati figure.. There is no other explanation.

Looks like it

[wehateporn]

Quote:

Originally Posted by MrBottomTooth

Sure its not in your browser? Probably something to do with chemtrails.

Google has picked up on it

[Shoplifter]

Did you leave your .htaccess chmod 777?

[wehateporn]

Quote:

Originally Posted by shake

There is a hidden section built into ASCII by the NSA just to spy on you. Someone hacked it and put ads in there.

Just as I suspected

[420]

NSA is tracking your activity with malware.

[wehateporn]

Quote:

Originally Posted by Shoplifter

Did you leave your .htaccess chmod 777?

Nope, I've got a feeling this is on the whole shared server, as it's on lots of my sites

Hostgator already taken over 1 day to get back to me

[Matt 26z]

View source from within the browser on index.html when the ad appears. That can't be clean.

If you get the index.html file from FTP and that is clean but the ads are there when you load the site, check if .htaccess is clean.

[Mediamix]

Quote:

Originally Posted by Shoplifter

Did you leave your .htaccess chmod 777?

People that do that shouldn't be on GFY..

[wehateporn]

Quote:

Originally Posted by Matt 26z

View source from within the browser on index.html when the ad appears. That can't be clean.

If you get the index.html file from FTP and that is clean but the ads are there when you load the site, check if .htaccess is clean.

Oddly it is clean, and htaccess is clean

[onwebcam]

Quote:

Originally Posted by wehateporn

Nope, I've got a feeling this is on the whole shared server, as it's on lots of my sites

Hostgator already taken over 1 day to get back to me

Had this happen on a shared account some years ago. Some rogue employ at the host was serviing up ads on everyone's sites.

[beenthereb4]

If you edit your html page and in bold letters put "Please stop Hacking my site" that should make them go away .Let us know if it works . I'm Out.

[wehateporn]

Quote:

Originally Posted by onwebcam

Had this happen on a shared account some years ago. Some rogue employ at the host was serviing up ads on everyone's sites.

Wow, I didn't think of that one!

[wehateporn]

Quote:

Originally Posted by beenthereb4

If you edit your html page and in bold letters put "Please stop Hacking my site" that should make them go away .Let us know if it works . I'm Out.

Yesterday I found some files in some of the sites bragging about the hacking, though this particular site on the same server has no evidence of tampering

[beenthereb4]

Hope you will let us know what it was . I know a lot of people do not care for host gator but I have always had good response and fast resolve to most all my issues with them , especially on live chat support . Best of Luck .

[wehateporn]

Quote:

Originally Posted by beenthereb4

Hope you will let us know what it was . I know a lot of people do not care for host gator but I have always had good response and fast resolve to most all my issues with them , especially on live chat support . Best of Luck .

Will do, their live chat guy worked on it for a while, well, once I let him know how important it was, he eventually managed to get yesterday's ticket escalated, so I still gave him a good rating. Fingers crossed they'll get there in the end!

[Sly]

Quote:

Originally Posted by wehateporn

Will do, their live chat guy worked on it for a while, well, once I let him know how important it was, he eventually managed to get yesterday's ticket escalated, so I still gave him a good rating. Fingers crossed they'll get there in the end!

Eventually was able to get yesterday's ticket escalated?

That sounds absolutely awful. Why settle for such poor service on such an important issue? Are these not business websites?

[wehateporn]

Quote:

Originally Posted by Sly

Eventually was able to get yesterday's ticket escalated?

That sounds absolutely awful. Why settle for such poor service on such an important issue? Are these not business websites?

My feeling is that this guy has no power to do anything else, yeah it's not ideal, I'm losing sales

Never did imagine that the ticket would sit there for over 24 hours with no response. Yesterday I thought I'd cleaned most of it up, but seems there's something not so obvious in there.

[MrBottomTooth]

Ive dealt with other hosting companies that had horrible response times like when trying to help a friend out. The worst was netfirms. Youd get one response per day and it was from a different indian person every day. So horrible i just told the guy to either move their site to my host i couldnt help him.

Made me appreciate phatservers so much more. Answers in 10 minutes and you get the same 2 or 3 guys (English is their first language) every time.

