- This topic is empty.
-
AuthorPosts
-
October 10, 2012 at 2:29 pm #828734
gokkenMemberhttp://web.archive.org/web/20110201145307/http://infoarea.com/ Feb 2011 record. Seems all legit. Site links to casino-online-promotion.com.
On that site your promoting some of the worst known clip joints who have long histories of shafting players. Just saying!
October 10, 2012 at 3:53 pm #828737Anonymous
Inactive@AussieDave 245597 wrote:
Hi rmeeuwsen, I was kind bored yesterday and knowing you have a few sites I got curious. I did a few checks to see if any of your other sites were hacked, and if any share the same servers.
Your site infoarea.com has also been hacked. But, not by the same hacker it seems.
Kinda strange cause this TLD is not listed in your sites at the GPWA. But infoarea.com is used as your contact email info for lucky-777-casino.com, which hasn’t been hacked.
Just a thought, but have you pissed someone off recently?
Not the first time I was hacked, unfortunately.
One site on a different host had some phishing scam installed for ‘chase bank’. The host was notified by Chase and they just closed down my account – never sent me an email or anything. Just saw it by accident.
It was on a domain I rarely visited (not updated either). I got rid of the code which was in the wp area just sticking out plain as day. Dumped the code and updated – everything fine. Account turned back on. Moved the domain to another host.
But then the original host closed the account again – referenced the same issue – but it had already been addressed – so they turned the account back on again (it wasn’t even on their site at the time)
Then they closed the account a third time – same issue – still had been resolved – turned it back on again.
I prefer to think of these as ‘competitors’ doing negative measures to stifle the competition. (not likely, but a positive thought in a crummy situation)
Although who knows the motivations of these ‘aholes’.
So more crap to fix, instead of working on improving sites (sort of like reacting to google changes and gov domain seizures)
PS – If I did ‘tick someone off’ with a ‘review post’ or ‘whatever’ all they had to do was email me!
October 10, 2012 at 4:23 pm #828738Anonymous
Inactive@AussieDave 245599 wrote:
Online Casino Gambling Info Area Feb 2011 record. Seems all legit. Site links to casino-online-promotion.com.
On that site your promoting some of the worst known clip joints who have long histories of shafting players. Just saying!
You referring to slot madness or sites like palace of chance, casino titan or some other?
October 10, 2012 at 4:27 pm #828739
wbprofitsMemberI would think it betus banner
October 10, 2012 at 5:08 pm #828740Anonymous
Inactive@GamblingShares 245605 wrote:
I would think it betus banner
I had a lot of them and then they stopped the program, so I think it was already removed.
But at least they paid out whatever was due.October 10, 2012 at 5:25 pm #828741
betluckfanMemberWho’s hack your site ??
===============
fanooss rayaneh
esmafahan – khajoo ST
esfahan
Esfahan,8157733361
IR
Tel. +098.9131261948
================P/S: You should update your wp site to last version.
October 10, 2012 at 5:45 pm #828743Anonymous
InactiveOn the off chance that the web host could find something I emailed support.
They were doing my support request, plus they sent me this advice.I have scanned your account and I was unable to find any malicious code from your website files. Also, please change the password of your account/FTP to strong value and remove unwanted FTP users if any exists.
In order to prevent the hackers attack in the future, you will have to ensure that:
1. Generate a strong password combination for account, ftp, and database.
2. Scan local computer with good antivirus, antispyware programs and clean bad programs.
3. Keep the software up-to-date with vendors/developers, and seek their support/forums for any known vulnerabilities/fixes/workarounds available.
4. Do not assign 777 permissions to any of the files or folders as it makes them world writable and could lead to such issues.
5. Remove any unneeded folders, files and if you are running any web application like Joomla, WordPress, osCommerce, Moodle.. etc keep them up-to-date with latest stable version.This can happen for various reasons like:
1. Poor/compromised account/FTP password, which allows hackers to guess the password [or use brutforce tools] and get unauthorized access.
2. Your computer infected by viruses, which is controlled by hackers. In this situation, your uploaded files also get infected.
3. Poor scripts, which allow hackers to insert various malformed queries and remotely execute the code and perform intended action.
