Results 1 to 6 of 6
December 1st, 2004, 09:51 AM #1
For the second time in three days, someone (from Russia) is framing my site in an iFrame and feeding trojans to anyone who clicks on the site.
The first time I got the host to shut down the site, but now it's back again doing the same thing on another domain name.
I've contacted the host of the new webspace again, but don't want to play cat and mouse until this idiot gets bored and packs it in.
Any ideas of:
Damage it could cause? My antivirus / firewall and Spybot are stopping the trojans affecting my own machine.
How I can stop this by some means other than contacting the webspace providers he is using?
December 1st, 2004, 10:35 AM #2
They wouldn't have to actually "hack" your site to do this would they? Anybody can frame a site.
You should report this to the major search engines (google & yahoo) so this Scum's site is permanently banned.This World is Not My Home
We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993
December 1st, 2004, 10:55 AM #3
"Hack" was probably the wrong word, but it's hacker type behaviour. I was emailed from someone two days ago telling me that one of my domains was being spammed around ICQ.
My guess is that he's using my site to attract a certain type of traffic in large numbers to feed them his trojans. At the very least it's getting me a bad reputation from anyone who sees it.
Beyond that I don't really see what he's about, but it's sure bugging me when I see the clicks in my logs. Maybe he's one of the bulletin board spammers I keep kicking off for putting links into their scummy sites.
December 1st, 2004, 11:05 AM #4
December 2nd, 2004, 12:19 AM #5
The weak point with some of these things is often the domain name they're using. The registrar should be able to take the domain down as a breach of their TOS if it's being used for illegal activities. Also, check out their nameservers.. it might well be that they control these for their domain too. If you can shut those down then you can cause them real problems.
PM me the domain name if you like.
December 2nd, 2004, 10:04 AM #6
Michael - great advice, the code is sitting there now, but as I'd already contacted the host he was using, the site was down before I saw any effect. It'll be ready for any future attempts anyway.
Dynamoo - The guy is quite a slippery character with a domain being used to put the site up, the iFrame linking to another domain and the trojans coming from a third IP address - there also seemed to be a fourth address being used too. I contacted all hosts and registrars and informed them and action was taken. The problem is the first time this happened the host acted first and the next 2 server providers couldn't see anything so when he did it again, no's 2 and 3 were still there. Hopefully I HAVE caused him some real problems, particularly as most companies involved were totally legit and reputeable. There was just one host in Russia who's site was all in Russian and I couldn't figure out how to inform them - but again it looked legit.
If it happens again I'll pm you if I may as you might be able to suggest a more permanent solution. I suspect however that he'll move on to easier pickings where the webmaster isn't so pro-active so quickly.
By Asif in forum Commission Junction - CJReplies: 58Last Post: November 13th, 2003, 09:04 AM
By Taurus in forum Midnight Cafe'Replies: 7Last Post: August 23rd, 2002, 06:11 PM
By Heyder in forum Midnight Cafe'Replies: 13Last Post: February 23rd, 2002, 04:55 PM
By SSanf in forum Midnight Cafe'Replies: 8Last Post: February 2nd, 2002, 05:49 PM