11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

Affiliate Site Hacked - Anyone Seen This Before?

by IM nice guy
9 replies
Hi,

I have a small niche site, and just now while updating a few things, I have found within the source code:

Code:
<a
 href="javascript:sendtoflash2('previewswf','http://voice2page.com/info/VOJOBS/netaudioads0002.mp3');"><br />
            </a>

WTF is this?

It would make sense that the site has been tampered with, as my sales from this site have been all over the shop. like one day 7 sales, then nothing for 3 days, then like 1 sale a day for 2 days, then nothing for 3 days again, and on and on... (i know sales are always random, but this site has always been extremely funny like that)

Anyway, Im guessing that it's playing an add, which is making the hacker money via this voice2page.com ad service.

The funny thing about this is, I have never encountered the hijacking, so it must have some kind of IP selection or something... Weird.

Has anyone seen anything like this before, if so, please help with your suggestions.

The site in question is a plain html site, and I have no idea how they were able to do this, but it's making me wonder about security options. I think i may have to convert it to a wordpress site, which I can add some security to.

Anyway, please help if you can!!
#affiliate #hacked #site
  • Profile picture of the author TG12
    The hackers have probably exploited a code bug either in your site or on your host. Just restore your site from the backup and hopefully if its the host they have patched the offending software.
    Signature
    Vaoser Link Ninja Software
    DHV Delivery Systems FAILING at online dating???
    {{ DiscussionBoard.errors[3811733].message }}
  • Profile picture of the author azsno
    It's a simple javascript redirect to the .mp3 file...If you didn't put it there, then you can assume the site has been hacked...

    Really, the only way a .html site is hacked is from the cPanel or Linux root...If they got your cPanel or root password and login, then it could have been through a simple "keylogger" script on your PC...

    If they were able to compromise the actual Linux or Unix install, then that's a hosting issue...I would suspect both the PC and hosting account compromise..

    As a former Network/Security Engineer in Silicon Valley, I've seen these kinds of nefarious hacks daily...I'm a Certified Checkpoint Firewall Security Administrator along with being certified on the Cisco Pix Firewall, so I do know what I'm talking about...

    One way to defend yourself is use an Enterprise level Anti-Virus program such as Norton (Symantec). I've installed Norton on Enterprises consisting of over 25,000 users with no issues.

    Norton also makes Enterprise level security for Microsoft's Exchange server, any major corporation that uses Exchange Mail Server, more-than-likely has Norton installed also. Email isn't used as much these days as a delivery vehicle, most compromises now come across port 80, or the socket your browser uses, that's why it's important to use an Antivirus product that catches port 80 compromises...I've included a recent attempt to compromise my home PC using a port 80 attack with Firefox:


    If you're using AVG or Filezilla these have well known vulnerabilities and can let hackers gain access to your PC where keyloggers or other scripts can be installed easily...

    Anyway, hope this helps...

    ~AzSno...
    Signature
    {{ DiscussionBoard.errors[3811786].message }}
  • Profile picture of the author IM nice guy
    Thanks for your help.

    I do use Filezilla, but I also do have security, I have iolo system mechanic professional installed.

    I guess first thing to do, is change the password for the site. Then I guess I will just have to check back and see if it gets back on the system.

    What I don't really understand is how I have never been redirected when visiting my own site. It doesn't seem like the code in my OP has any IP detection or anything, and you would think it's just a normal redirect then I would have seen it at least once out of the multiple times i have visited my own site.

    Anyway, thanks for your help.

    Nick
    Signature

    Warriors - Try LINKVANA For Just $14 First Month, Including Credits To Try Out The System! Check it out!

    {{ DiscussionBoard.errors[3811814].message }}
  • Profile picture of the author azsno
    np, glad to help...

    ~AzSno...
    Signature
    {{ DiscussionBoard.errors[3811944].message }}
  • Profile picture of the author azsno
    Originally Posted by Chris Kent View Post

    You are much more likely to get hacked with a script installed, even if it is up to date.

    If security is that important to you (remember, you can always restore a backup) then you should stick with static html sites.

    I'm sure AzSno would agree with me on this.
    I remember back in the 90's I was so busy with HACKED .html and .htm sites I was fixing an intrusion or more a day, including a fairly large compromise at Providian Financial in San Francisco...The hacker made off with credit card info that cost the company millions...

    I don't think Wordpress is any more vulnerable to compromise than an .html site, it's an entirely different hack. Hackers use 0 (Zero) day exploits of Wordpress and MySQL to try and subvert WP sites, but hackers did the same thing back in the day with hacks against Sun OS, Solaris, and Linux. Sun and Solaris was the main OS's running the internet then. The "MAIN" goal of a script kiddie (non-malicious) hacker is to gain "root" access, any site that runs an OS is Vulnerable.

    As I once told a CTO when he asked me what the most secure computer was:
    1. It's the one that's unplugged, moved downstairs to a secure bank vault, and then buried in 20 Feet of Concrete. That's a ridiculous scenario, but really, that's the only really "SECURE" Solution.

    When I was with Nokia, as a Senior Security Engineer on the Checkpoint device, we used an older Ipsilon Networks OS (which was simply a hardened BSD kernel)...We never had any of our Firewalls hacked, ever!; there simply was no port open for attack on the hardened kernel (we had stateful inspection of all ports which was the best technology at the time). So even if compromised traffic came across some of the more common ports (i.e. port 80, 21, 25, etc. we could catch it because we tore each ethernet packet down and looked at the contents in REAL Time)...That was using a software based solution, now technology does the same thing in multi GB speeds using hardware (broadcom, intel, and other specialize chips)...

    Today, it's fairly simple to compromise any system running Windoze, as I illustrated in the screen shot above. There's over 65,000 sockets hackers can use to compromise machines, but as you see in that illustration, the hack came across port 80, the same port everyone uses daily to surf the net...

    ~AzSno...
    Signature
    {{ DiscussionBoard.errors[3814685].message }}
  • Profile picture of the author pmbrent
    I've heard stories of hackers stealing commissions through link cloaking software (i.e bit.ly). I don't know if this is where your problem stemmed from but it's another precaution that you may need to be aware of.
    {{ DiscussionBoard.errors[3814717].message }}

Trending Topics