- This topic is empty.
-
Posts
-
Not sure if this is a scam alert or not….
However, I was looking at my traffic via awstats the other day for SlotsOnFire.com. I don’t often check awstats as I have my own script which tracks everything.
However – I noticed that a NEW page was added to my site somehow… This page was called: ix.php
It was a php shell that allowed them complete access to EVERYTHING on my site and had 58 hits this month. Ouch.
I also noticed that in my webmail, there were a bunch of ‘return to sender’ emails and ‘SPAM’ email returns. Basically, my site was – at the very least – being used as a spam sending server.
Anyway – check your sites for any files with a newer time/date stamp than the last time you updated the site. Also check for files such as *.phpold. I’ve noticed this tactic to insert spam forms as well.
Hope this helps someone.
Thanks for the tip. I’ll be checking all of my sites today!
Thanks kwblue for the heads up nice to know someone is watching. I am checking now.
greek39
I had a similar hack on one of my sites on Saturday. They uploaded something and managed to get onto the server and upload a set of Paypal phishing pages and images. I only found out because Paypal contacted me!!I’m guessing they exploited an image upload script I had.
Wow, that’s scary stuff!!!
Simmo, was that image script custom? I only ask because I had a custom image loader on my site as well. Not sure if that was the exploit or how, even, I could find out what the exploit was.
I only assumed it was some sort of forms exploit.
Hey kwblue this site may be useful http://xxx.zone-h.org/component/option,com_frontpage/Itemid,1/ . Just my 2 cents maybe you will find some answers.
greek39
888 guys are from Isreal, I assume? All clicks through to my sites from the 888 thread and the 888 PM that I sent are from Isreal.
I know that there is nothing wrong with Isreal, but I know there are large groups of hackers from there.
Just an interesting not…:shhh:
Those would be crackers or malicious hackers but not hackers.
greek39
Well, you can assume that 888 staff itself is looking thoroughly… I got a zillion Israeli hits when I blacklisted 888…
kwblue wrote:888 guys are from Isreal, I assume? All clicks through to my sites from the 888 thread and the 888 PM that I sent are from Isreal.I know that there is nothing wrong with Isreal, but I know there are large groups of hackers from there.
Just an interesting not…:shhh:
Kwblue have you considerd it just maybe a Empire affiliate? I say this because all my info points in that direction. Besides who is the middle man between cpays and 888 that would be Empire. True there is a whole gang of cracker heads in Israel. This gang has been attacking all of us.
Just a thought I could be wrong.
greek39
Well…. It STILL sucks
888’s Response:
888 email to me wrote:Hi Andrew,I want to thank you again for contacting us regarding this subject.
We take these kinds of issues very seriously and will not tolerate such activity from any of our affiliates.
I want to let you that due to your complaint, the affiliate in question was contacted and, because he did not have a sufficient explanation for our findings, he was suspended from the 888.com Affiliate Program. He is no longer a member of our respectable affiliate community.
We appreciate your cooperation and hope you will not experience such an unpleasant event again. If it is ok with you, we would like to post a message on CAP that we have resolved this issue.
We would be happy to have you join the 888.com Affiliate Program in the future.
Please feel free to contact us.
Thank you,
Miko
I, personally, feel this is a good email and shows good faith on the part of the 888.com affiliate program. Feel free to let me know your opinions (like I could stop you!)
Well your not stopping me from my opinion kwblue. The email sounds good I believe 888 has made some very good changes. But I wonder if it will indeed stop? if not I certainly would not be looking to 888 for answers. I believe cpays and 888 are having a tough time getting rid of old relationships. I have taken upon myself to start promoting cpays again. I do so based on these seperation of relationships. I will proceed with caution and document everything. I am almost confindent enough to give 888 a try perhaps in the near future.
Tonight I was bombed to death, my counter is still going for DNS. I also find it strange I am receiving zero hits from Israel latley. Could this be because Empire is on its’ way out?
All the work you have done and continue to do I can’t help feeling a bit sorry. Take a look at the link I provided above. I know these people and they are very good.
greek39
888 showed up at the Vegas conference and took part in the blackhatter session (which was awful, the guy didn’t know s#!t). But they made a very serious attempt tp learn how to locate blackhatters proactively and asked a lot of questions. Unfortunately they remained unanswered because of the incompetence of the speaker. I tired to help in private and knew more than that guy, but as you all know I am a tech zero.
I do credit them for the honest attempt to fix this.
There really is no way to keep on top of it, these crooks come up with new stuff all the time.
