GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Fuck!! My websites where hacked

frank7799 · 06-22-2006, 03:37 PM

Change your FTP password, remove the script at the bottom of the page that runs the iframe:

[code=trojan stuff on your pages]
<script language="JavaScript">
e = '0x00' + '22';str1 = "%99%C1%CA%
blah blah blah
</script>
[/code]

You might have your host run a check to see what other files were modified at the same time. Pattern to look for is:

Login, Get File, Put File, Get File, Put File, Logout

usually no failed password attempts.

Sources for your password leak: People that have installed software for you in the past, anyone that has had FTP access to your machine, possibly any keylogger on your system.

The script forces the installation of an "start.exe" which connects to a site hosted at "inhoster.com". I don´t think it´s worth to contact them if you have a look at their site.

The site called us-counter.com and dnv-counter.com belong to a guy from Ukraine and are blacklisted with several records. IP´s from the sites and from the hosting company are pretty much the same.

06-22-2006, 03:37 PM
frank7799 Confirmed User Industry Role: Join Date: Jul 2003 Location: In the middle of nowhere... Posts: 1,974	Change your FTP password, remove the script at the bottom of the page that runs the iframe: [code=trojan stuff on your pages] <script language="JavaScript"> e = '0x00' + '22';str1 = "%99%C1%CA% blah blah blah </script> [/code] You might have your host run a check to see what other files were modified at the same time. Pattern to look for is: Login, Get File, Put File, Get File, Put File, Logout usually no failed password attempts. Sources for your password leak: People that have installed software for you in the past, anyone that has had FTP access to your machine, possibly any keylogger on your system. The script forces the installation of an "start.exe" which connects to a site hosted at "inhoster.com". I don´t think it´s worth to contact them if you have a look at their site. The site called us-counter.com and dnv-counter.com belong to a guy from Ukraine and are blacklisted with several records. IP´s from the sites and from the hosting company are pretty much the same.