Jump to content

Cre8asiteforums Internet Marketing
and Conversion Web Design


Photo

Help Me Find The Hack


  • Please log in to reply
11 replies to this topic

#1 Dr.Marie

Dr.Marie

    Light Speed Member

  • Invited Users For Labs
  • 582 posts

Posted 06 January 2012 - 08:42 AM

Grr....I think I may have been hacked again, but this time I can't figure it out. I'm not even sure if it is a hack though.

Occasionally, when I visit my site, I get an error message that says this:

Warning: include(http://www.mysite.com/adleaderboard.php) [function.include]: failed to open stream: HTTP request failed! HTTP/1.1 503 Service Temporarily Unavailable in /home/username/public_html/header.php on line 91
Warning: include() [function.include]: Failed opening 'http://www.mysite.com/adleaderboard.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/username/public_html/header.php on line 91
The error message appears in place of my leaderboard ad. The rest of the page loads perfectly.

The last time this happened, my .htaccess was hacked. I saw all sorts of lines that redirected people to a virus site depending on where they came from (Google, Bing, etc.).

This time, I see no changes in my .htaccess. And the site is not trying to redirect anyone.

The weird thing is that it is sporadic. I'll see the error once and then I access the page in the same way (or a different way) and it's not there.

The file it is trying to include is simply adsense code. I don't see anything weird in that file or in my header that calls it.

Any thoughts?

Edited by Dr.Marie, 06 January 2012 - 08:46 AM.


#2 jonbey

jonbey

    Eyes Like Hawk Moderator

  • Moderators
  • 4425 posts

Posted 06 January 2012 - 09:17 AM

Any server updates recently? Maybe a change in PHP or something which means the code no longer works? Total guess (I had a recent server upgrade that seemed, possibly, to cause more php errors).

#3 Dr.Marie

Dr.Marie

    Light Speed Member

  • Invited Users For Labs
  • 582 posts

Posted 06 January 2012 - 09:20 AM

Thanks Jon, but this wouldn't explain why it is sporadic. The include works fine now. I caught it happening once last night and once this morning. And really the only php code is a simple include. The file it is including is just pasted adsense code.

#4 jonbey

jonbey

    Eyes Like Hawk Moderator

  • Moderators
  • 4425 posts

Posted 06 January 2012 - 09:36 AM

is it the left side skyscraper? I see that OK.

Is it the same pages where is sometimes does not work? Maybe a page specific thing?

#5 EGOL

EGOL

    Professor

  • Hall Of Fame
  • 5478 posts

Posted 06 January 2012 - 09:37 AM

This is what I would do if it was my site....

I would hire a pro to examine the files of the site to be sure that they are clean.

Then I would move to new hosting. The spammers are either getting in through you and your machine, or through holes in the software you are using or through the host. Probably the host. Some hosts are not careful and this crap happens to them all of the time. Other hosts run a tighter service.

I would look for a host who serves some really important sites. A site that has lots of employees and lots of traffic is less likely to be on a shabby host.

#6 Dr.Marie

Dr.Marie

    Light Speed Member

  • Invited Users For Labs
  • 582 posts

Posted 06 January 2012 - 09:44 AM

Jon - The ad is not shown on my home page. If you click through on one of my questions then it is the leaderboard ad (i.e. horizontal 780 ad just under the header). Now that I'm trying it I can't get the error message to appear on any pages, even the ones that had it before. Frustrating.

EGOL - I am almost done cleaning up my code and databases in preparation to move to a new host. I guess it makes sense to have someone look at my code to see if they can find a hack so that I am clean before I move everything. Who could I hire to do that?

The weird thing is, I have been watching a lot of things. Every time I log in to my cpanel I check that the last ip that accessed the panel was mine. I also looked to see if any files were updated recently that I know I didn't update, and no. Grrrrrrrr.....it's not like I have better things to be doing today!

I also checked every single line of the source code of the offending page that had the error message and there is nothing there that I didn't put there myself.

