1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked by a Black Hatter!

Discussion in 'Black Hat SEO' started by istart, Sep 28, 2012.

  1. istart

    istart Junior Member

    Joined:
    Oct 10, 2011
    Messages:
    116
    Likes Received:
    26
    Occupation:
    Web developer - apps and db.
    Location:
    Canada
    Just found out that all of my WordPress sites on one server have been hacked!

    I noticed that all of my sites took forever to load this evening and even crashed the browser a few times. I saw a bunch of requests to directagain.com, adnoble.com etc. Looked at the source and found a bunch of iframes loading up through ignorelist.com.

    I searched through the code and eventually found that the main index.php file had been changed to include the encoded hack:

    PHP:
    base64_decode('ZWNobyA...lots of characters etc...
    Looks like they were doing fake clicks or impressions on a bunch of ads. Glad I didn't buy any of those ads!

    I only found out because ignorelist.com was down for a bit tonight. I wonder how long this has been killing my rankings!!!
     
  2. flexnds

    flexnds Power Member

    Joined:
    Jan 4, 2010
    Messages:
    643
    Likes Received:
    680
    Occupation:
    Internet Marketing, Web development, Internet Repu
    Location:
    AZ
    That sucks... This is one of the main reasons I stopped doing niche websites. I implemented a lot of security on my niche sites and they still get hacked. I guess atleast your hacker was trying to make money, most just deface it.
     
  3. Minarik1987

    Minarik1987 Junior Member

    Joined:
    Jul 18, 2012
    Messages:
    172
    Likes Received:
    26
    You must be talking about ultimate black hat traffic software.
     
  4. zenoGlitch

    zenoGlitch Executive VIP Jr. VIP Premium Member

    Joined:
    Jun 25, 2009
    Messages:
    963
    Likes Received:
    1,511
    Location:
    Thailand
    If this is a wordpress site there are exploit scanning plugins you should check out.

    p.s. this is a "hacker" not a black hatter ... One is a criminal, one is clever.
     
    • Thanks Thanks x 3
  5. bigkapp

    bigkapp Regular Member

    Joined:
    Dec 8, 2010
    Messages:
    461
    Likes Received:
    369
    How exactly do you know that they were doing fake clicks or impressions on a bunch of ads? Is that what base64_decode's are for ? Sorry for the dumb questions , I had a bad experience just like your's . Never fully understood base64 codes. Just know their a pain in the ass to get rid of.
     
  6. Mr.Whitehat

    Mr.Whitehat Senior Member

    Joined:
    Apr 23, 2009
    Messages:
    855
    Likes Received:
    220
    Occupation:
    Wandering Around !
    Location:
    Dating Moolah Babe^
    Yep hackers are evil. Blackhatters ain't so cheap dirty
     
  7. download

    download Jr. VIP Jr. VIP Premium Member

    Joined:
    May 4, 2010
    Messages:
    1,271
    Likes Received:
    712
    Location:
    USA
    I had a similar experience a couple weeks ago... hoping nothing is hit too hard and you can recover quickly :)
     
  8. Cash1t

    Cash1t Registered Member

    Joined:
    May 27, 2009
    Messages:
    78
    Likes Received:
    36
    Decode the Base64 and find out what it does
    Code:
    http://www.opinionatedgeek.com/dotnet/tools/base64decode/
     
  9. wpbacklinks

    wpbacklinks Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 27, 2010
    Messages:
    3,396
    Likes Received:
    1,339
    Gender:
    Male
    Occupation:
    Affiliate Marketer
    Location:
    Everywhere
    Misleading title...
     
  10. turbohacker

    turbohacker Regular Member

    Joined:
    Jul 27, 2010
    Messages:
    479
    Likes Received:
    127
    I think you'll be suprised. A very small minority can be both :(
     
  11. HostStage

    HostStage Jr. VIP Jr. VIP Premium Member UnGagged Attendee

    Joined:
    May 20, 2010
    Messages:
    1,770
    Likes Received:
    1,729
    Occupation:
    BHW - CEO of Webhosting Company
    Location:
    BWH from France
    Home Page:
    Well OP is right, this is very dark and shady BH method. It redirects a % of the traffic to others websites, it can also only redirect the traffic from Google and also give backlinks.

    Your logins has been compromised to your hosting more likely or you are using a nulled theme / plugin.
     
    • Thanks Thanks x 1
  12. istart

    istart Junior Member

    Joined:
    Oct 10, 2011
    Messages:
    116
    Likes Received:
    26
    Occupation:
    Web developer - apps and db.
    Location:
    Canada
    No offense meant to black hatters here. I just said black hatter because the hack was being used for IM.

    Which could be considered a super duper black hat IM method lol.
     
  13. istart

    istart Junior Member

    Joined:
    Oct 10, 2011
    Messages:
    116
    Likes Received:
    26
    Occupation:
    Web developer - apps and db.
    Location:
    Canada
    I decoded their code and ours full of I frames displaying ads and sites. I couldn't get to many details on thus as their server was failing and I could only bring up the sites once. The links are all cloaked somehow too
     
  14. erniedawg

    erniedawg Junior Member

    Joined:
    May 31, 2012
    Messages:
    124
    Likes Received:
    44
    Is it just me or does the girl in your avatar look like she has a beard??? rofl
     
    • Thanks Thanks x 2
  15. istart

    istart Junior Member

    Joined:
    Oct 10, 2011
    Messages:
    116
    Likes Received:
    26
    Occupation:
    Web developer - apps and db.
    Location:
    Canada
    She's got a beard alright lol. That's Richard d from aphex twin. Just look up windowlicker on YouTube if you want to watch the best video of all time. :)
    Trust me, you'll love it lol