have I been hacked ?

[Delicious Webdesign]

just noticed a clients website that we are starting to develop has stared to show html validation errors where it didnt previously and the code it shows is nowhere on the site ?? very puzzled here !

the mystery code from http://www.silentbubbles.com/ is below
I also noticed that when you navigate to the dive courses page the URL in the browser bar doesnt show this page

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=iso-8859-1">
<title>silentbubbles.com</title>
</head>
<frameset rows="100%,*" border="0" frameborder="no" framespacing="0">
<frame name="site" src="http://www.silent-bubbles.com" marginwidth="0" marginheight="0" noresize scrolling="auto">
<noframes>
<body bgcolor="#ffffff">
<p></p>
</body>
</noframes>
</frameset>
</html>anyone got an idea about this ?

 

[TotallySport]

Your building the site using frames, (which isn't generally a good idea), if you right click on the page in firefox and select this frame > view source of this frame you will see the correct code.

 

[jadexsoln]

Sounds like your domain name might have been hijacked and your site wrapped up back in a frame by the looks of the code you've quoted.

If you ping the URL does it resolve to the IP address you expect?

 

[stugster]

The site www.silent-bubbles.com passes validation.

http://validator.w3.org/check?uri=h...(detect+automatically)&doctype=Inline&group=0

The site www.silentbubbles.com fails because of the variables in the frameset.



If you set up the www.silentbubbles.com site as a frame to include www.silent-bubbles.com, then that's why it's failing the validation. I'm pretty sure google will look at this as duplicate content, but I'm no SEO pro.

Ideally, you want one main domain for the site, and all other domains doing a "301 Redirection". Google is your friend for how to do this on different hosting platforms.

 

[jadexsoln]

I think Delicious is saying that the code for the frameset has appeared on his site and they didn't put it there?? Which indicates somebody else has put it there....... :|

 

[davidshaw89]

I read something about this the other day.

A few big sites in America have been hacked and its something to do with showing the normal website in a frame so the user doesn't suspect anything - allowing the person who has hacked the site to download malware/spyware etc.

 

[stugster]

I think the first question we need answered from the designer is whether or not he/she actually put the frame in themselves.

 

[Delicious Webdesign]

I think the first question we need answered from the designer is whether or not he/she actually put the frame in themselves.

Thanks, we dont do frames and didnt add this to silentbubbles.com, but something I havent rulled out is if the client has done it (or another hosting company he arranged) as the main domain silent-bubbles.com is intact. At worse we would suggest doing a 301 redirect next best in my book would be creating a satallite site out of other related sites.

 

[MGSteve]

Right, I've done some digging, don't know if any of it is any use!

silent-bubbles.com has only been registered for a few days, it was registered on the 25th of March 2009.

This is the Whois Info for the domain:

Registration Service Provided By: Fast2host Limited
Contact: [email protected]
Visit: http://www.fast2host.com

Domain name: silent-bubbles.com

Registrant Contact:

Nick Bray ()

Fax:
49 Wydehurst Road
Addiscombe
Croydon, Surrey CR0 6NJ
GB

Administrative Contact:

Nick Bray ([email protected])
+1.2086203056
Fax:
49 Wydehurst Road
Addiscombe
Croydon, Surrey CR0 6NJ
GB

Technical Contact:

Nick Bray ([email protected])
+1.2086203056
Fax:
49 Wydehurst Road
Addiscombe
Croydon, Surrey CR0 6NJ
UK

