Hello all. So, my damn site got hacked again after a long run without a major hack. This one is pretty ingenious (did a search for this -- didn't find anything). If you go to my site: http://www.eastcoastbodyboarding.com, everything seems fine.
Questions:
1) How the heck do I fix this. Can't even tell where the problem is
2) How do I prevent this - most of my traffic is (was) Google driven
3) Since this hacker is making ad revenue through these ads, there mst be some way to trace him. I'd be willing to pay a few $ to trace it and bust this guy.
Thoughts? Please, please help. Thanks.
Evaders99 Site Admin
Joined: Aug 17, 2003
Posts: 12342
Posted:
Wed Jan 23, 2008 9:21 pm
I posted on another forum, but I will reply for anyone searching
Quote:
That is very interesting trick. When I go through Google first, it looks like the ad page loads and is cached. All subsequent requests go there until I do a hard fresh (alt-F5).
I don't see anything obvious in the HTML. So it must be something in the PHP files themselves... some code that tracks referrals and redirects them.
Probably no way to track, but get access logs anyway. Look for anything suspicious (I know its a real manual process.. but until you can find the vulnerability, you don't know much). He could easily hide under a proxy IP or another server he has hacked
It looks like his .htaccess was rewritten with rewrite rules to accomplish this
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
