Page 1 of 1
We were hacked overnight
Posted: Thu Oct 06, 2011 7:42 am
by The Robman
So some of you might have had your Spam Blocker software get tripped earlier when the forum tried to re-direct you somewhere else, but I have fixed it now. Hopefully I found all the places where they put their code.
Posted: Thu Oct 06, 2011 7:53 am
by vickyg2003
Thanks for fixing this Rob, the sight that they sent me to was a little frightening.
I wish the hacker/spammers would just leave us alone!
Posted: Thu Oct 06, 2011 8:50 am
by 3FG
The site I was sent to wasn't frightening, but my wife (who happened to be passing) wanted to know what the heck I was doing!
Posted: Thu Oct 06, 2011 9:10 am
by vickyg2003
3FG wrote:The site I was sent to wasn't frightening, but my wife (who happened to be passing) wanted to know what the heck I was doing!
Probably the same site.
Re: We were hacked overnight
Posted: Thu Oct 06, 2011 9:26 am
by eferz
The Robman wrote:So some of you might have had your Spam Blocker software get tripped earlier when the forum tried to re-direct you somewhere else, but I have fixed it now. Hopefully I found all the places where they put their code.
Actually my SPAM blocker didn't catch that since it wasn't an email. Though, the AVAST Web Shield blocked the site "www2.simplegjcleaner.rr.nu" due to the trojan named, "JS:FakeAV-HZ" on the page it was trying to connect.
Posted: Thu Oct 06, 2011 9:52 am
by vickyg2003
They have hacked the wiki too. Can't get anywhere without seeing things I'd rather not see.
Posted: Thu Oct 06, 2011 11:52 am
by eferz
vickyg2003 wrote:They have hacked the wiki too. Can't get anywhere without seeing things I'd rather not see.
Try
Avast, I'm using the free version and once it detects the trojan it will block the destination link permanently allowing you to freely navigate through the wiki worry free.
Posted: Thu Oct 06, 2011 4:08 pm
by The Robman
I've spent all day cleaning the wiki and I've got most of the stuff out, but obviously not all of it because when I go to the wiki page, I see it reference sweepstakesandcontestsinfo.com which is part of the hacked code.
Posted: Thu Oct 06, 2011 4:35 pm
by vickyg2003
Thanks again for your efforts.
Posted: Fri Oct 07, 2011 2:29 am
by mathdon
I am using Norton 360 version 5, which identified the hack and blocked my access to the JP1 site, telling me that it was trying to access Fake AV Website 24. Indeed, because of the time difference between here (UK) and the US, I discovered the hack while Rob was still asleep and drew his attention to it.
Whatever is left of the hack in the Wiki is still enough to activate Norton 360. I cannot access the Wiki link at all. I get the same message from Norton and the browser shows I have been redirected to:
http:/ /www3.bustdy.in/?v2d3atte=mqfNl56pqZyYm%2BPdyLapWNinzbGnlpmqqKaUrqdmmlc%3D
(I've put a space between the two /'s so that it doesn't show as a hyperlink) So some users, like me, will be unable to use the Wiki until it has been fully cleaned.
Posted: Fri Oct 07, 2011 1:55 pm
by The Robman
Can you guys try the wiki now and tell me if it's working for you. I don't see the tell-tale sign of the hacker's URL anymore when I try it.
Posted: Fri Oct 07, 2011 4:12 pm
by mathdon
I've only had a quick look but it seems fine now and it didn't trigger Norton to block anything. Many thanks.