...

View Full Version : Weird Forum Compression Error



Nblufire12
12-09-2008, 09:51 PM
Hey guys,

On my home computer, when I go to my website, www.WTFDotA.com/forums, I get a compression error. Yet when I view my site on a proxy, it works... Any idea why this is happening?

oesxyl
12-09-2008, 09:59 PM
Hey guys,

On my home computer, when I go to my website, www.WTFDotA.com/forums, I get a compression error. Yet when I view my site on a proxy, it works... Any idea why this is happening?

not sure but I guess, security problem:


<script>document.write(unescape('%3C%73%63%72%69%70%74%3E%0D%0A%76%61%72%20%72%20%3D%20%4D%61%74%68%2E%72%61 %6E%64%6F%6D%28%29%3B%0D%0A%72%3D%72%2A%35%30%3B%0D
%0A%69%66%28%72%3E%34%39%29%0D%0A%64%6F%63%75%6D%65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66% 3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%31%73%74%6F%6E%6C%69
%6E%65%64%65%67%72%65%65%73%2E%63%6F%6D%2F%6F%6E%6C%69%6E%65%2D%64%65%67%72%65%65%73%2D%74%69%6D%65% 6F%75%74%2E%68%74%6D%22%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E
'));</script></body>


regards

Nblufire12
12-09-2008, 10:01 PM
What is that script?

I'm using SimpleMachines.org Forum

oesxyl
12-09-2008, 10:08 PM
What is that script?

I'm using SimpleMachines.org Forum
open the page from the link you posted to view the source and look at the end. You will find this piece of javascript. I didn't decode it to see what is doing but I guess that will write in the page a link to some data center. Any time somebody request the page will also send a request to the ip from that link.

regards

oesxyl
12-09-2008, 10:16 PM
What is that script?

I'm using SimpleMachines.org Forum
this is the source for the page from the link you posted:


HTTP/1.1 200 OK
Date: Tue, 09 Dec 2008 22:12:27 GMT
Server: Apache/2.2.10 (Unix) mod_ssl/2.2.10 OpenSSL/0.9.8b mod_bwlimited/1.4
X-Powered-By: PHP/5.2.6
Pragma: no-cache
Cache-Control: private
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: PHPSESSID=a0bacf71f3a50f90376f21ac934c9703; path=/
Last-Modified: Tue, 09 Dec 2008 22:12:27 GMT
X-Powered-By: ModLayout/5.1
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="WTFDotA - Index" />
<meta name="keywords" content="PHP, MySQL, bulletin, board, free, open, source, smf, simple, machines, forum" />
<script language="JavaScript" type="text/javascript" src="http://wtfdota.com/forums/Themes/default/script.js?fin11"></script>
<script language="JavaScript" type="text/javascript"><!-- // --><![CDATA[
var smf_theme_url = "http://wtfdota.com/forums/Themes/Zilhicceh";
var smf_images_url = "http://wtfdota.com/forums/Themes/Zilhicceh/images";
var smf_scripturl = "http://wtfdota.com/forums/index.php";
var smf_iso_case_folding = false;
var smf_charset = "UTF-8";
// ]]></script>
<script language="JavaScript" type="text/javascript" src="http://wtfdota.com/forums/Themes/Zilhicceh/chrome.js"></script>
<title>WTFDotA - Index</title>
<link rel="stylesheet" type="text/css" href="http://wtfdota.com/forums/Themes/Zilhicceh/style.css?fin11" />
<link rel="stylesheet" type="text/css" href="http://wtfdota.com/forums/Themes/default/print.css?fin11" media="print" />
<link rel="help" href="http://wtfdota.com/forums/index.php?action=help" target="_blank" />
<link rel="search" href="http://wtfdota.com/forums/index.php?action=search" />
<link rel="contents" href="http://wtfdota.com/forums/index.php" />
<link rel="alternate" type="application/rss+xml" title="WTFDotA - RSS" href="http://wtfdota.com/forums/index.php?type=rss;action=.xml" />
<script language="JavaScript" type="text/javascript"><!-- // --><![CDATA[
var current_header = false;

function shrinkHeader(mode)
{
document.cookie = "upshrink=" + (mode ? 1 : 0);
document.getElementById("upshrink").src = smf_images_url + (mode ? "/upshrink2.gif" : "/upshrink.gif");

document.getElementById("upshrinkHeader").style.display = mode ? "none" : "";
document.getElementById("upshrinkHeader2").style.display = mode ? "none" : "";

current_header = mode;
}
// ]]></script>
<script language="JavaScript" type="text/javascript"><!-- // --><![CDATA[
var current_header_ic = false;

function shrinkHeaderIC(mode)
{
document.cookie = "upshrinkIC=" + (mode ? 1 : 0);
document.getElementById("upshrink_ic").src = smf_images_url + (mode ? "/expand.gif" : "/collapse.gif");

document.getElementById("upshrinkHeaderIC").style.display = mode ? "none" : "";

current_header_ic = mode;
}
// ]]></script>
</head>
<body>
<div id="wrapper"/>
<div id="header">
<div id="head-l">