[wehateporn]

Quote:

Originally Posted by MrBottomTooth

Ive dealt with other hosting companies that had horrible response times like when trying to help a friend out.

I used to have one which took a day too, it was incredibly frustrating, especially when they made school boy errors

Quote:

Originally Posted by MrBottomTooth

Made me appreciate phatservers so much more. Answers in 10 minutes and you get the same 2 or 3 guys (English is their first language) every time.

Sound good!

[wehateporn]

They've got back to me, they said the initial hack was through the Wordpress Intrepidity theme

[wehateporn]

Hello,

After investigation, we found that one or more WordPress installations on your account was exploited due to either a security vulnerability in the core WordPress software or a weak administrator password. An attacker was able to compromise the WordPress administrator password and proceeded to upload malicious content to the server. We have removed the malware and have reset the affected passwords. Please ensure that all outdated software on this account is updated as soon as possible in order to prevent further security issues. If you have any questions, please let us know.

Please keep in mind that it is your responsibility to ensure the security of your account(s). If we detect another account compromise or you request for us to scan the account for malware within 6 months of this notification, we reserve the right to assess an Account Cleanup fee before performing any scans or removing malware from the account. In cases where a 3rd party reports malicious content or actions to us, we also reserve the right to disable the site to protect the integrity of our network.

[wehateporn]

The malware was hiding inside a number of cgi-bin folders

cgi-bin/sys.php

[wehateporn]

What could I have done to prevent it? I had a few Wordpress sites which I hadn't updated, I also had a few with weak passwords

[MediaGuy]

I was going to say - check with your host. Many exploits jump up to your server when you use something like CuteFTP to upload files - they use the xml file to jack in and voila, your network is farked.

But usually it's not even *you* who was messed with, and calling host tech support will clear it up instantly.

Just beware those conspiracy emails...

:D

[wehateporn]

Quote:

Originally Posted by MediaGuy

I was going to say - check with your host. Many exploits jump up to your server when you use something like CuteFTP to upload files - they use the xml file to jack in and voila, your network is farked.

But usually it's not even *you* who was messed with, and calling host tech support will clear it up instantly.

Just beware those conspiracy emails...

:D

I got something like that once before, where HTML files on my PC were infected from a virus, they eventually ended up on my server and gave some surfers viruses

[wehateporn]

Just done a mass update of Wordpress versions and passwords, hoping this one doesn't come back

[anexsia]

Quote:

Originally Posted by wehateporn

Just done a mass update of Wordpress versions and passwords, hoping this one doesn't come back

It's such a pain in the ass, I had to clean a Wordpress install today too because of a Google Malware notification. Surprisingly after I filed a request to have the malware notification on the website removed, Google responded within 2 hours and removed it .

[sandman!]

stop using wordpress unless you plan on keeping that shit updated all the time.

seems 99% of hacks i see nowdays are WP getting hacked.

Quote:

Originally Posted by wehateporn

What could I have done to prevent it? I had a few Wordpress sites which I hadn't updated, I also had a few with weak passwords

[lezinterracial]

Was the ad for verifiedcasinos? There was a big hack inserting their iframe into sites using a hole in akismet. Frustrating, anti-spam service opened the hole.

http://www.gpwa.org/forum/affiliate-...om-219772.html

[Famemonster]

Quote:

Originally Posted by wehateporn

Oddly it is clean, and htaccess is clean

I had this happen to one of my gaming sites, they put a payday loan link in. It drove me crazy, I started to use surcuri (sublink included) internet security and malware. They found it, removed it, and sent a reconsideration request to google on my behalf.

[seeandsee]

I bet there is some NSA conspiracy behind this

[WarChild]

An expert in engineering, biology, medicine and geopolitical relations, able to sniff out even the faintest whiff of world wide conspiracy, no matter how cleverly planed or executed but alas unable to find basic malicious code "hidden" in the cgi-bin.

[Paully]

Dude pay sucuri to scan and monitor your shit. They will fix it right quick and pay the extra 5 bucks a month for daily backups. Fucking tinfoil hat wearing antivaxxer commie chemtrail loving 911 crisis actor jackass.