I was going to post this earlier today, but got sidetracked and almost forgot!

Happy Birthday!

Hopefully you had some treat to make it memorable.

Bump to put this topic at the top of the forum list.

dude,

have you been accessing the site via your ftp, recently?

like jan 15?


Quote:

Wed Jan 15 04:42:16 2014 0 86.109.167.242 3203 /home/radif2/public_html/nightowl/bootcd/bootcddisclaimers.html a _ o r nightowlvps@radified.com ftp 1 * c Wed Jan 15 04:42:17 2014 0 86.109.167.242 32677 /home/radif2/joecool/public/javascripts/dragdrop.js a _ i r radif2 ftp 1 * c Wed Jan 15 04:42:17 2014 0 86.109.167.242 21416 /home/radif2/public_html/nightowl/bootcd/bootcdintro_old.html a _ o r nightowlvps@radified.com ftp 1 * c Wed Jan 15 04:42:18 2014 0 86.109.167.242 22859 /home/radif2/public_html/nightowl/bootcd/bootcdintro.html a _ o r nightowlvps@radified.com ftp 1 * c Wed Jan 15 04:42:19 2014 2 86.109.167.242 40036 /home/radif2/joecool/public/javascripts/effects.js a _ o r radif2 ftp 1 * c Wed Jan 15 04:42:20 2014 0 86.109.167.242 20432 /home/radif2/public_html/nightowl/bootcd/bootcdintro_rad.html a _ o r nightowlvps@radified.com ftp 1 * c Wed Jan 15 04:42:20 2014 0 86.109.167.242 7735 /home/radif2/public_html/nightowl/bootcd/disclaimers.html a _ o r nightowlvps@radified.com ftp 1 * c Wed Jan 15 04:42:21 2014 1 86.109.167.242 40059 /home/radif2/joecool/public/javascripts/effects.js a _ i r radif2 ftp 1 * c Wed Jan 15 04:42:21 2014 0 86.109.167.242 12321 /home/radif2/public_html/nightowl/bootcd/neroexpress6.html a _ o r nightowlvps@radified.com ftp 1 * c Wed Jan 15 04:42:22 2014 0 86.109.167.242 129829 /home/radif2/joecool/public/javascripts/prototype.js a _ o r radif2 ftp 1 * c

@ Rad

I saw your earlier posts in this thread about having slow access to the website (I was having slow access as well, and was about to log in and ask if anyone else was having problems), and the suspected hacking, and that the Host folks were going to load an image from 1/14/2014 to get rid of the hacked code....I see that those previous posts to this thread are now gone!


Quote:

have you been accessing the site via your ftp, recently?

No, it's been ages since I last did any changes to the pages and/or files in directories that my access allows via ftp.  Matter of fact, my ftp software is only on my older computer that I use only rarely these days.  Can not actually remember the last time I did access via ftp--so must be over a year or more ago!

This last summer, I did get a lot of posts to the blog page you set up for me quite some time ago--I have not used that in ages either--but, I got some 70+ email notices asking if I wanted to allow the posts to be published--I said *no* to all of them because they looked like spam.  Those posting attempts stopped roughly in Sept., 2013.  I have no idea if that has any relationship to this issue.

So, the only thing I have done is log onto the forum with my user name and forum password--which is different from the ftp log in.

Do I have a hacked ftp password and/or user name?  I can not access that or change it!  And my ftp access was only to the directory where my web page data is stored--i.e. */public_html/nightowl*, and I created several subdirectories below that.  To my knowledge, I did not have access to any of the other directories for the website.  Are my web pages hacked...or, likely to be at this point?

My forum Admin status allows me to make changes to options in the forum control panel, but I do not have any access to the directories that have actual code pages for the forum software.  So, someone smarter than me would have to explain how my ftp access could be used to access the rest of the website, and cause that java script problem that was effecting the access to the forum pages earlier today.

Let me know if I can offer any other information.....

Yuck--this is such a violation of personal space.....

Yes, I am sure you had access to the nightowl directory.

that would be the right way to do it.

just watch when the page loads and seeing if you notice it looking for a strange site.

it should look for google adsense and doubleclick, whic adsense uses, but no strange sites.

do you use any javascript?

I have deleted all FTP accts with the name nightowl in them. I actually had 4 or 5. I remember we were having trouble with some little thing and I kept trying different things.

Anyway, they are all gone, so if you need FTP access, lemme know.   

@ Rad


DaddyO wrote on Jan 17^th, 2014 at 2:09am:

just watch when the page loads and seeing if you notice it looking for a strange site.

No strange activity that I have seen.


DaddyO wrote on Jan 17^th, 2014 at 2:09am:

do you use any javascript?

I did not use javascript to my knowledge.  I used a webpage building software and it may have added such code, but I doubt it.


Quote:

I have deleted all FTP accts with the name nightowl in them. I actually had 4 or 5.

Yes, you gave me new user and passwords several times.  I would loose access for some reason--software update or something--but, I used only the most recent one because the other(s) were not functioning.  Did the hackers have access to FTP user names and passwords--or did that require website admin access--was that different from the FTP access?


Quote:

Anyway, they are all gone, so if you need FTP access, lemme know.

I can understand that--necessary safe computing requirement given that we were hacked!  I do use the website to store images to display in the forum on occassion--I guess FTP is the only way to do that--correct? 

So, yes I would appreciate access again to my subdirectories, if that's safe to do.

okay, bro.

i will create a new FTP acct for you.

we should prolly do it thru the forums private msg thingie.

do you have a pw the you like? or should i get create one for you myself?

if i recall correctly, the pw-creation software gives you red-yellow-green color code for pw strengths.

they like at least one number and an odd character, such as ! or # or _ or %

if you load your page in a browser, view page source and look/search for the word 'script'.

@ DaddyO


Quote:

if you load your page in a browser, view page source and look/search for the word 'script'.

So, checked that out for the word *script*--there's actually a lot of that on the web pages that the web authoring software embedded--it looks like mostly to do with controlling the font and any special formating.

Were there specific script commands that the hackers inserted that need to be searched for?

So far, I have not detected any strange behavior on the web pages.

i thot i recalled that you used a web authoring prgm (coffee cup?) that used javascript to control behaviors.

that's cool.

you just want to search for the string of the bad destination web site.

you should be okay.

@ DaddyO


Quote:

you just want to search for the string of the bad destination web site. you should be okay.

Did the searching for *vacance-petit-prix.com*, and didn't find any instances of that string--so I agree, the pages must be okay.


Quote:

i thot i recalled that you used a web authoring prgm (coffee cup?)

Good memory--that's the software I used.  That software was challenging, but I don't know much about web page authoring, and I would never have reached a product that I could put up on the web without it's help.