The Drunkjeans.com / Roundstorm.com Hack and how to get rid of it

- by

Saturday morning a couple of my sites were hacked by something I’ve not found a lot of info about. I’ll call it The Drunkjeans Hack. I’ve also found this being inserted from other domains (see below).

Some idiot has inserted a piece of code into the main index.php file that looks like this:


	

If you enjoy my content, please consider supporting me on Ko-fi. In return you can browse this whole site witout any pesky ads! More details here.

43 thoughts on “The Drunkjeans.com / Roundstorm.com Hack and how to get rid of it”

  1. we got it pretty bad

    inkrainbow.ru/quicktime.js

    pocketbloke.ru/QuickTime.js

    Search ".ru" (4255 hits in 1298 files)
    not all of them are the address but most are

  2. Same here. They “hacked” our website i think through ftp and installed the above code. The url of the javascript doesn’t exist and the funny thing is that google got it just before i could do something. (i found it straight away)

    Now i changed ftp password and changed also the infected files. (mostly .js files) and just one php file.

  3. WARNING:
    They dont hack your FTP or server directly (might be, but smaller chance).
    They infect the machine (probably with a .sys driver (try out bitdefender addon for FF)) that you used to upload your sites files to your webspace.
    If u stored your FTP credentials on it … they connect to your webspace and alter the the index and js files.
    So beware, changing FTP PW is only working until you log on to your space again if u dont clean your machine first !!!

  4. we got (Pantscow.ru) infected our blog most of them on .js files.
    sorry for your loss bro, [Search “.ru” (4255 hits in 1298 files)] its really a big deal. you should clean your PC first.

Add your voice!

This site uses Akismet to reduce spam. Learn how your comment data is processed.