SlotoCash on WP Hacker's Page

Discussion in 'Deckmedia Affiliates' started by AussieDave, Oct 7, 2017.

Tags:
  1.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,931
    Likes Received:
    1,452
    Joined:
    Nov 28, 2013
    Worse though, this low life scum bag hacker, is using my Brand Name (title and description), and has subsequently hacked a site, and populated it with a crap load of links, and again used my Brand Name upteen dozen times in the text.

    You'll need to use the Google Cache (to see the hack)...

    google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjqiJLhst7WAhUHObwKHbtxDXEQFggmMAA&url=http%3A%2F%2Fwww.bgtinteriorsolutions.com%2Fclient-portal&usg=AOvVaw120Q7RPMQZdwLCANB0WDPB

    Without the Cache, bgtinteriorsolutions.com/client-portal redirects to the "hacker's site: top-trustedcasinos.com

    I was under the impressing the hacker account got closed last year some time, least that's what we go told here at AGD. How has this hacker managed to gain another DeckMedia aff account???!!!
     
  2.  
    NoLuckNeeded

    NoLuckNeeded Affiliate Guard Dog Member

    Messages:
    204
    Likes Received:
    54
    Joined:
    Aug 5, 2007
    [​IMG]
     
  3.  
    Frank

    Frank Affiliate Guard Dog Member

    Messages:
    386
    Likes Received:
    172
    Joined:
    Jan 7, 2015
    couldnt see them myself there.. perhaps removed?
     
  4.  
    sloto

    sloto Affiliate Program Representative

    Messages:
    670
    Likes Received:
    313
    Joined:
    Feb 26, 2009
    Hi AussieDave

    Where do you see Slotocash?

    Please let us know asap, also show us what's been hacked

    The account and links will be disabled immediately

    Appreciate your help

    DECKMEDIA AFFILIATE TEAM
     
    RazorGamer likes this.
  5.  
    Redbush54

    Redbush54 Affiliate Guard Dog Member

    Messages:
    316
    Likes Received:
    39
    Joined:
    Mar 7, 2009
    Doesn't redirect for me either.
     
  6.  
    Bonus Paradise

    Bonus Paradise Affiliate Guard Dog Member

    Messages:
    747
    Likes Received:
    110
    Joined:
    Mar 30, 2008
    Does not redirect me.

    Thing with these hacked pages is, that they are geotargeted.
    I am there and see a few lines content in dutch and 2 casinos (Bob Casino and Play Amo)

    Some other countries may see SlotoCash
     
  7.  
    inspiration

    inspiration Affiliate Guard Dog Member

    Messages:
    977
    Likes Received:
    169
    Joined:
    Feb 20, 2009
    [​IMG]

    account 324586 + 324587 + 324588 + a lot more ?
     
    AussieDave, Bonus Paradise and Shay like this.
  8.  
    sloto

    sloto Affiliate Program Representative

    Messages:
    670
    Likes Received:
    313
    Joined:
    Feb 26, 2009
    Great thanks very much, please can you explain where the hack is? Then we can get this shut down
     
    RazorGamer likes this.
  9.  
    inspiration

    inspiration Affiliate Guard Dog Member

    Messages:
    977
    Likes Received:
    169
    Joined:
    Feb 20, 2009
    ...shut down.....and reopen a new one ?

    is his email dslash @ yandex.ru ?
     
  10.  
    sloto

    sloto Affiliate Program Representative

    Messages:
    670
    Likes Received:
    313
    Joined:
    Feb 26, 2009
    Please note this is one account, they are campaign IDs.

    Please can you explain where the hack is?

    Thanks for your assistance.
     
    RazorGamer likes this.
  11.  
    Shay

    Shay Affiliate Guard Dog Member

    Messages:
    141
    Likes Received:
    130
    Joined:
    Nov 27, 2011
    See the original post for details of location of the "hack".
     
  12.  
    Engineer

    Engineer Super Moderator

    Messages:
    2,457
    Likes Received:
    217
    Joined:
    Dec 14, 2006
    To see the hack in action, you have to visit bgtinteriorsolutions.com/client-portal (or any of the hacked URLs from that site) by clicking to it from the Google search results. If you go there directly, it does not redirect. Try this:

    1. Go to Google, type this into the search bar:

    site:bgtinteriorsolutions.com

    2. Scroll down and look at the titles of the search results. This website is not a casino website -- yet there are titles related to casinos (these are the hacked pages). Click any title that mentions a casino.

