You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 282 guest(s) and 15 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Nuke Cops :: View topic - Site hacked -- pretty ingenious search engine hacking [ ]
 Forum FAQ  •  Search  •   •  Memberlist  •  Usergroups   •  Register  •  Profile •    •  Log in to check your private messages  •  Log in

 
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
Author Message
ecbb
Corporal
Corporal


Joined: Mar 12, 2004
Posts: 53


PostPosted: Wed Jan 23, 2008 8:48 pm Reply with quoteBack to top

Hello all. So, my damn site got hacked again after a long run without a major hack. This one is pretty ingenious (did a search for this -- didn't find anything). If you go to my site: http://www.eastcoastbodyboarding.com, everything seems fine.

BUT, if you search for my site on Google (and this sucks because I am #1 on Google now for Bodyboarding), and click my link through there http://www.google.com/search?q=bodyboarding&sourceid=navclient-ff&ie=UTF-8&rlz=1B3GGGL_enUS231US231, you get this friggin page that a hacker set up on my site somehow that just lnks to a bunch of ad referral sites.

Questions:
1) How the heck do I fix this. Can't even tell where the problem is
2) How do I prevent this - most of my traffic is (was) Google driven
3) Since this hacker is making ad revenue through these ads, there mst be some way to trace him. I'd be willing to pay a few $ to trace it and bust this guy.

Thoughts? Please, please help. Thanks.
Find all posts by ecbbView user's profileSend private message
Evaders99
Site Admin
Site Admin


Joined: Aug 17, 2003
Posts: 12482


PostPosted: Wed Jan 23, 2008 9:21 pm Reply with quoteBack to top

I posted on another forum, but I will reply for anyone searching

Quote:

That is very interesting trick. When I go through Google first, it looks like the ad page loads and is cached. All subsequent requests go there until I do a hard fresh (alt-F5).

I don't see anything obvious in the HTML. So it must be something in the PHP files themselves... some code that tracks referrals and redirects them.

Probably no way to track, but get access logs anyway. Look for anything suspicious (I know its a real manual process.. but until you can find the vulnerability, you don't know much). He could easily hide under a proxy IP or another server he has hacked


It looks like his .htaccess was rewritten with rewrite rules to accomplish this

_________________
Helping those that help themselves
Read FIRST or DIE!

"Fighting is terrible, but not as terrible as losing the will to fight."
Star Wars Rebellion Network - Need Help? Evaders Squadron Coding
Find all posts by Evaders99View user's profileSend private messageVisit poster's websiteAIM Address
ecbb
Corporal
Corporal


Joined: Mar 12, 2004
Posts: 53


PostPosted: Wed Jan 23, 2008 10:15 pm Reply with quoteBack to top

Thanks evaders. Posted this thread on raven as well. Follow up there. Still trying to figure out how he accessed my htaccess
Find all posts by ecbbView user's profileSend private message
Display posts from previous:      
Post new topic  Reply to topicprinter-friendly view
View previous topic Log in to check your private messages View next topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2005 phpBB Group

Ported by Nuke Cops © 2003 www.nukecops.com
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.047 Seconds - 330 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::