Results 1 to 6 of 6
  1. #1
    ABW Ambassador Paul_Ward's Avatar
    Join Date
    January 18th, 2005
    Location
    Cambridgeshire, England
    Posts
    1,573
    For the second time in three days, someone (from Russia) is framing my site in an iFrame and feeding trojans to anyone who clicks on the site.

    The first time I got the host to shut down the site, but now it's back again doing the same thing on another domain name.

    I've contacted the host of the new webspace again, but don't want to play cat and mouse until this idiot gets bored and packs it in.

    Any ideas of:

    Damage it could cause? My antivirus / firewall and Spybot are stopping the trojans affecting my own machine.

    How I can stop this by some means other than contacting the webspace providers he is using?

  2. #2
    More Cheesier Than Ever Cheesehead's Avatar
    Join Date
    January 18th, 2005
    Location
    Land of The NFL Champs!
    Posts
    2,942
    They wouldn't have to actually "hack" your site to do this would they? Anybody can frame a site.

    You should report this to the major search engines (google & yahoo) so this Scum's site is permanently banned.
    This World is Not My Home
    We're gonna go inside, we're gonna go outside, inside and outside. . . And then we're gonna go go go and we're not gonna stop til we get across that goalline! Quotes from the movie Rudy, 1993

  3. #3
    ABW Ambassador Paul_Ward's Avatar
    Join Date
    January 18th, 2005
    Location
    Cambridgeshire, England
    Posts
    1,573
    "Hack" was probably the wrong word, but it's hacker type behaviour. I was emailed from someone two days ago telling me that one of my domains was being spammed around ICQ.

    My guess is that he's using my site to attract a certain type of traffic in large numbers to feed them his trojans. At the very least it's getting me a bad reputation from anyone who sees it.

    Beyond that I don't really see what he's about, but it's sure bugging me when I see the clicks in my logs. Maybe he's one of the bulletin board spammers I keep kicking off for putting links into their scummy sites.

  4. #4
    Moderator MichaelColey's Avatar
    Join Date
    January 18th, 2005
    Location
    Mansfield, TX
    Posts
    16,232
    You can pop out of frames fairly easily with Javascript. Just add this code to the HEAD section of your page.

    <pre class="ip-ubbcode-code-pre">&lt;SCRIPT LANGUAGE="JavaScript"&gt;&lt;!--
    if (top.frames.length!=0)
    top.location=self.document.location;
    //--&gt;&lt;/SCRIPT&gt;</pre>
    Michael Coley
    Amazing-Bargains.com
     Affiliate Tips | Merchant Best Practices | Affiliate Friendly? | Couponing | CPA Networks? | ABW Tips | Activating Affiliates
    "Education is the most powerful weapon which you can use to change the world." Nelson Mandela

  5. #5
    ABW Adviser Panel Dynamoo's Avatar
    Join Date
    January 18th, 2005
    Location
    Opposite the Slough of Despond
    Posts
    5,465
    The weak point with some of these things is often the domain name they're using. The registrar should be able to take the domain down as a breach of their TOS if it's being used for illegal activities. Also, check out their nameservers.. it might well be that they control these for their domain too. If you can shut those down then you can cause them real problems.

    PM me the domain name if you like.
    Innovative advertising with Slimeware Corporation and Telephore. Mail-order fuel with Petrol Direct.

  6. #6
    ABW Ambassador Paul_Ward's Avatar
    Join Date
    January 18th, 2005
    Location
    Cambridgeshire, England
    Posts
    1,573
    Thanks guys.

    Michael - great advice, the code is sitting there now, but as I'd already contacted the host he was using, the site was down before I saw any effect. It'll be ready for any future attempts anyway.

    Dynamoo - The guy is quite a slippery character with a domain being used to put the site up, the iFrame linking to another domain and the trojans coming from a third IP address - there also seemed to be a fourth address being used too. I contacted all hosts and registrars and informed them and action was taken. The problem is the first time this happened the host acted first and the next 2 server providers couldn't see anything so when he did it again, no's 2 and 3 were still there. Hopefully I HAVE caused him some real problems, particularly as most companies involved were totally legit and reputeable. There was just one host in Russia who's site was all in Russian and I couldn't figure out how to inform them - but again it looked legit.

    If it happens again I'll pm you if I may as you might be able to suggest a more permanent solution. I suspect however that he'll move on to easier pickings where the webmaster isn't so pro-active so quickly.

  7. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Hacker on the lose
    By Asif in forum Commission Junction - CJ
    Replies: 58
    Last Post: November 13th, 2003, 09:04 AM
  2. Should I persue a hacker?
    By Taurus in forum Midnight Cafe'
    Replies: 7
    Last Post: August 23rd, 2002, 06:11 PM
  3. kick some Hacker @ss!
    By Heyder in forum Midnight Cafe'
    Replies: 13
    Last Post: February 23rd, 2002, 04:55 PM
  4. What was the deal with the hacker?
    By SSanf in forum Midnight Cafe'
    Replies: 8
    Last Post: February 2nd, 2002, 05:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •