Posts Tagged ‘injected script’

During the last 4 days Numerous People are reporting their sites are infected, and customers are being re-directed to a Russian site.
So far ALL the sites reported are hosted on NS3.IXWEBHOSTING.COM and NS4.IXWEBHOSTING.COM.
If your site is hosted on these servers, OR possibly other servers, you should check your website, by using a SEARCH ENGINE. DO NOT go directly to your site through your search bar OR shortcut, but use a Search Engine. The results are being re-directed. It will also be a matter of time before these sites will be “Blacklisted” by Google and other search Engines.

Feel Free to contact IX Web Hosting about this matter, but they will only blame you for their issues, and  lack of  knowing how to treat their customers with respect.

Please send us a message if your site has been comprimised.

Advertisements

From a Unhappy  IX  customer

I was beginning to think I was crazy. My site would get hacked and I would change the password. This would keep happening over and over. Yet every time I would call in they would say it was my fault. Well today I discovered that once again my site had been hacked as well as all the other domains in my userid for them.  While going through one of my sub domains I found a hackers control panel which I downloaded and took a screen shot. I even looked around in it. I realized quite quickly that I had server root access and I could see other peoples files like I was on a regular computer. This control panel seems to have it all. Anyway here is a screen shot for all you who wonder what is going on:

I have marked my info out to spare me as well as the folder I was browsing. But this control panel seems to have any exploits you want on it with very little effort.  It even has a handy self kill button which I used. Of course I am sure they will be back and hack right back in. Meanwhile I have to look into another host.

IXhackerscreen6

CLICK ON IMAGE FOR LARGER PREVIEW

 

So many people being banned by Google, and cannot find the source of the Injection..

 I have previously posted on this blog WHY you cannot find the code.. Because  the code is NOT on your page. The code is, and can be anywhere on the server ( I have posted 3 links to the code that was hidden as a .jpg)  The code added to your site is actually an Iframe, so what you should be looking for is a small snippet of code that calls the script. ( check your Config, Header, Footer, Index.php etc.. ALL pages that get called on every page

Yesterday someone contacted me with this issue, and that person was also banned by Google, and had spent weeks trying to solve this problem.. They  finally found the code in the CONFIG File . ( thanks to this blog)
The site is now clean, but it will only be a matter of days before it is injected AGAIN!!

Here is the post I posted in December last year:

Hundreds of  IX customers, are contacting me to ask about the Injected script ( posted in a previous post) they are asking me HOW to remove it, because they cannot find it…

The Reason they cannot find it??

Because of a MASSIVE SECURITY ISSUE on IX WEB HOSTING’s SERVERS!!.. the script is NOT actually put onto any of your pages, the script is actually hidded somewhere on the server..

So far I have found 5 “seeds” .. These are the codes that are appearing  in  over 100,000 sites

( These have now been removed by ix web hosting but as you can see, the actual file is well hidden and disguised as an image. REMEMBER, this is where the files were stored that YOU can see on YOUR pages )

Remember to view the “source code” in the above links.

Very interesting is the second “seed” that is actually in an IX standard “modlogan” folder, that is standard a chmod 700 .

Secondly it should not be possible on any shared server to inject this script onto EVERY file on that server. The fact that this is happening means that IX web Hosting has not got a clue how to protect their servers, and customer web sites. 

So as you can see, this script IS  NOT actually put into your script, that is why you cannot find it.. HOWEVER, somewhere on your site, there is a bit of code  ”Calling” this script, and that appears in your pages.
Check  ALL the pages that get called for every page, ie. header, footer, index, config, sidebar etc. 

So far I have evidence and proven that the following IX servers running the following Database’s  are seeded:

  • mysql33.ixwebhosting.com
  • mysql15.ixwebhosting.com
  • mysql27.ixwebhosting.com

If you know of any others that are seeded, please let me know.

Hope this helps

:: Some people have contacted me to tell me that the Injected Script is ( also ) injected into the database, and in some cases a new table is created.
I have checked 9 databases of infected sites, and I have not yet come across the script in my Database’s, so I think that this might be “script” related, maybe that some scripts such as PhpBB2 allows for this to happen, so I recommend searching your Database for the script as well ::

=================================================================

This issue has now been going on for more than 10 months…. 1 year this May.. Will IX Web Hosting be celebrating  this milestone?

Hey buddy, 
nice website, i wish i had seen it before I renewed my contract with the crooks at IX for 2 more years…
well, i am writing because i couldn`t find on your website a solution to clean the infections automatically. so maybe you want to post a solution:

here is what I did:

1 – download the entire site
2 – Open an infected file with Adobe Dreamweaver
3
– Look for the infected code, select all of it and copy it to the clipboard (starts with “<?php if(!function_exists(‘tmp_lkojfghx’))…”). You must copy ALL the code!
4 – Still on dreamweaver, click on EDIT>FIND AND REPLACE
5 – on the FIND box you paste the infected code 
6 – On the FIND IN dropdown select FOLDER and point it to the folder where your website was downloaded.
7 – click on REPLACE ALL (dreamweaver will replace the code with whatever is on the REPLACE box, as we didn’t write anything there, it will clean the code)

I found out that all the infected files on my sites had exactly the same code, so it was quite fast to remove them.

 

Ivan

Thanks Ivan for your feedback, I hope this helps others, also sorry to hear your sites are still constantly being injected. It’s clear that IX Web Hosting still has not got a clue how to solve this issue, and on top of this they are having 3 other mayor issues to deal with.

In the past months, 1000’s of IX Web Hosting’s customers finally turned their back on the “Cheap, Unreliable and Insecure ” Web Host. This was due to the fact that more than 140,000 sites were hacked and injected on a WEEKLY bases, things got so bad that even the “Backups” were infected and deemed useless.
From   May 2008 onwards IX Web Hosting continueously blamed their customers, mayor search engines, WordPress, Joomla, and every script on the market, actually, it was everyone’s fault, except IX Web Hosting.

The past 4 weeks I have recieved and seen an alarming amount of customers furious about the “Downtime” of their sites.

Downtimes of  6+ hours is normal…

I am curious who IX WEB HOSTING is going to blame this time

Shira, 12th 2009f February, 2009
We’ve spent the last week uploading and creating database on our new IXWebhosting account. BIG MISTAKE. All of the database sites give random server connection errors more often than not and the server service in general is extremely unreliable. The online “Tech support” chat is a complete joke. Not once have they been able to resolve the problems we’ve communicated, and we have to chat them about 5 times a day. We’re closing our account today before serious damage is done.

Pete, 11th 2009f February, 2009
AVOID like the plague!!!
Every one of their web servers have been hacked in the last few months. If you have any sites with them, it’s just a matter of time before your code is injected with viruses and phishing pages or completely diverted to a scam web site.
If you have an account with them, do what I did… Get the hell out now before all of your sites are blacklisted.
Try www.**********.com. They cost a bit more but you get what you pay for.

F**K YOU IX, 10th 2009f February, 2009
I’m so sick of the feeble excuses ix web hosting come up with.
I the past week I have called them at least 3 times everyday because so far my sites have been down on average 3 hours a day. Everytime I get to hear how sorry they are, and that the issue will be fixed within 20 minutes!!
It really is time to get a class case together and sue IX for compensation.
Erik, 09th 2009f February, 2009
All 12+ of my domains were down much of Feb. 7, 2009, and since at least the afternoon of Feb. 8, 2009, they’ve been down again, and all of my sites’ files are totally gone. They’re “still working” as of this morning, Feb. 9, 2009, but they cannot say much more. Time to move on.

Milano, 09th 2009f February, 2009
Today I got a call from a friend telling me my sites contained a virus, I googled my site, and when I clicked on it my Anti Virus blocked it with a warning, I then checked all my other sites and they all contain the same script. I called ix, had to wait 25 minutes, probably a lot of customers with the same problem.. I was told very bluntly that it was a well known issue with WordPress, I have been using wordpress now for 4 years, and always use the latest stable version, I contacted WordPress, and they assure me that there are no known issues with WordPress. I then called ix again, and this time they blamed my computer, saying it is infected, and that I uploaded the virus.
IX is an absolute nightmare, and I am moving all my sites away from them, and I will file a complaint with the BBB
Herman, 08th 2009f February, 2009
Last week I had a phone call from a customer why I had not sent them an Email, I reassured them that I had, and that I would resend it 2 days later completely pissed off because they still never got the Email. So I sent an Email to one of my own Email accounts.. I never got it, so I tried sending it to another 5 Email accounts.. out of those 5 emails I got just ONE, but it took TWO days to reach me. I contacted support on the chat, and he told me there was a backlog of mail because of a “Spam Filter” , he told me to create a Ticket which I did, I sent a ticket on Friday morning, and Today ( Monday) I still have not had a response.
So to break it down, ( this is what I know for certain) I have sent 8 emails, and only recieved ONE 2 days after I sent it!
This is absolutely absurd, now I do not know how many people I have sent Emails to that never got them.
Do yourself a big favour and stay away from ix web hosting, they just have not got a clue, or they just don’t care, or both.

 

elawcase@gmail.com, 07th 2009f February, 2009
Anyone interested to sue ixwebhosting.com due to their bad servers and not providing what they promise, please contact us at elawcase@gmail.com.

