Forum has been hacked - now unhacked. -Bill

Some idiots have decided to mess with the forum.

I hope all of you have your full security running.

Comments

  • solar_dave
    solar_dave Solar Expert Posts: 2,397 ✭✭✭✭
    Re: Forum has been hacked - do not use

    I am good, put up a Site blocker on FireFox (Block Site 1.1.18 plugin)

    BTW A$$holes
  • BB.
    BB. Super Moderators, Administrators Posts: 33,613 admin
    Re: Forum has been hacked - do not use

    For Firefox, I finally figured out a setting that lets back into the forum:

    See: Firefox > Preferences > Advanced > General : Accessibility : [ ] "Warn me when web sites try to redirect or reload the page"

    This works for me.

    And our friends at NAWS now about the problem and are working on it. "Windsun" retired a while ago and has been taking a well deserved break from all things work related. So, it may take a bit of time for them to get the redirect out of the stylesheet (or where ever it is).

    Hang in there guys.

    -Bill :cry:
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • niel
    niel Solar Expert Posts: 10,300 ✭✭✭✭
    Re: Forum has been hacked - do not use

    good to see you figured out how to get back in here bill.
    as far as we know there are not any viruses associated with the access to the forum as it is a redirect page that is haunting the site right now.
  • solar_dave
    solar_dave Solar Expert Posts: 2,397 ✭✭✭✭
    Re: Forum has been hacked - do not use

    I curl'd the content and it seems to just be a web page, I don't see any scripting but ...

    here is the content issue redirect

    </li><li class="restore" id="navbar_notice_2">

    <META http-equiv="refresh" content="0;URL=http://www.cadiroig.cat/"&gt;
    </li>
  • solar_dave
    solar_dave Solar Expert Posts: 2,397 ✭✭✭✭
    Re: Forum has been hacked - do not use

    That link references a bunch of static crap and a single flash page on YouTube for the music crap.
  • BB.
    BB. Super Moderators, Administrators Posts: 33,613 admin
    Re: Forum has been hacked - do not use

    Thank you Solar Dave.

    I believe Windsun is here working on the problem--So it should be back up and humming soon.

    -Bill
    Near San Francisco California: 3.5kWatt Grid Tied Solar power system+small backup genset
  • NorthGuy
    NorthGuy Solar Expert Posts: 1,913 ✭✭
    Re: Forum has been hacked - do not use

    No redirections here. Must've been fixed already.
  • solar_dave
    solar_dave Solar Expert Posts: 2,397 ✭✭✭✭
    Re: Forum has been hacked - do not use
    NorthGuy wrote: »
    No redirections here. Must've been fixed already.

    Yep just checked a curl from the site and it looks better.
  • rick
    rick Administrators Posts: 134 admin
    Re: Forum has been hacked - do not use

    I think I've got it fixed for now. I went into the admin panel because the code I looked at made me think the hacker simply entered a Vbulletin notice that just redirected traffic. I deleted the notice and it seems to be working. If anyone sees an admin that they don't recognize, let me know. We're planning to upgrade to the newest Vbulletin software in hopes that it will prevent whatever exploit the hacker took advantage of.

    Rick
    Website administrator for Northern Arizona Wind & Sun
  • Cariboocoot
    Cariboocoot Banned Posts: 17,615 ✭✭✭
    Re: Forum has been hacked - do not use

    We're back in business!

    Thanks to Windsun's magic fingers. :D

    If I still had the Linux machine I would have poked at it myself, but being forced to run Windows I don't trust anything (even with all the precautions I have in place). The re-direct site might have dumped a trojan on people, and I don't mean an L16!
  • niel
    niel Solar Expert Posts: 10,300 ✭✭✭✭
    Re: Forum has been hacked - do not use

    good here too. great as now we can put this behind us.
  • niel
    niel Solar Expert Posts: 10,300 ✭✭✭✭
    Re: Forum has been hacked - do not use

    new attack from username upgrade
  • Windsun
    Windsun Solar Expert Posts: 1,164 ✭✭
    Re: Forum has been hacked - do not use

    You guys are messing up my retirement plans, but looks like Rick fixed it. Basically they somehow inserted some code into the pages for an HTML redirect to a file they added to the site. Not sure what the insertion point was, but since we are upgrading to the new 5.0 version probably don't matter much.
  • northerner
    northerner Solar Expert Posts: 492 ✭✭✭✭✭✭
    Re: Forum has been hacked - do not use

    I did a search for the website name, and apparently they've hacked other websites as well. I don't think there are any viruses or trojans, etc... associated though, according to reviews of the site cadiroig.cat. Also did a scan and it didn't pick up anything on my computer, thank god. Good advice to check notify before redirecting away from the site.
  • NorthGuy
    NorthGuy Solar Expert Posts: 1,913 ✭✭
    Re: Forum has been hacked - do not use
    northerner wrote: »
    I did a search for the website name, and apparently they've hacked other websites as well. I don't think there are any viruses or trojans, etc... associated though, according to reviews of the site cadiroig.cat. Also did a scan and it didn't pick up anything on my computer, thank god. Good advice to check notify before redirecting away from the site.

    I once got a virus, which came to me through Adobe PDF Reader (which I don't use since), For curiosity, I decided to run a scan with different anti-virus programs. None of them found it. I wrote to companies asking if they want to get a sample of a virus that their software doesn't recognize. Only one responded, but they didn't want the sample. So, these scans aren't worth anything.

    I didn't think there was any virus here. But they stole all our brilliant ideas! :cry: :grr
  • PNjunction
    PNjunction Solar Expert Posts: 762 ✭✭✭
    Re: Forum has been hacked - do not use

    Thanks to WindSun!
    If I still had the Linux machine I would have poked at it myself, but being forced to run Windows I don't trust anything (even with all the precautions I have in place).

    One option (there are many) you may want to explore without having to have a dedicated linux machine is to run Knoppix from a CD/DVD or usb flash-key.

    I'm doing that right now with Knoppix 7.2.0 (CD version) that I downloaded from a mirror-site so that everything is read-only and in ram. Burn the downloaded image as an ISO file, do not just copy to CD - windows will let you choose this if you double-click on the iso file in windows 7 (3rd party iso burners also available too..) Firefox 21 is already installed along with no-script already included. If you want to run from a usb-key, once up and running from cd/dvd, there is an option to burn to usb which makes it super easy if you prefer to run from a usb key, although you may need to open the bios or startup sequence to do so. I didn't choose to use the "adrianne" version, since that has special needs for blind users (but still awesome for those that do need it. Thank you Klaus!! ).

    Just reboot and you are back into windows without having touched anything.

    There are many options, but I found that Knoppix was by far the easiest way if one doesn't want to do a full disk installation.