<div id="head-r">
<div id="userarea">
Welcome, <b>Guest</b>. Please <a href="http://wtfdota.com/forums/index.php?action=login">login</a> or <a href="http://wtfdota.com/forums/index.php?action=register">register</a>.<br />

December 09, 2008, 05:12:27 PM<br />
</div>
<div id="arama">
<form action="http://wtfdota.com/forums/index.php?action=search2" method="post" accept-charset="UTF-8">
<input class="inputbox" type="text" name="search" value="Search..." onfocus="this.value = '';" onblur="if(this.value=='') this.value='Search...';" />
</form>
</div>

<a href="http://wtfdota.com/forums/index.php?action=forum" title=""><span id="logo"> </span></a>
</div>
</div>
</div>
<div id="navb">
<div id="navb-l">
<div id="navb-r">
<div id="navarea">

<div id="MainMenu">
<div id="tab">
<ul><li><a class="current" href="http://wtfdota.com/forums/index.php"><span>Home</span></a></li><li><a href="http://wtfdota.com/forums/index.php?action=help"><span>Help</span></a></li><li><a href="http://wtfdota.com/forums/index.php?action=search"><span>Search</span></a></li><li><a href="http://wtfdota.com/forums/index.php?action=login"><span>Login</span></a></li><li><a href="http://wtfdota.com/forums/index.php?action=register"><span>Register</span></a></li>
</ul>
</div></div>
</div> </div> </div> </div>
<div id="mainarea">
<div id="sag">
<div id="sol">
<div id="alt">
<div id="altsag">
<div id="altsol">
<div id="ust">
<div id="ustsag">
<div id="ustsol">
<table width="100%" cellpadding="0" cellspacing="0">
<tr><script type="text/javascript"><!--
google_ad_client = "pub-3600092021515237";
/* 468x60, created 12/7/08 */
google_ad_slot = "4814766002";
google_ad_width = 468;
google_ad_height = 60;
//-->

</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<td valign="bottom"><div class="nav" style="font-size: smaller; margin-bottom: 2ex; margin-top: 0ex; padding-bottom: 0ex; padding-left: 2ex;"><b><a href="http://wtfdota.com/forums/index.php" class="nav">WTFDotA</a></b></div></td>
<td align="right">
</td>
</tr>
</table>
<div style="margin-top: 0;">
<div class="catbgf-l">
<div class="catbgf-r">
<div class="catbgf" style="padding-top: 5px; text-align: center; ">

<a name="1" href="http://wtfdota.com/forums/index.php#1">WTFDotA.com</a>

</div></div></div>

<div class="tborder">
<table border="0" width="100%" cellspacing="1" cellpadding="5" class="bordercolor" style="margin-top: 1px;">
<tr>
<td class="windowbg" width="6%" align="center" valign="top"><a href="http://wtfdota.com/forums/index.php?action=unread;board=4.0"><img src="http://wtfdota.com/forums/Themes/Zilhicceh/images/off.png" alt="No New Posts" title="No New Posts" /></a>

</td>

<td class="windowbg2">
<b><a href="http://wtfdota.com/forums/index.php?board=4.0" name="b4">News &amp; Important info</a></b><br />
Welcome to our forums. Here you will find the latest information provided by our top administrators.
<br /><span class="smalltext">
<b>Last post:</b><img src="http://wtfdota.com/forums/Themes/Zilhicceh/images/arrow.gif" alt="" border="0" style="margin:0 2px 0 0;" /> <a href="http://wtfdota.com/forums/index.php?topic=6.msg31#new" title="Re: WE Are Officially back -- IPB &lt; SMF">Re: WE Are Officially ba...</a>
by <a href="http://wtfdota.com/forums/index.php?action=profile;u=30">triplebug</a>
on <b>Today</b> at 04:07:33 AM
</span>
</td>
<td class="windowbg" valign="middle" align="center" style="width: 12ex;">
<span class="largetext">7</span><br /><span class="smalltext">Posts</span>
</td>
<td class="windowbg" valign="middle" align="center" style="width: 12ex;">
<span class="largetext">1</span><br /><span class="smalltext">Topics</span>
</td>
</tr>
</table></div>
</div><br />

<div class="catbgf-l">

<div class="catbgf-r">

<div class="catbgf" style="padding-top: 5px; text-align: center; ">

<a href="#" onclick="shrinkHeaderIC(!current_header_ic); return false;"><img id="upshrink_ic" src="http://wtfdota.com/forums/Themes/Zilhicceh/images/collapse.gif" alt="*" title="Shrink or expand the header." style="margin-right: 2ex;" align="right" /></a>

WTFDotA - Info Center

</div>

</div>

</div>



<div class="tborder" >

<div id="upshrinkHeaderIC">

<table border="0" width="100%" cellspacing="1" cellpadding="4" class="bordercolor">

<tr>

<td class="titlebg" colspan="2">Forum Stats</td>

</tr>

<tr>

<td class="windowbg" width="20" valign="middle" align="center">

<a href="http://wtfdota.com/forums/index.php?action=stats"><img src="http://wtfdota.com/forums/Themes/Zilhicceh/images/icons/info.gif" alt="Forum Stats" /></a>

</td>

<td class="windowbg2" width="100%">

<span class="middletext">

22 Posts in 11 Topics by 29 Members. Latest Member: <b> <a href="http://wtfdota.com/forums/index.php?action=profile;u=30">triplebug</a></b>

<br /> Latest Post: <b>&quot;<a href="http://wtfdota.com/forums/index.php?topic=6.msg31#new" title="Re: WE Are Officially back -- IPB &lt; SMF">Re: WE Are Officially ba...</a>&quot;</b> ( <b>Today</b> at 04:07:33 AM )<br />

<a href="http://wtfdota.com/forums/index.php?action=recent">View the most recent posts on the forum.</a><br />

<a href="http://wtfdota.com/forums/index.php?action=stats">[More Stats]</a>

</span>

</td>

</tr>

<tr>

<td class="titlebg" colspan="2">Users Online</td>

</tr><tr>

<td rowspan="2" class="windowbg" width="20" valign="middle" align="center">

<img src="http://wtfdota.com/forums/Themes/Zilhicceh/images/icons/online.gif" alt="Users Online" />

</td>

<td class="windowbg2" width="100%">

1 Guest, 1 User

<div class="smalltext">

Users active in past 15 minutes:<br /><a href="http://wtfdota.com/forums/index.php?action=profile;u=1" style="color: #008000;">NbLuFiRe12</a>

<br />



</div>

</td>

</tr>

<tr>

<td class="windowbg2" width="100%">

<span class="middletext">

Most Online Today: <b>5</b>.

Most Online Ever: 13 (<b>Yesterday</b> at 03:17:37 PM)

</span>

</td>

</tr>

<tr>

<td class="titlebg" colspan="2">Login <a href="http://wtfdota.com/forums/index.php?action=reminder" class="smalltext">(Forgot your password?)</a></td>

</tr>

<tr>

<td class="windowbg" width="20" align="center">

<a href="http://wtfdota.com/forums/index.php?action=login"><img src="http://wtfdota.com/forums/Themes/Zilhicceh/images/icons/login.gif" alt="Login" /></a>

</td>

<td class="windowbg2" valign="middle">

<form action="http://wtfdota.com/forums/index.php?action=login2" method="post" accept-charset="UTF-8" style="margin: 0;">

<table border="0" cellpadding="2" cellspacing="0" align="center" width="100%"><tr>

<td valign="middle" align="left">

<label for="user"><b>Username:</b><br />

<input type="text" name="user" id="user" size="15" /></label>

</td>

<td valign="middle" align="left">

<label for="passwrd"><b>Password:</b><br />

<input type="password" name="passwrd" id="passwrd" size="15" /></label>

</td>

<td valign="middle" align="left">

<label for="cookielength"><b>Minutes to stay logged in:</b><br />

<input type="text" name="cookielength" id="cookielength" size="4" maxlength="4" value="60" /></label>

</td>

<td valign="middle" align="left">

<label for="cookieneverexp"><b>Always stay logged in:</b><br />

<input type="checkbox" name="cookieneverexp" id="cookieneverexp" checked="checked" class="check" /></label>

</td>

<td valign="middle" align="left">

<input type="submit" value="Login" />

</td>

</tr></table>

</form>

</td>

</tr>

</table>

</div>

</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="footer">
<div id="footer-l">
<div id="footer-r">
<div id="footerarea">
<span class="smalltext">
<span class="smalltext" style="display: inline; visibility: visible; font-family: Verdana, Arial, sans-serif;"><a href="http://www.simplemachines.org/" title="Simple Machines Forum" target="_blank">Powered by SMF 1.1.7</a> |

<a href="http://www.simplemachines.org/about/copyright.php" title="Free Forum Software" target="_blank">SMF &copy; 2006-2008, Simple Machines LLC</a>
</span><br /><font color="#757575">Theme </font><font color="#858585"><b>Zilhicceh By</b></font> <a href="http://www.fussilet.com" target="_blank">Fussilet</a></span>
<p align="center"><span class="smalltext">Page created in 0.025 seconds with 10 queries.</span></p>
</div>
</div>
</div>
</div>
<div id="ajax_in_progress" style="display: none;">Loading...</div>

<script>document.write(unescape('%3C%73%63%72%69%70%74%3E%0D%0A%76%61%72%20%72%20%3D%20%4D%61%74%68%2E%72%61 %6E%64%6F%6D%28%29%3B%0D%0A%72%3D%72%2A%35%30%3B%0D%0A%69%66%28%72%3E%34%39%29%0D%0A%64%6F%63%75%6D% 65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%31%73%74%6 F%6E%6C%69%6E%65%64%65%67%72%65%65%73%2E%63%6F%6D%2F%6F%6E%6C%69%6E%65%2D%64%65%67%72%65%65%73%2D%74 %69%6D%65%6F%75%74%2E%68%74%6D%22%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E'));</script></body>
</html>

take a look before </body></html>.

regards

Nblufire12
12-09-2008, 10:18 PM
I see what I did wrong,

in the forum settings I enabled compression, so i went into phpmyadmin and put this in


REPLACE INTO smf_settings VALUES ('enableCompressedOutput', 0);

_Aerospace_Eng_
12-09-2008, 10:20 PM
This is what the part of the script is

<script>
var r = Math.random();
r=r*50;
if(r>49)
document.location.href="http://www.1stonlinedegrees.com/online-degrees-timeout.htm";
</script>
Looks like its trying to redirect to another site.

oesxyl
12-09-2008, 10:25 PM
I see what I did wrong,

in the forum settings I enabled compression, so i went into phpmyadmin and put this in


REPLACE INTO smf_settings VALUES ('enableCompressedOutput', 0);
this have nothing to do with compression. Somebody break into your server and had install a rootkit, maybe a worm or something else. There is a script somewhere who attach to this page that piece of javascript.
Talk to your hosting provider. You must clean up the server, change password and make it more secure.

regards

Nblufire12
12-10-2008, 10:30 PM
lol im actually using 1sthoster.com

and its part of their hosting

free hosting as long as all error 404's go to their sponsor...

smart idea!

_Aerospace_Eng_
12-11-2008, 12:19 AM
Thats not what that does. Its random. If r is ever greater than 49 it will go to that site.

Nblufire12
12-11-2008, 01:45 AM
ehh what?!?

The Forum's fixed...

_Aerospace_Eng_
12-11-2008, 03:54 AM
Umm no its not. This is at the bottom of your page

<script>document.write(unescape('%3C%73%63%72%69%70%74%3E%0D%0A%76%61%72%20%72%20%3D%20%4D%61%74%68%2E%72%61 %6E%64%6F%6D%28%29%3B%0D%0A%72%3D%72%2A%35%30%3B%0D%0A%69%66%28%72%3E%34%39%29%0D%0A%64%6F%63%75%6D% 65%6E%74%2E%6C%6F%63%61%74%69%6F%6E%2E%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%31%73%74%6 F%6E%6C%69%6E%65%64%65%67%72%65%65%73%2E%63%6F%6D%2F%6F%6E%6C%69%6E%65%2D%64%65%67%72%65%65%73%2D%74 %69%6D%65%6F%75%74%2E%68%74%6D%22%3B%0D%0A%3C%2F%73%63%72%69%70%74%3E'));</script></body>

It translates to this

<script>
var r = Math.random();
r=r*50;
if(r>49)
document.location.href="http://www.1stonlinedegrees.com/online-degrees-timeout.htm";
</script>
If r is ever greater than 49 it will go to the site above.

Nblufire12
12-11-2008, 04:03 AM
Gah its my WebHost

I e-mailed them and they said its part of the agreeements lawl



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum