Archive for the ‘hack’ Category

Bayshore’s cleaned up it’s act

Tuesday, November 3rd, 2009

Sometime between 10PM last night and Noon today the guys over at Baysore Solutions cleaned up all the hacked sites that I’m aware of. And not even a word of thanks guys? How about droping me a link from your site? Ahhhh.. where’s the love?

Speaking of love… somebody must really love typeing… 43 failed logins to the admin account on this site in the last 24 hours… come on! It’s just a standard WordPress 2.8.5 blog with a couple of cute plugins and the password is nothing special.. I’ll give you a hit… “RumpleStiltsken”. BTW: What do you think you’ll accomplish if you get in? Do you really think I won’t know I’ve been hacked?

In the name of equal harrasment for all…  here’s the list of all the sites and providers (not just Bayshore) who were compromised by the www.811229.com hack.  At least as far as I’m aware at this time.  I love chaseing down hackers.. it’s kind’a like killing vampires but without all the blood.

http://aaxchange.com/ Bayshore Solutions
http://gatorcases.com/ Bayshore Solutions
http://hca.coop/index.html IMCONLINE.NET
http://macdonaldcenter.org/ Bayshore Solutions
http://nighttimehawaii.com/ ISLE-CC.COM
http://theandybumataishow.com/ ISLE-CC.COM
http://twp.freehold.nj.us/ Net Access Corporation
http://vastu-consultant.com zabco.net
http://wheelworks.net/ RACKSPACE.COM
http://www.ad2tampabay.org/ Bayshore Solutions
http://www.artgonepostal.com/ Bayshore Solutions
http://www.azcardinal.com/ Net Access Corporation
http://www.beaverhill.com/ Net Access Corporation
http://www.comp4us.com/ register.com
http://www.educatedchoices.com/ Net Access Corporation
http://www.ekitron.com/ register.com
http://www.gslsavingsbank.com/ Net Access Corporation
http://www.humboldtcreamery.com IMCONLINE.NET
http://www.jmfe-solutions.com/ Bayshore Solutions
http://www.jobs4police.com/ Net Access Corporation
http://www.mekreview.com/ yahoo.com
http://www.njcee.org/ Net Access Corporation
http://www.novanews.org/ Net Access Corporation
http://www.ohanaroad.net/ ISLE-CC.COM
http://www.olisystems.com Net Access Corporation
http://www.orionbank.com Bayshore Solutions
http://www.pandj.com/ Bayshore Solutions
http://www.paradigmlearning.com/ Bayshore Solutions
http://www.protoexpress.com/ SPRINTLINK.NET
http://www.rowclearing.com/ NAMERESOLVE.COM
http://www.scedp.com/ Net Access Corporation
http://www.sussexcountychamber.org/ Net Access Corporation
http://www.sussexredcross.org/ Net Access Corporation
http://www.trenam.com/ Bayshore Solutions
http://www.trenamkemker.com/ Bayshore Solutions
http://www.vansonleathers.com/ imconline.net
http://www.villagealliance.org/ Net Access Corporation
http://www.webagent.nl dds.nl

Tags: ,
Posted in hack | No Comments »

Bayshore Solutions and Chinese Hackers

Tuesday, November 3rd, 2009

I had to put the annalisis of Trenam.com on hold while investigating the very suspicious link that was hidden in their footer. It turns out that they’re hosted over at Bayshore Solutions (one of the biggest local hosting providers) and that one of two possible situations exists over there:

1.) The CMS that Bayshore uses to maintain it’s customers’ sites is exploited and someone is using it to sell links and transfer page rank at will.

OR

2.) Bayshore or perhaps an ex-employee of Bayshore is hand inserting links into sites that they know have no tracking code installed and therefore no one will get any reports of the outboud activity.

Judging from the comments at JobVent.com I’m betting on the second option :-)

I’ve backtraced the hack and put together a list of 10 of Bayshore’s clients who I know are hacked… called two of them and had them call Bayshore to get the hacks removed… now we’ll see if there is any proactive work done… I’ll watch the other 8 that I know of and see if Bayshore cleans them up.

Stay tuned.

Posted in hack | No Comments »

Funny business at Trenam.com

Monday, November 2nd, 2009

Home Page notes:
Meta Keywords = none
Meta Description = none
Title = Trenam Kemker (short)
H1 = none
no doctype tag
tables, no divs.
code heavy
Domain age: 12/1996

very wierd outbound link in the footer:
811229.com a import company from china it’s the only outbound on the site and it’s on every page. Sure hope that the partners own that company, otherwise, somebody’s going to fired.

Domain Name : 811229.com
PunnyCode : 811229.com
Creation Date : 2008-10-30 08:22:32
Updated Date : 2009-10-07 07:54:05
Expiration Date : 2010-10-30 08:22:24

Registrant:
Organization : baolaimi
Name : lin jie
Address : Ji Mei
City : Xia Men
Province/State : Fu Jian
Country : CN
Postal Code : 361021

bunches of garbage start and stop tags in the content the actual content is nested 13 spans deep.
shouldn’t hurt anything but can’t help at all.

Posted in hack | No Comments »