|
$100 reward to be won
Hey guys,
Allright, i posted my problem a few days ago without to much usefull feedback to get the problem solved. So since i need this solved, im offering $100 to anyone who can permanently solve my problem. I run www.gals4free.net, and since about a week, when i click to see galleries i sometimes get www.mea-movies.com (NOTE: not the original mia-movies.com, but someone who is ripping that site). This is very odd, as: 1. I dont trade with that site 2. Its not gallery specific, as i checked this and got it even on my own galleries 3. its not some other trade trying to fuck me 4. its no spy/adware as i checked this from many different pc's by now. I had the more common stuff ruled out, ATX got checked twice and its for sure not that. My bet is on comus, but with Tony in hospital and someone else checking, who said its not comus, i cant be 100%. Apache got checked, and so did htaccess. So basicly, anyone who knows the permanent solution to this and it actually works, ill be more then happy to send $100. ICQ me if you think you know : 59661018 Regards Steve Link to old topic incase you can pick up usefull info there : http://www.gofuckyourself.com/showthread.php?p=7518727 |
Only help I can give you is a bump
|
Quote:
|
strange but ill bump it for ya
|
Are you using a free tradescript? Could it be that the 1% of your traffic is sent to a website of the tradescript owner? Perhaps you clicked too much and excessive clicks get sent to that site. Hope this helps you.
|
nope... clearly states in my first post i use ATX :)
|
Quote:
anyway, bump for you. |
bump for you!
|
add mea-movies.com to your trade script & disable it
|
Another bump... Very strange :helpme
|
Quote:
|
Quote:
clear cache & cookies, click here > http://www.gals4free.net/ct/cx.php?i=000&s=100&t=1 second click redirects to mea-movies.com re-install comus, script is corrupt |
bump for ya
|
Damn, that's a tough one... I have no idea...
|
bump.. somebody in here should know
|
Just took a look at Comus for you.
It looks like someone has stolen your FTP account and has placed their own code on the system, and have removed comus. They've renamed the main cx.php to ctx.php and they are using zend encoded PHP scripts, so it is hard to see exactly what they have dumped on there, but we know at least it is a simple script of less than 1000 bytes long. It would appear that they have also dumped a trojan on the machine, because they appear to be able to change files that neither comus nor your FTP account would naturally have the ability/permissions to change. One way someone can test if they might be infected is to check the file size of /ct/cx.php if it less than 10k then you have a very suspect situation. I suggest you move everything to a new server, and be very selective about what PHP files you copy over, best bet is to reinstall comus and your trade scripts clean, and then import the data and templates only. I thought I posted earlier but it didnt seem to take, I suggested using commview, its a packet sniffer that lets you see what headers are being generated, so you can see exactly what is happening in your browser.. You would have been able to see that clicks were bouncing from index page -> cx.php -> ctx.php -> ATX .. and by comparing the path to a non-hacked site you'd see the different path and the culprit files. ctx.php should not be there. I've never actually seen anyone do this before, its a first, but now that it has happened, I'll make something in Comus that will run an auto integrity check of the main files, it should make it impossible for anyone to do this again. I feel for ya bro, F@$@#$'n hackers suck ----------------- sixzeros - Comus Thumbs Author |
Well at least you know where to find the asswiper. Contact his host and shit.
|
franck, you still need a transfer? i can do it now
|
| All times are GMT -7. The time now is 12:52 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123