ESM Posted February 5, 2013 Report Share Posted February 5, 2013 It appears zaxcom.com has been hacked. I use the NoScript plugin for Firefox, so I don't know how it pulls up on other computers, but here's a screenshot of the header on the Nomad page (attached). Quote Link to comment Share on other sites More sharing options...
VASI Posted February 5, 2013 Report Share Posted February 5, 2013 Nothing wrong. It's ok for me. Also Mozilla user here. Quote Link to comment Share on other sites More sharing options...
ESM Posted February 5, 2013 Author Report Share Posted February 5, 2013 Hmm. Strange. I wonder if it's something on my computer. When you Google "zaxcom nomad" do the search results say "this site may be compromised?" Quote Link to comment Share on other sites More sharing options...
VASI Posted February 5, 2013 Report Share Posted February 5, 2013 Nope. Everything work great here Brent. Quote Link to comment Share on other sites More sharing options...
ESM Posted February 5, 2013 Author Report Share Posted February 5, 2013 Any other users in the U.S. see a flag in the Google search results? Anyone else using NoScript see what I'm seeing? I must be using a different interweb... Quote Link to comment Share on other sites More sharing options...
Max Hirtenstein Posted February 5, 2013 Report Share Posted February 5, 2013 I see the same thing Brent. That's troubling. Google says its compromised. Quote Link to comment Share on other sites More sharing options...
Jeff Wexler Posted February 5, 2013 Report Share Posted February 5, 2013 Many times, on and off, Google has reported JWSOUND site "compromised" and then later it goes away. There are a number of Google initiated things that show up once in awhile without warning and I have no idea how to make it stop happening. Someone who knows a lot more about this stuff might give us some answers. Quote Link to comment Share on other sites More sharing options...
ESM Posted February 5, 2013 Author Report Share Posted February 5, 2013 I think there's something to it, given the hidden spammy text and links in the header. Probably just bots programmed to insert code into compromised sites. I used to operate a Wordpress site, the same thing happened. Once I upgraded to the newest version and installed a plugin designed to remove the malicious code, my site was unflagged by Google. Quote Link to comment Share on other sites More sharing options...
Chris Woodcock Posted February 5, 2013 Report Share Posted February 5, 2013 Many times, on and off, Google has reported JWSOUND site "compromised" and then later it goes away. There are a number of Google initiated things that show up once in awhile without warning and I have no idea how to make it stop happening. Someone who knows a lot more about this stuff might give us some answers.There was me thinking you were on the head honchos behind the group Anonymous Jeff Quote Link to comment Share on other sites More sharing options...
api Posted February 5, 2013 Report Share Posted February 5, 2013 Zaxcom.com is hacked for sure. Someone should email Glenn about this right away. Quote Link to comment Share on other sites More sharing options...
glenn Posted February 5, 2013 Report Share Posted February 5, 2013 It looks ok here at the mothership. Both explorer and chrome are fine. Thanks to all for the concern. Glenn Quote Link to comment Share on other sites More sharing options...
ESM Posted February 5, 2013 Author Report Share Posted February 5, 2013 Hi, Glenn. I would encourage you to look into it further. There appears to be *hidden* text and links that have been inserted into your site by malicious SEO bots that found a security hole. I can see it (because I'm using a script-blocking plugin) and Google's bots can see it, which is why zaxcom.com is currently flagged in the Google search results. If left unaddressed, zaxcom.com could be removed from Google's index altogether (this happened to me once). http://support.google.com/websearch/bin/answer.py?hl=en&ei=-IsRUfmFEpH69gS7rIGYAQ&answer=190597&?sa=X&ved=0CDkQpwgwAA It's at least worth an email to your webmaster. Quote Link to comment Share on other sites More sharing options...
John Steigerwald Posted February 5, 2013 Report Share Posted February 5, 2013 Hmm. Strange. I wonder if it's something on my computer. When you Google "zaxcom nomad" do the search results say "this site may be compromised?" Yep Quote Link to comment Share on other sites More sharing options...
fieldmixer Posted February 5, 2013 Report Share Posted February 5, 2013 I noticed something odd last week when going to zaxcom .com. And after reading this thread, I loaded the site to take another look and, for half a second, before the page loads, this appears. Took a quick snap with my phone. Quote Link to comment Share on other sites More sharing options...
John Blankenship Posted February 5, 2013 Report Share Posted February 5, 2013 You guys are ruling out the possibility that Zaxcom has started selling Cialis as a sideline. Also, that could account for why Glenn is so happy much of the time. Quote Link to comment Share on other sites More sharing options...
Jeff Wexler Posted February 5, 2013 Report Share Posted February 5, 2013 This is definitely a hack into the Zaxcom site and they need to get in touch with their webmaster immediately. I have had this happen to some sites in the past and if look at the php files there is obviously html inserted that is not supposed to be there. Quote Link to comment Share on other sites More sharing options...
chriskellett Posted February 5, 2013 Report Share Posted February 5, 2013 Yep, I see it too. Looks hacked to me. Quote Link to comment Share on other sites More sharing options...
johnpaul215 Posted February 6, 2013 Report Share Posted February 6, 2013 In Safari I see that same junk for less than a second, then the page loads normally. I don't see it in Firefox. Oddly in Safari and Firefox I don't see the old "view source" option that shows you the code for the page, and that's often where you can see what/where something was injected. I've had this happen on sites, and it was always a hole in the software that powered the site. When I tracked the "hackers" (not really hackers) I could see that they were google searching for a line of code in a specific file in the website and that let them know that the site did not do the latest security patch. The patched versions of the site did more than patch the hole, there are hidden programmer notes that change, and google indexing was so thorough that they just had to look for an oddly written (unique) line of code, or something unique like "this needs work but I need a beer now" in the notes to tip them off that the site had the old, unpatched, code. Quote Link to comment Share on other sites More sharing options...
Sound Grab Posted February 6, 2013 Report Share Posted February 6, 2013 If a site is on godaddy.com you're just asking for those scripts to be inserted. Plus, godaddy is a very evil company anyway. A lot of the times it's hacked via Wordpress or a plugin. Quote Link to comment Share on other sites More sharing options...
OmahaAudio Posted February 6, 2013 Report Share Posted February 6, 2013 It appears zaxcom.com has been hacked. I use the NoScript plugin for Firefox, so I don't know how it pulls up on other computers, but here's a screenshot of the header on the Nomad page (attached). When I Googled something at Zaxcom a few days ago the Google result said something like "This site may be compromised" so I've avoided it. Quote Link to comment Share on other sites More sharing options...
OmahaAudio Posted February 6, 2013 Report Share Posted February 6, 2013 It looks ok here at the mothership. Both explorer and chrome are fine. Thanks to all for the concern. Glenn Not Firefox or Safari. Quote Link to comment Share on other sites More sharing options...
Jesse Parker Posted February 6, 2013 Report Share Posted February 6, 2013 Interesting. I can verify that Google does indicate that, "This site may be compromised". Clicking on the link to your homepage appears to be fine on both Chrome and Safari. Quote Link to comment Share on other sites More sharing options...
glenn Posted February 6, 2013 Report Share Posted February 6, 2013 I will make sure we get to the bottom of this right away. Glenn Quote Link to comment Share on other sites More sharing options...
John Steigerwald Posted June 29, 2013 Report Share Posted June 29, 2013 It's in the source code for most of your pages. While at zaxcom.com, choose "View Page Source" in your browser. Line 77. On the Maxx page, line 80 QRX100 Page, line 81 Mix-8 page, line 81 as well etc.. Quote Link to comment Share on other sites More sharing options...
afewmoreyears Posted June 29, 2013 Report Share Posted June 29, 2013 If a site is on godaddy.com you're just asking for those scripts to be inserted. Plus, godaddy is a very evil company anyway. A lot of the times it's hacked via Wordpress or a plugin. Are you high....? Danica drives for them.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.