Creation date: 25 Mar 2009 12:20:08
Expiration date: 25 Mar 2010 12:20:08

And silentbubbles.com is

Domain name: SILENTBUBBLES.COM
Created on: 2008-12-18
Updated on: 2008-12-18
Expires on: 2009-12-18
Registrant Name: GLOBAL DOMAIN PRIVACY
Contact: GLOBAL DOMAIN PRIVACY
Registrant Address: 33 Cavendish Square
Registrant City: London
Registrant Postal Code: W1G 0PW
Registrant Country: GB
Administrative Contact Organization: GLOBAL DOMAIN PRIVACY
Administrative Contact Name: Global Domain Privacy
Administrative Contact Address: 33 Cavendish Square
Administrative Contact City: London
Administrative Contact Postal Code: W1G 0PW
Administrative Contact Country: GB
Administrative Contact Email: [email protected]
Administrative Contact Tel: +44 207 1383172
Administrative Contact Fax: +44 207 1383172
Technical Contact Organization: GLOBAL DOMAIN PRIVACY
Technical Contact Name:
Technical Contact Address: 33 Cavendish Square
Technical Contact City: London
Technical Contact Postal Code: W1G 0PW
Technical Contact Country: GB
Technical Contact Email: [email protected]
Technical Contact Phone: +44 207 1383172
Technical Contact Fax: +44 207 1383172
Primary Name Server Hostname: NS0.PHASE8.NET
Secondary Name Server Hostname: NS1.PHASE8.NET

SilentBubbles.com is hosted on 85.233.160.70 & Silent-Bubbles.com is hosted on 146.101.123.4

I don't know if that will help you at all!

Both IPs have many websites hosted off them...

Bizarrely if you go to www.superscuba.com, you end up at EDS' website!

 

[cmcp]

I'm sure your intentions are all good MGSteve, but it might be best to request those details be edited out. It's not best form to go posting them on public forms imo.

 

[MGSteve]

I'm sure your intentions are all good MGSteve, but it might be best to request those details be edited out. It's not best form to go posting them on public forms imo.

Why not, its all information thats in the public domain... (pardon the pun). Its just basic 'whois' information that anyone can get.

 

[cmcp]

I understand what it is. I just consider posting other peoples contact details on public forums bad form. WHOIS details have to be retrieved and are not accessible through Google.

 

[MGSteve]

I understand what it is. I just consider posting other peoples contact details on public forums bad form. WHOIS details have to be retrieved and are not accessible through Google.

Erm, yeah, but punch the domain into any number of 'whois' tools online and you'll find the info. (e.g. http://whois.domaintools.com/silent-bubbles.com)

At the end of the day, given the topic of the thread, I thought it would be helpful for the OP...

 

[cmcp]

I'm quite aware how to retrieve WHOIS details, and like I said I don't doubt you have good intentions, but these parts of the forum are crawled by the search engines. If that sits fine with you fair enough

 

[MGSteve]

I'm quite aware how to retrieve WHOIS details, and like I said I don't doubt you have good intentions, but these parts of the forum are crawled by the search engines. If that sits fine with you fair enough

Well, if the person concerned wants them removed, he can always contact the admins - its happened occasionally with a forum I run. At the end of the day, if its in the public domain its fine as far as I'm concerned.

 

[wizzard]

The way I see it, if the individual who registered the domain wanted their details to remain private they would have opted to do so at the time it was registered.

 

[awebapart.com]

Who purchased and who is in control of which domain?

My initial guess is that the client purchased the silentbubbles domain a while ago, the web designer then set up a site on silent-bubbles, and the client has merely web forwarded the silentbubbles domain to the silent-bubbles domain. The web forwarding used is framed web forwarding provided by the registrar, namesco, hence the framed code (which is provided by namesco). All the client needs to do is change the web forwarding set up to non-framed web forwarding using the namesco control panel (which will provide a 302 temporary redirect), unless the client really wanted silentbubbles as the main hosted domain (in which case there is some extra domain and hosting reconfiguring required).

 

[cmcp]

The way I see it, if the individual who registered the domain wanted their details to remain private they would have opted to do so at the time it was registered.

I disagree.

 

[edmondscommerce]

It looks to me like you have set up framed forwarding on the hosting for the second domain. I bet you have set up forwarding somewhere and the method it is using is this frame.

I doubt this is a hack in all honesty

 

[Delicious Webdesign]

client is unaware of whats happened, i am assuming that he or one of his colleagues bought the domain and got the hosting provider to setup a forward and the default forward is the frame forwarding which will be dealt with later, once I get to the bottom of this.
Thanks for people's input here