homepage Welcome to WebmasterWorld Guest from 54.211.7.174
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque & physics

Webmaster General Forum

    
Worm, hack, virus, hijack?
->domainstat.net javascript
royalelephant




msg:368584
 3:15 pm on Nov 25, 2005 (gmt 0)

Went to FTP to my site and saw that every .htm had a duplicate named .htm.aff_sa_bak.

The legit .htm just has my code. The .htm.aff_sa_bak has this script appended under the </html> tag

<script language='JavaScript' type='text/javascript' src='http://www.domainstat.net/stat.php'></script>

I tried to figure out what it was, why it was, or what I should do, but I was stumped. What's going on with this thing?

good: blah-blah.htm
bad: blah-blah.htm.aff_sa_bak

 

jessejump




msg:368585
 3:51 pm on Nov 25, 2005 (gmt 0)

Looks like hacking from Google search; alert your host.

larryhatch




msg:368586
 4:28 pm on Nov 25, 2005 (gmt 0)

I googled up aff_sa_bak, and mostly got junk.

One site had some info, a blog for webmasters. The writer's site got hacked.

The aff_sa_bak URLs led to popup ads. Yes, contact your host right away.

The perps apparently break in to the server itself so they can mess with every site there. -Larry

Iguana




msg:368587
 4:33 pm on Nov 25, 2005 (gmt 0)

Quite a few hosts insert their own code snippets into your pages for the purpose of serving their own adverts or stuff like that. This looks like your host has the code to implement this but not chosen to make the altered pages live. Perhaps the domain referenced used to provide usage statistics from that 'stat.php' with javascript tracking code.

royalelephant




msg:368588
 5:15 pm on Nov 25, 2005 (gmt 0)

Thanks all!
I deleted the offending files: no online troubles with the site. I alerted my host. I'll keep you posted.

michael

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved