8 posts / 0 new
Log in or register to post comments
Last post
Sat, 05/01/2010 - 22:16
#1
djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05
Scripting Hack?

I've been redirected twice now from ed.com to various xorg.pl domains and it tries to run a js script that my a/v flags up. Looking at your source I can see this at the bottom, which looks very suspicious:

<script src="http://kdjkfjskdfjlskdjf "dot" com/kp.php"></script>

Top
Sun, 05/02/2010 - 02:43
I_Love_Her's picture
I_Love_Her
Offline
ED.Com SupporterPaparazziWallPaper Maker
Joined: 12/03/2008 - 17:18

Yes, that's right dj, our hosting provider has some security issue and we are trying to find a way to fix the compromised files in our site.

http://blog.sucuri.net/2010/05/second-round-of-godaddy-sites-hacked.html

Top
Sun, 05/02/2010 - 03:52
I_Love_Her's picture
I_Love_Her
Offline
ED.Com SupporterPaparazziWallPaper Maker
Joined: 12/03/2008 - 17:18

Solved :applause:

Top
Sun, 05/02/2010 - 16:35
(Reply to #3)
The_Fifth_King's picture
The_Fifth_King
Offline
Paparazzi
Joined: 02/12/2009 - 10:37

Thanks.

There definitely was a problem yesterday.

Top
Mon, 05/03/2010 - 02:47
djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05

I like how Go Daddy blames wordpress for everything even when guys without wordpress were infected.

Top
Wed, 05/19/2010 - 00:45
djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05

It's back: http://blog.sucuri.net/2010/05/continuing-attacks-at-godaddy.html

Top
Thu, 05/20/2010 - 03:25
I_Love_Her's picture
I_Love_Her
Offline
ED.Com SupporterPaparazziWallPaper Maker
Joined: 12/03/2008 - 17:18

3rd time, fixed

Top
Fri, 06/18/2010 - 01:25
djmax's picture
djmax
Offline
ED.Com SupporterKnowledge KeeperPaparazzi
Joined: 01/19/2009 - 22:05

Avast detects modules/ad/serve.php as infected with the HTML:Script-inf trojan :(

Top