IXHosting dot Com hacked or a New Feature installed?

[Bob]

Hi - (see http://www.ixwebhosting.com/support/...n-you-need-it/ for reference)

for you Java-Script geeks, maybe you can explain this to the group.

Normally when one visits a webpage which doesn't have either index.htm (L) or default.htm (L) one will get a folder listing of all the files and sub-folders listed. Going back up to the root folder from the listing, one would then keep seeing every folder/file present until, the index or default .htm or .html is present...

Something happened since last Wednesday to today on ixhosting which supports thousands and thousands of webpages.. (I saw reference that Go-Daddy hosting also experienced a similar 'problem')

Here is the problem

Never had this issue before, but check this out

http://chanlo.com/z/

Here above is one of my folders which has ONE audio file in it.

There is NO index.htm or index.html, or default.htm, or default.html file in it so you SHOULD see a file listing appear in your browser.

Do you get a blank page instead?

Try looking at page source - - this is what comes up for PAGE SOURCE (I did not write or create that code and DO NOT HAVE that code anywhere in my website !! )


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<meta name="revisit-after" content="10">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript" language="JavaScript" src="http://cdn.dsultra.com/js/registrar.js"></script>
<script type="text/javascript" language="JavaScript"> registrar_frameset({a_id: 48873, drid: 'as-drid-2540437855034467'}); </script>
</head>
</html>

SO I looked up what the heck is this mysterious JAVA code inserted? WHAT the heck does it do, and WHY is it now there???

I didn't add that code to my website - it appeared mysteriously since this last Wednesday !!

Here is the .JS readout:

var domainname = window.location.hostname;
var google_afd_request = {
client: 'ca-dp-oversee_ncd',
domain_name: domainname,
referrer: document.referrer,
session_token: 'create'
};
var param_name = '';
var param_value = '';
var frame;

var registrar_frameset = function(params) {
if (params['a_id']) {
param_name = 'a_id';
}
else if (params['o_id']) {
param_name = 'o_id';
}
param_value = params[param_name];
frame = document.getElementById(params['frame']);

if (!frame) {
document.write('<title>' + domainname + '</title>\n');
document.write('<meta name="keywords" content="' + domainname + '">\n');
document.write('<meta name="description" content="' + domainname + '">\n');
}

var token_url = 'http://pagead2.googlesyndication.com/apps/domainpark/show_afd_ads.js';
document.write('<script type="text/javascript" language="JavaScript" ' +
'src="' + token_url + '"></' + 'script>\n');
}

function google_afd_ad_request_done(response) {
var url = 'http://dsnextgen#com/?domainname=' + domainname +
(param_name ? ('&' + param_name + '=' + param_value) : '') +
'&session_token=' + response.session_token;
if (frame) {
frame.name = domainname;
frame.src = url;
}
else {
document.write('<frameset rows="100%,*" frameborder="no" border="0" framespacing="0"><frame name="'
+ domainname + '" src="' + url + '"/></frameset>');
}
}

I am seeing that this code above is being inserted on webpages 'somehow'.

Is this some new tracking code, or hacking?

BY THE WAY

if you want to listen to the SOLE FILE that I DID put on the webpage, one CAN get a chance to listen to it by going directly to the exact LINK

http://chanlo.com/z/WhiteWhaleSong.mp3 - that SHOULD bring up an MP3 PLAYER..

That file is a holographic AUDIO file I did some years ago, up in Churchill Manitoba, recording IN MONO originally of the white WHALES in the river... Such MONO recording was converted to a HOLOGRAPHIC multi-dimension-audio (saved in stereo format).. What the file illustrates is the holographic content of "whale-song" (or advanced dolphin whale communications)... It's NOT just sonar ranging.. but advanced communications...

ANYWAY

Please your ideas about what happened to IXHOSTING and the other web-hosting sites experiencing this strange anomaly that appeared SINCE THIS Wednesday??

Thanks

(PS - having contacted 24/7 "LIVE CHAT" today to get some "live help", the chat person said, oh so sorry.. technical support isn't available 24/7.. try during work times Monday thru Friday...)

And if the server has been hacked, interesting the response.. There is another webpage suggesting that IXwebHosting as well as other hosters have started using HIDDEN PAY PER CLICK to gleen $$$$$$ without those hosting on their servers knowing about that.. I have NOT been able to verify that "claim" - has anyone been able to find out about illegal pay per click hidden "ads"??? Trying to sort out WHY this issue mysteriously appeared..