4. Virus effected theme selection for the application.
5. Installing application which are downloaded form third party sites; mainly not genuine sites.This advice is better than what I got from a different host on a previous hack, which was ‘delete all your files and reinstall from your backup’. It turned out all I had to do was delete about 5 wp files and upload new ones.
October 10, 2012 at 5:50 pm #828744
wbprofitsMember#3 and # 5 in the 1st part are huge to do’s on all sites ( keep themes and Plug ins updated )
back ups help also :burnafatt
October 10, 2012 at 6:50 pm #828747Anonymous
InactiveUpdate,
rmeeuwsen gave me access to his backend so I could see what was going on.
First and foremost I recommend changing all passwords.
Second, do what I mentioned in the PM to you.
Third, Keep all scripts up to date.The hacker did in fact get into his sql database and left a redirect. It was easy to spot and fix. I looked over other parts of the database where I thought they could have hid code and saw nothing.
I also had a glance over the files on the server and didn’t see any malicious code. That doesn’t mean there’s none there but chances are there isn’t. This hack sees like a simple sql injection to deface the site.
October 10, 2012 at 7:36 pm #828749Anonymous
InactiveOn Oct 7th Google issed a warning of more and more state sponsored cyber attacks and just by looking over my logs I can see that they’ve tried to gain access on quite a few of our sites. I suggest that you all update all your scripts immediately.
here’s an article on G’s warning.
October 10, 2012 at 8:54 pm #828750
CasinoSasaMemberGuaranteed there state sponsored, but they aint coming from the Middle East.. lol Try a little closer to home.
October 10, 2012 at 10:14 pm #828752Anonymous
Inactive@fonzi 245618 wrote:
On Oct 7th Google issed a warning of more and more state sponsored cyber attacks and just by looking over my logs I can see that they’ve tried to gain access on quite a few of our sites. I suggest that you all update all your scripts immediately.
here’s an article on G’s warning.
I also want to publicly thank Fonzi for fixing my site and giving me tips on protecting my sites better.
The ” Free Casino Games and Bonuses ” site is back to ‘normal’, except – it now has all updated scripts and more protection AND a backup system.
Yet, I still have another hacked site to fix. Another lesson reiterated is that even though there are a lot of ‘ahole’ hackers, there are also a lot of other nice people like Fonzi too.
October 11, 2012 at 12:22 am #828754Anonymous
InactivePS – If anyone plugs ” http://www.slotbonuses.info/ ” into google they’ll hopefully see my mug displayed there with my nome de plume Richard Wright
That was the last thing I was working on at this site before being hacked.
I wonder if there is any connection.PS – I could use a few google + circles additions too.
October 11, 2012 at 6:42 am #828758
betluckfanMemberWelcome come back, your site
.You should download scan shell tools and scan all your file and directory. For security, if hacker put a shell to your server, you will never find it.
You can find this tool at google with keyword: Backdoor Scanner, scan shell tools…
Good luck.
John
October 11, 2012 at 4:23 pm #828772Anonymous
Inactive@johntang 245629 wrote:
Welcome come back, your site
.You should download scan shell tools and scan all your file and directory. For security, if hacker put a shell to your server, you will never find it.
You can find this tool at google with keyword: Backdoor Scanner, scan shell tools…
Good luck.
John
Cool tools – I tried Wordfence. Red the ‘how to use tour’ and started looking at ‘Live Activity’. Saw a ‘human’ looking at a post (will be expanding on that topic in my site later) and saw an unfamiliar ‘crawler’ from ‘173.199.116.179.choopa.net’ – looked on google for it and saw it was listed on a site as a ‘Blacklist Bot/Crawler Type’ and ‘Web Crawler – Website Extractor” – then followed the url to the site where they referenced itself as “The largest index of live links and the best tool to spy on your competitors’ actual keywords”
So I blocked the IP.
But it was a persistent little bugger that came back with at least 3 more ip’sThen I looked at ‘logins and lockouts’ and saw someone from the Ukraine trying to login as admin every 2 minutes – So I blocked his IP too
I made all the blocks permanent!
-
AuthorPosts