Did You Know...
You can earn UNLIMITED daily surfing bonuses at Magnify Traffic, even as a Free Member!

Jan 16

Genie Traffic, a new traffic exchange owned by Jack Schafer, had a solid launch. However this week someone hacked the server and installed a hidden Iframe on the homepage. Genie Traffic‘s host updated the server to prevent this from happening again and those changes caused someone problems with the traffic exchange script. As a result, users were unable to log in yesterday.

These problems were all taken care of quickly and everythig is running smoothly again. To my knowledge, no accounts appear to be affected by this ordeal. If you experienced differently, please let us know.

Hopefully this does not occur again in the future.

4 Responses to “Genie Traffic Server Hacked!”

  1. Tim Linden Says:

    I’m getting tired of so many hacked servers, and fixes happening after the fact. It seems too many people are only worried about security after the fact. Unfortunately this probably won’t change for quite a while, because people want to think they can trust others.

  2. Scott Says:

    Personally, I don’t like the term hacked. A hack is supposed to be a good thing. A fix, a workaround, an addition.

    These servers got CRACKED, or broken into, if you will. As a programmer, it’s disgusting, but something worth protecting against.

    If anybody has any information on how this server was exploited, please contact me using the contact form on blue-surf.net, so I can learn how to protect against such exploits, if I’m not already.

  3. Solomon Huey Says:

    I guess hacked is more of the term us non-techies (me!) use. =P

  4. Jon D. Atwood Says:

    The site wasn’t actually “hacked”. An exploit was used to inject the offending code into the infected pages. The server wasn’t actually compromised.

    Scott, the best way to protect yourself from these exploits is to make sure your server has the latest security updates for Apache, php, etc. You also want to have a firewall like CSF installed and add Mod_Security and a rule set into your Apache configuration.

    Jon