|
Fucking Megacount iFrame
I just found that fucking pos iframe on 2 sites... I was under the assumption that it was a wordpress exploit but these 2 sites aren't running wp
site 1: Smart Thumbs and ATX site 2: Smart Thumbs and AT3 Here's the funny thing... A few weeks ago, I installed wordpress on a site and within 10 minutes that megacount iframe was on the main page... An ftp pw change fixed all 3 sites so far |
That was one every one of my sites the other day! Fuck! "Except" the Wordpress/ABP one. It seemed to be running fine. And only on the index file of my pages as far as I can tell. Gone now, but shit thats fuct. :mad:
|
Yup...just found that fucker on one of my sites too. It seemed to only write the iframe code on my TTT-Toplist and AXSLinks templates.
Fuckin Ghey. |
wow, this guy is going after everyone...
|
Can someone please fill me in on exactly what this is and what it does.
Also, how do you check to see if you have it? |
Basically they load an iframe on your page which tries to load a virus from megacount.net/ somethin somethin...
win32.wordpro some shit like that. Fucking fucks!!!! :321GFY |
Try blocking all all symlink () php functions
Thats what Sami at http://serverprovider.com/ did for mine and it has not been back since.... If it works then you might want to hit up sami next time you need a new box since the service is excellent and he was the only one able to find a way to make this stop for me.. |
:mad: !!
|
Got it to a couple of weeks ago, no wordpress or smartthumbs or other software installed, seems a php exploit ir something. If you ask me it has nothing to do with Wordpress.
B. |
Quote:
gofuckyourself.com/showthread.php?t=666473 Problem is, I'm not sure how they got the password to begin with. Quote:
|
Quote:
|
Take a look on your server - maybe you have a file called iframe.php - delete it - change your FTP pass. It should fix your problem.
|
Has anyone bothered to allow themselves to be infected to see what the asswipe is up to? I am betting pretty good money that he is the fuckwad sending out all the stock tip pump and dump scam mails right now, using many computers as zombies to do the mailing for him.
I would really be interested to see what the payload really ends up being. Alex |
Quote:
btw, site 1 was hit again this morning.... |
got hit on a dozen plus sites too. it reminds me i need to check my sites at least weekly or else i'd never notice these types of things.
|
and its not wordpress, it happened on sites that didnt have wp installed, happened on a wp one too though.
|
it's fucking amazing that no one has come up with a fucking solution to this shit yet....
I wonder when the asshole is going to start pushing Zango installs... |
this fucking sucks big time :mad:
|
yeah ive seen this on a bunch of sites lately
|
LOL, I totally ignored your messaged and watched that monkey sig of yours for a good 5 minutes... what the FUCK
|
Quote:
:1orglaugh :1orglaugh |
anyone know how to fix this shit? It hit me again this morning. this time a new url http://fdghewrtewrtyrew [DOT] biz
|
Quote:
|
happened again today with read only perms on the file.
it's not the symlink thing either. C'mon SOMEONE has to know how to stop this shit. |
buuuuuump
|
buuuuump just got hit AGAIN today
|
Quote:
|
thanks rob
|
had the same thing happen, glad to get it fixed though
|
this fucker must be stopped!
|
| All times are GMT -7. The time now is 06:16 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123