I have tried many hosting companies and ixwebhosting is amongst the worst. Their server will go down frequently. We received so many complaints from our own customers that the website is not working. We get this just about everyday. And two days ago ixwebhosting.com servers were down for 4 hours. Yesterday it was down 3 hours. Today it is down now for over 2 hours and we are still waiting for the servers to work. We are hosted on NS13, NS14. This has got to be the most frustrating experience in our 9 years in ecommerce. We made the fatal error trusting to host our site with ixwebhosting.com. The first two months were okay but then after it went downhill. I think maybe they work really hard during the trial period so you cannot refund the month. I’m stuck now with a long period of webhosting plan. They won’t refund either and they will not provide you a good working server.

John – HELP SERVER DOWN, 05th 2009f February, 2009
Hello I cannot believe how many times the server is down.. It has been down for over 1 hour and now they are telling us another hour. This server really sucks.. here’s the chat logs.

Lesya Geychenko: Sorry, we really experience some problems on our server, but I want to ensure you that this is temporary and we will fix them as soon as possible

you: pls .. it has been down for 1 hour

you: every day down

Lesya Geychenko: I am so sorry, our admins are working on the issue

Lesya Geychenko: Sorry, we do not have any ETA yet, the issue will be fixed as soon as possible

you: we have to contact ixwebhosting just about everyday about the servers being down.. this is not the service we have paid for

Lesya Geychenko: I understand your concerns about this, you can create a ticket and provide statistics on the server side issue and ask for permanent solution

you: we have already

you: what’s going on?

you: over 1 hour

you: hello, any updates so far?

Lesya Geychenko: Yes, our admins are working on the issue, they will send a notification to me when they finish

you: please

Lesya Geychenko: The issue should be fixed within 15 minutes

you: ok

Lesya Geychenko: I am extremely sorry to tell you, I just got the news from our admins

you: ok

Lesya Geychenko: They maintain the server longer than I have expected

Lesya Geychenko: The server will be up in 60 minutes

you: ixwebhosting is really unreliable…..

Heidi, 03rd 2009f February, 2009
Just got off the phone with ix, for the past 2 weeks every evening at 6 o clock my sites stop loading, and I cannot retrieve my Emails. It is so frustrating that the support just say that everything is working fine. I’ll be looking to move my sites.
 
Matt, 02nd 2009f February, 2009
The server is currently down. IT is down about every 5-10 minutes for 30 seconds – 2minutes. Right now it has been down for over 10 minutes. We need to get to our database and info but we can’t. This is just bad for us. ixwebhosting.com really cannot get it right. We have contacted them over 100 times in the past month but they keep saying they fixed the problem. I don’t see how ixwebshosting rating is high on the right menu on this website. It means they probably get some cut when referring clients.
 
George , 30th 2009f January, 2009
If you are planning to run a serious website, DO NOT use Ix web hosting, they are more trouble than they are worth. Virus, Slow, Database problems, and Email issues.

 

As of today I am going to post the  TOP 10 Search Engine Terms  people use to find this site.

As you will see, there are a lot of issues going on.

Search Engine Terms

These are terms people used to find this blog.

Todays  Search 

  1. ix hacked  
  2. ixwebhosting virus  
  3. ixwebhosting hacked  
  4. ixwebhosting  
  5. ix webhosting hacked 2008  
  6. https://ixwebhostwarning.wordpress.com/  
  7. ix web hosting has been hacked  
  8. https://ixwebhostwarning.wordpress.com  
  9. ix webhosting htaccess  
  10. ixwebhosting .htaccess hack  

Yesterdays  Search 

  1. ixwebhosting hacked  
  2. ixwebhosting malware  
  3. ixwebhosting malicious  
  4. fix ixwebhosting .htaccess  
  5. modlogan hacked  
  6. htaccess exploit passwords ixwebhosting  
  7. ixwebhosting exploited  
  8. how to remove yahoo counter injection fr  
  9. access htaccess ixwebhosting  
  10. ixwebhosting hack

[ from an ix webhosting customer ]

Anyone interested in joining forces to sue ixwebhosting.com due to their bad, insecure servers and not providing what they promise, please contact us at elawcase@gmail.com

I have tried many hosting companies and ixwebhosting is amongst the worst. Their server will go down frequently. We received so many complaints from our own customers that the website is not working. We get this just about everyday. And two days ago ixwebhosting.com servers were down for 4 hours. Yesterday it was down 3 hours. Today it is down now for over 2 hours and we are still waiting for the servers to work. We are hosted on NS13, NS14. This has got to be the most frustrating experience in our 9 years in ecommerce. We made the fatal error trusting to host our site with ixwebhosting.com. The first two months were okay but then after it went downhill. I think maybe they work really hard during the trial period so you cannot refund the month. I’m stuck now with a long period of webhosting plan. They won’t refund either and they will not provide you a good working server.