#7 DonnaFontenot

DonnaFontenot

    Peacekeeper Administrator

  • Site Administrators
  • 3828 posts

Posted 06 January 2012 - 11:12 AM

Who could I hire to do that?


My best buddy, Michael, cleans hacked sites for a living. He focuses on WordPress, but I know he's cleaned non-wp sites as well. You can reach him from this post http://smackdown.blo...s-installation/ which actually links to his contact form at http://smackdown.blo...chael-vandemar/ . I wouldn't trust anyone else, frankly. He does this day in and day out, and is very thorough (and not real expensive).

#8 EGOL

EGOL

    Professor

  • Hall Of Fame
  • 5478 posts

Posted 06 January 2012 - 11:46 AM

He does this day in and day out,

He could probably tell you some hosts to avoid.

#9 jonbey

jonbey

    Eyes Like Hawk Moderator

  • Moderators
  • 4425 posts

Posted 06 January 2012 - 02:09 PM

How is your site built Marie? Is it a script you bought or one you threw together? Maybe there is a vulnerability sitting there somewhere?

#10 Dr.Marie

Dr.Marie

    Light Speed Member

  • Invited Users For Labs
  • 582 posts

Posted 06 January 2012 - 05:12 PM

Problem solved!

I put a ticket in with my host and their reply told me what was going on. It's not a hack. Rather, it's a "I need to change hosts soon" issue. :) (I suppose EGOL knows a thing or two after all).

So here's the thing...Here is how I initially included the file:

include('http://www.mysite.com/adleaderboard.php');

They said the problem would go away if I did this:
include('adleaderboard.php');

Apparently, when you do it by calling the entire URL it puts extra stress on the server. He said that the error message I get occurs if my site consumes more than 25% of a system resource within 90 seconds or if the server is under high load.

Lately, my traffic has increased significantly. (Some is due to a popular article, but a lot of it is a site-wide increase. I think it has a lot to do with rel-author and my photo appearing next to my pages in the SERPS). So, I'm likely putting more strain on the server.

It's true what EGOL said before. Some hosts promise "unlimited" bandwidth and "unlimited" disk space, but they don't tell you about the other limitations such as a limited number of mysql connections and server load issues like this.

I'm almost done preparing my site for migration...better do it soon before my site suffers more.

Thank you for trying to help everyone!

#11 EGOL

EGOL

    Professor

  • Hall Of Fame
  • 5478 posts

Posted 06 January 2012 - 11:19 PM

I have three sites that get a lot of traffic. Yesterday they received.. 35,963 visitors; 32,786 visitors; and 140,222 visitors. These sites received crap service from quite a few hosts until I finally found a host that doesn't promise unlimited anything. Instead they promise to charge you for everything that you use. They want your site to succeed because that is how they make more money. A stingy host does not want your site to succeed because they offered you hosting at a flat price. They are only protecting their wallet.

I am going to predict that when you get on stable hosting that your rankings will rise steadily for a few months. Why? Google spiders have been trying to follow the links that enter your site and they have hit an unresponsive server. You got a bad mark against your site every time this happened. And, I bet it was happening more and more as your traffic was growing. Also, when Google spiders tried to crawl your site they got booted off. Not good for your reputation.

Why would Google want to send visitors to a site that kicks visitors off? It makes Google look bad... so they don't promote your site as strongly.

When I moved my sites to hosting that made no unlimited promises I started getting a lot more traffic. I bet good things are gonna happen for you. Your competitors are in trouble.

Keep up the great work!

Edited by EGOL, 07 January 2012 - 08:57 AM.


#12 jonbey

jonbey

    Eyes Like Hawk Moderator

  • Moderators
  • 4425 posts

Posted 07 January 2012 - 02:44 PM

35,963 visitors; 32,786 visitors; and 140,222 visitors


Wow, I would like some of that traffic!



RSS Feed

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users