    3. As soon as you click, you are redirected to top-trustedcasinos.com

    4. Click the link to SlotoCash. After doing that, in my Chrome cookies, I found this affid for SlotoCash: 15140
     
  13.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,931
    Likes Received:
    1,452
    Joined:
    Nov 28, 2013
    Yes Engineer is correct, ty :)

    I must have accidently screwed up the Google cache link, sorry about that. Here is the correct link (it displayed the hacked content - along with my Brand Name used a zillion times):
    http://webcache.googleusercontent.c...s.com/client-portal+&cd=7&hl=en&ct=clnk&gl=nz

    NB - bgtinteriorsolutions, is a tile company located in the USA. Their site using WordPress. It has been hacked by your affiliate, Paul.

    Very sneaky hack... If you visit bgtinteriorsolutions.com, and click on the Navigation Link - CLIENTS > CLIENT PORTAL (hxxp://bgtinteriorsolutions.com/client-portal) it will display the correct page.

    However, this hack works by identifying a person use a SE, when that happens, hxxp://bgtinteriorsolutions.com/client-portal, redirects to: top-trustedcasinos.com


    In the source code of that page is some funky script:
    Code:
    <script>
        (function() {
     
        /*alert('http://deckaffiliates.com/c/324590  ');*/
        /*console.log('http://deckaffiliates.com/c/324590  ');*/
        var aim_url         = 'http://deckaffiliates.com/c/324590  '.replace(/&amp;/g,'&');
        var SID             = "3565754fb6af92d36e8dd5def6f54130";
        function extractQuery()
        {
            var url         = [];
            var param       = [];
            url[0]          = "www.google.com";     param[0]        = "q";
            url[1]          = "search.yahoo.com";   param[1]        = "p";
            url[2]          = "www.bing.com";       param[2]        = "q";
            url[3]          = "www.google.";        param[3]        = "q";
            url[4]          = "www.ask.com";        param[4]        = "q";
            url[5]          = "search.live.com";    param[5]        = "q";
            url[6]          = "www.altavista.com";  param[6]        = "q";
            url[7]          = "search.aol.com";     param[7]        = "query";
            url[8]          = "yandex.ru";          param[8]        = "text";
            var ref         = document.referrer;
    
    And other stuff which, to me, looking like this hacker is cookie stuffing with a hidden iframe... Class act this piece of crap is.

    How about you release his details Paul, NO criminal deserve to be protected by Privacy, when they hack people's site, and use Brand Name(s) for illegal purposes.
     
    Last edited: Oct 9, 2017
    Engineer, Shay and DaftDog like this.
  14.  
    sloto

    sloto Affiliate Program Representative

    Messages:
    670
    Likes Received:
    313
    Joined:
    Feb 26, 2009
    Thanks very much, the links should be dead now.
     
  15.  
    AussieDave

    AussieDave 17 years & still going!

    Messages:
    2,931
    Likes Received:
    1,452
    Joined:
    Nov 28, 2013
    As I've said before, the BIG problem isn't Wordpress per se, it's the fact that most people who use it, are not webmasters.

    Hence, they are totally clueless about security, updates and plugin vulnerabilities etc. This sheer lack of expertise, has been a blessing for the "hacker(s)" - it's akin to shooting fish in a barrel...

    At an educated guess, 99% these WP hacks are being done via theme/plugin vulnerabilities, or at the very least people not changing the login from Admin, and using a dumb password (mycatbob - which could be easily hacked).

    Edit:
    Only have to pull up your server's raw log file, and you'll see hundreds of probing instances, seeking specific WP plugins/themes.

    Way back in 2009 WP used to be very diligent about allowing plugin/themes on the WP repository. Now, well I guess it's hard to do that with so many around.
     
    Last edited: Oct 9, 2017
    Zuga and Shay like this.
  16. admin Notification Admin Staff Member

    A reminder is sent to all affiliate managers.

Share This Page