Hi,

Our site was hacked by a foreign company selling drugs and they hid hundreds to thousands of code links on our live pages.
I have a question for the computer advanced people here which I know there is a few.
I help run a rescue site for animals and one day we went into the software to make changes and saw hundreds and hundreds of codes for drugs. The site (here's a direct copy of one of the links (code they added) http://movies.israel.net/forumnew/templates/subSilver/images/vote_for.php?newonthis=1&sub=3741">cheap lorazepam no rx</a></li><li><a
When we view our site live as anyone could do surfing the web you do not see this but if you right click on the page and "VIEW SOURCE" you can see all the code, ours and theirs.
This is on every live page we have.
What is the point of this? They have their own site since these links bring me to them. Of course our paid hosting company is no help and the "back up" was done after this code was inserted so I have to manually remove this. Some of the code is in blocks but some code is hard to tell if it's ours or something they added. We have a lot of Tags now and I'm not 100% sure what a tag is.
No joke we have thousands of code links added for any drug you can think of.
I just don't understand the point of doing this. What did they get out of it since you can't see it live unless you view source?
Of course I changed the password but obviously passwords aren't stopping them.
When I went to their site I can not find a "contact us" even after I translate the page.
Any thoughts would be greatly appriciated.
I'm not listing our site on purpose. I really don't want a bunch of people looking at this code by viewing source looking for drugs. I'm just hoping to get an idea why they would take all this time setting up cells and inserting invisable code.
Thanks.
K
Sorry if this is the wrong forum. I couldn't figure out which one to post this in and since it's a Blantly Illegal site I figure why not try this one.

I would have to see your site code to really give you solid answers as to why something was done. I have a feeling those links while not visible are still run as part of each pages code. So your site may harm each computer that visits you.

Again, without seeing your site with it's code I can't say for sure one thing or another.

I highly doubt someone or some bot took the time to just insert useless code in your site, there is certainly more of a reason to do that. Hackers never have good intentions.

You might want to run a spyware scan on your computer and see if you've been infected by something, that's always a good starting point.

Hi,

It's not that they intentionally posted 'useless code', they were meant to be links to a website, but they didn't tag the HTML properly. Probably little children who don't have a clue about the most basic of things - or done automatically by a bot (unlikely) which wasn't very good.



If it was to work it should be:


--Removed the 'li' because they closed the tag immediately.

Do they still have access to your website/server, change all passwords immediately - including your root password, FTP password, SSH password and if you use telnet - telnet password.

If there is a specific pattern you could use the Replace All function on Word or Notepad to Replace it with 'nothing'.

By the way, examples of HTML tags are:



If you need any help with identifying some, I'll have a look at one of the pages if you like. Copy and paste the whole source file to a pastebin website, such as www.pastebin.ca or www.pastebin.com and encrypt it with a password and send it to my Inbox.

Obviously if there is any sensitivie information within the source file (MYSQL password etc), remove it.

They really got you bad and are counting on you not doing anything other than try to fix the mess.

You need to get a security fix for your forum or Web so they do not do it again... you get those from the people that make the soft you use.

What do the spammers get?
They get free promo, hits, and commissions
They are a nasty affiliates that break many laws to Spam...

You would have to place an order, or more, to see which parent company is behind this. They are the ones that know who messed the site and spammed you because they pay them. Everything these crooks use in their spam, including your site, are just victims... this looks like too much trouble for any person

If you need help to track them down and are going to go all the way... they can go to jail... I will be glad to help you with some tips. I hate spammers and more so nasty spammers that stop at nothing...

In response to Oxy80: It doesn't work like that, if it is HTML then it can't affect client-side boxes.

And to the OP: We really need to know what your site is made with just HTML? or PHP? AJAX?? It might be an exploit in the software on your box, or the code you are running may have been vunerable in the first place.

I think the purpose of this is that it will fool the search engines into thinking their site is linked to a lot, thus making their main site show up at the top of search lists.

Google will ban them from their searches if this is reported to them (and you know who they are).