Comments on: Your PayPal Account Survey ID: XWKLJBXLGP – Yep The Old Virus Dowload Trick

By: charle

charle — Thu, 07 Apr 2011 05:02:57 +0000

Paypal won’t allow that kind of thing and of course Paypal don’t have any kind of surveys.

This message scams must stop before getting any victim.

Anyway great post!

-Charle
Visit us @: http://www.HowToSpeedUpYourComputer.net

By: Mr Spamalicious

Mr Spamalicious — Thu, 27 May 2010 20:48:38 +0000

Bummer. I assume you have some database backups to reinstall all your posts. If not Google has a lot of your pages cached and you could cut and paste the content and rebuild a lot of the content that way. I had to do it for one of my blogs a while back and it worked perfectly. Good luck.

By: Ian

Ian — Thu, 27 May 2010 20:34:35 +0000

I was given an email from SpamCop that my server was being used as a spambot. I searched my website’s address to see how public it’s become, and I found this site. The spam attack began 7:02AM this morning. I still have yet to find out the origin, so I’m pretty much set on a wipe. This sucks.

By: Mr Spamalicious

Mr Spamalicious — Thu, 27 May 2010 19:54:31 +0000

So I’m curious. How did you discover the hack? Obviously you visited this site at some point. Google indexes my pages instantaneously so whenever I make a new post it immediately ranks for it’s keywords. I assume you discovered it first then went searching and found Spam Diary.

By: Ian

Ian — Thu, 27 May 2010 19:13:25 +0000

The sneaky bastard made their c99shell file renamed -almost- identical to one of my other files. The strange thing is that there has to be a back-up file somewhere if it had the name it did. It’s not a filename visible to the public. It really sucks when you have a website dedicated to the public, not for profit, and you get hacked.

By: Mr Spamalicious

Mr Spamalicious — Thu, 27 May 2010 18:38:21 +0000

Holy cow. That really sucks. Clearly the work of one of the more sophisticated hackers. I feel your pain. One good thing is that I haven’t seen a spike in visitors searching for the email in question so hopefully it’s not widespread yet. When a piece of spam is widespread, and I post it, I get a huge spike in traffic from people searching for information. Right now the itunes $50 gift certificate virus scam is off the charts again.

By: Ian

Ian — Thu, 27 May 2010 18:24:50 +0000

I’ve scanned my apache and ftp logs, but I’m unable to locate the reason the files are even being re-created. I’ve deleted the update-au many times already. I’ve also sealed away my up-to-date wordpress blog, yet the attack persists. I might just end up re-doing the whole system. I haven’t even found any vulnerable files yet, sadly.

By: Mr Spamalicious

Mr Spamalicious — Thu, 27 May 2010 18:05:50 +0000

Look at the code in the index page. I bet there’s a bunch of code in the header that is designed to execute some malicious process. Delete it and then change your passwords on your FTP and Cpanel accounts.

Glad you’re doing something about it. This website (asasteelstructures.co.uk) was hacked in March and a spammer is using it to deliver malicious payloads. I emailed the company about the problem and it’s now almost June and they still haven’t fixed it. I wrote about it here: http://www.spamdiary.com/2010/03/asa-steel-structures-ltd-looking-for-mules-uh-i-mean-sales-representives/.

What dummies.

By: Ian

Ian — Thu, 27 May 2010 17:43:01 +0000

I’m shocked at what has happened. That is my website that had been hacked. Unfortunetely, I have yet to discover the root of the problem.