FUCK ME@#$#@$ Maybe hacked can somone look at this code for me please?

[Va2k]

This seems to be on a lot of my web pages on my server
<.....script language...="ja.vascript">
window.open ("http://vb-aus.com/traff/index.php","","toolbar=1,location=1,status=1,men ubar=1,scrollbars=1");
window.focus ();
</sc.rip.t>
\
I put in . so it wont work here. Has anyone seen this before?
TOM

[nastyking]

yes, it's the infamous "test popup" virus. very dangerous in the wild.

[Va2k]

Quote:

Originally posted by nastyking
yes, it's the infamous "test popup" virus. very dangerous in the wild.

Ok its even on webpages that I havent even touched in months, is there a fix I need all info to show my host. How the hell grrrrr

[nastyking]

Quote:

Originally posted by va2k
Ok its even on webpages that I havent even touched in months, is there a fix I need all info to show my host. How the hell grrrrr

there is no way to fix it. you are doomed.

[Va2k]

it seems to be only on index.html pages

[Va2k]

Quote:

Originally posted by nastyking
there is no way to fix it. you are doomed.

[Va2k]

[justsexxx]

Kaspersky blocked access to that page. So I guess it's full of shit code. How it could be on your page? No idea..Ask your host. Who is it?

[Va2k]

Quote:

Originally posted by justsexxx
Kaspersky blocked access to that page. So I guess it's full of shit code. How it could be on your page? No idea..Ask your host. Who is it?

yea its weird HAVE NO idea how it got on my pages I put in a request to the host and knowing my host they will have it taken care of asap. At least ya tried to help, Thanks bro

I have no clue on these types of things... IM doing another scan on my home pc to see if it is something on my end that caused this doubt it though.. There are static webpages on my server that has this code in it. If it aint one person trying to fuck you its a whole network

[Va2k]

For one of the biggest boards I am very supprised to see no one knows of this

TOM

[Va2k]

[inabon]

what operating system is your webs server running?

[Va2k]

Quote:

Originally posted by inabon
what operating system is your webs server running?

LINUX

[candyflip]

Quote:

Originally posted by va2k
LINUX

A bit more specific perhaps? There are many variations.

[Va2k]

Quote:

Originally posted by candyflip
A bit more specific perhaps? There are many variations.

Linux version 2.4.20-28.7
([email protected]) (gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-126))

[SmokeyTheBear]

not hacked , but you have a virus on the server that re-wrote your html files.

dont just delete them.

notify your host that they have been hacked and make them fix it.

[SmokeyTheBear]

ps. dont let them try to convince you this was your fault ( unless its your own server then it is your fault kind of )

[cfU]

delete everything and throw your server away.

[justsexxx]

What host is it? And do you manage the box or is it managed?

Andre

[TheMob]

is it reall worth dealing with?

[fris]

Quote:

Originally posted by SmokeyTheBear
not hacked , but you have a virus on the server that re-wrote your html files.

dont just delete them.

notify your host that they have been hacked and make them fix it.

not a virus on a linux server

[Project-Shadow]

Quote:

Originally posted by fris
not a virus on a linux server

http://math-www.uni-paderborn.de/~axel/bliss/

[lb_vee]

Here are a few things you can do to prevent this from happening again:

1) switch to ssh from telnet and kill the telnet daemon.

2) kill the ftp daemon and use scp (with ssh)

3) modify the hosts.allow files to allow access from only a few IPs (for ssh)

[inabon]

and check your file permissions it is pretty weird that they rewrote all your files.
somehow they gained ftp access with privileges
or your permissions or server are not safely configured.

i have only seen virus attack IIS not apache.

[Va2k]

Quote:

Originally posted by inabon
and check your file permissions it is pretty weird that they rewrote all your files.
somehow they gained ftp access with privileges
or your permissions or server are not safely configured.

i have only seen virus attack IIS not apache.

Holy fuck i think i know what happend thanks all

[jade_dragon]

If you were being hacked 9 times out of 10 your keys would be logged. And there is nothing a malicious hacker hates more than when you go running around talking about you got hacked. So in the future, get on another computer that is not infected or call someone and ask them to help or get help. Chatting with your friends or typing "Man I think I am being hacked" does nothing more than empower the person there watching you, they feed on fear and when they are found out, usually punish you by deleting files or using the info they have found about you.

[Va2k]

Quote:

Originally posted by jade_dragon
If you were being hacked 9 times out of 10 your keys would be logged. And there is nothing a malicious hacker hates more than when you go running around talking about you got hacked. So in the future, get on another computer that is not infected or call someone and ask them to help or get help. Chatting with your friends or typing "Man I think I am being hacked" does nothing more than empower the person there watching you, they feed on fear and when they are found out, usually punish you by deleting files or using the info they have found about you.

Damn never thought about it like that, but it wasn't me being hacked Think we fig it out a simple mistake. But my hosting company is top notch and I really was never scared only thing I was, was pissed thinking I had to re upload things over again..

Thanks everyone for your input and inabon



Tom