Strange happenings with ads and source code

Hi everyone.....Found something interesting today by accident. I was in my website and for some reason decided to check the source code. What I discovered was that large strings of spammy comments were were showing in the code instead of the ad links. The ad links displayed fine on the actual web page though. Upon further investigation I discovered that the ad network php file on my server had been changed by someone other then me to include the comments. The server php file was not the same as my local file. Another thing that was strange was that in the spammy comments there was reference to another website which happens to be a coop member. Anyway, from now on I'll occasionaly check the scource code of my pages to make sure it doesn't happen again.

Lou

PS: I'm not sure but this might also have something to do with the problems I've been having with Google dropping pages and de-listing my site but I'm not sure about that?

 

Might be an idea to change the names of the PHP and .txt files from the default. You'll need to change them in the PHP file source code too.

CHMOD the PHP file to 705 and the .txt file to 606.

 

Actually I had already done that before it happened. Whoever managed to get into the server apparently knew what to look for. Nothing else was changed. What is even more strange is that it was done to both of my websites. :-( Oh well. It's fixed now and I've changed the log in information for the server.

Lou

 

Both sites in your sig? That's rather disturbing.

 

Your sites:

1. Are they on a free web host?
2. Are they on a cheap web host?
3. If your web host is Russian, someone may have decided there's more money to be made monkeying around with customers web sites. Just a thought.

 

Never thought about that but it is both sites in my sig. And both sites are obviously in the coop.

The sites are not on a free or cheap web host or on Russian servers. Both are on NTT/VERIO servers, which I've used for years without any problems.

 

That's always a possibility but I find it hard to believe that they would go into the coop php file and modify it to add spammy comments to the code of every ad displayed. What is sort of strange is that the comments sort of relate to the site but are obviously written by someone not fluent in English. My first impression from this would be that it might be a competitor that might also be a member of the coop network? All speculation though. What isn't speculation thought is that they are much more knowledgable then me to be able to hack into my sites and know how to modify the the php file to show the comments in the source code.

I have no idea when this happened but I'll bet around the time Google started dropping pages and de-listing me. The same spamy comment paragraph repeated 5 times in a row on every page had to red flag something with Google if nothing more then dup content.

At least I've learned something. From time to time I'll check the source code of my pages to make sure what's being served hasn't been modified by some hacker.

Lou

 

Techs can be bribed. H@ckers are always boasting about getting to this or that server. Web servers, because they serve files to outsiders, invite tampering, in the way a bank vault doesn't.

I was once able to 'cd' into other users sites on a web-host I once used. Found out by accident. And it wasn't a small web-host either.

It's strange someone would go to this trouble for your site, if the intention is just to affect your SERPs. Are you coming up top for some competitive phrases?

 

Highly doubtful someone from Verio would do something. The simple reason is: employees are *heavily* - let me stress *heavily* monitored, and would be fired on the spot if caught. Trust me, I've seen it happen. Besides: the techs there are not interested in screwing with a customer account. There's no reason to - most of em either have their own boxes or at the very least their own website. The techs come from a tech background and are very professional. How do I know? I was employed there for 5 years in tech support.

What kind of account are you on? Windows or Unix? You should have kept all evidence and contacted support, and had them look into it. Verio is excellent at handling security issues. If you notice your account has been hacked; you shouldn't touch it; but contact support immediately.. Always.

 

"I was once able to 'cd' into other users sites on a web-host I once used."

I've seen this on a couple of hosts geared towards developers. My understanding was that it is up to the account user to make sure their permissions are set right on their directory. The one time I looked around people's directories, I could get into about 75% of them (it took a few minutes before I realized that even though I was just being curious, it was not a good idea to be doing this.) Everytime I make a file writable by ALL, I remind myself to make sure other people on the server can't get into the directory.

To the original poster, can you access other people's directories on the server? Can you go up a directory level from your user account directory? That's the first thing that comes to my mind.

 

The thought of it being someone from Verio never entered my mind. I've been with them for 9 years now. They were my first web host. Their probably one of the most expensive but as far as I'm concerned their the best and most profesional out there. Just my opinion though.

I've got a Silver account on a Unix server. The thought of saving the evidence and having them look into it didn't cross my mind until after I fixed the problem. They may still have a copy though from all the back up they do on the servers? Maybe I'll check with them on it? The results are still readily available though. You can go to just about any cached page on MSN or Yahoo and look at the source. Hopefully finding it and fixing it will in time fix the problem I've had with Google. Just have to wait and see.

Lou

PS: Crew...No. I can't get into any directories on the server other then my own. Used to be able to get a list of the directories but that not into them. And that was years ago when they were still TabNet.