 Poster: A snowHead
|
why is every other word containing a link to a website?
is this deliberate or has the site been hacked or something?
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
Yes, there is a problem, Mgt are aware. Don't follow the links.
Seems to be affecting the words 'I', 'More' and 'The'
Last edited by Obviously A snowHead isn't a real person on Thu 4-09-14 8:25; edited 1 time in total
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
On my laptop the links are back to snowHeads (snowheads.com) so is this a pre-emptive method of preventing more harmful links appearing?  Yesterday the links were to porn sites I presume (from the name in the URL), but as I did not click on any I have no idea!
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
|
Looks like NBT is working on the issue. The repeated attach suggest SQL inject or similar...
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
Samerberg Sue, correct both times. It's just been fixed - not sure who by but thanks anyway to the fixer(s). 
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
|
Richard_Sideways, yep Mod_rewrite via phpmyadmin.
|
|
|
|
|
|
|
|
|
Mmm. Just been reading the phpBB KB article (my life is THAT exciting).
|
|
|
|
|
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
Good question, DB.
I see this is the month for "Hot Oktoberfest Lederhosen Babes". Obviously I'm not going to link to that site.
|
|
|
|
|
|
|
|
|
Seems the hack is back.
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
|
Yeah, I've just tested it in 3 browsers and they all point to ski dot cashnude dot com
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
|
that's cos it's server side, not client side.
|
|
|
|
|
|
|
|
hmmm.... back and similar but not the same...
the link off of the word 'My' has been fluffed - when the links came back at around 11am, one had been miscoded and had a syntax error causing the link to display as text. Could imply a live attack rather than a cron'd reapplication...
|
|
|
|
|
|
You know it makes sense.
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
|
Uh oh this is getting worse, I didn't even click a link and the site automatically redirected to a cam page as I was reading a post!
|
|
|
|
|
|
Poster: A snowHead
|
|
I had that too albinomountainbadger,
|
|
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
I didn't even click a link I just tried to reply to a post by Richard sideways now on another thread and when I clicked his name to start my post it directed to a dodgy site 
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
|
Pm'd admin.
|
|
|
|
|
|
You need to Login to know who's really who.
You need to Login to know who's really who.
|
I said on another thread relating to this that I expected site to be taken offline, I still think it needs taking down otherwise it's really difficult to resolve.
Stop site
Identify and fix vulnerability (again I expect it to be a mod_rewrite sql injection
Clean up back end data.
Bring site back online
Cross fingers.
|
|
|
|
|
|
Anyway, snowHeads is much more fun if you do.
Anyway, snowHeads is much more fun if you do.
|
ansta1, not sure it fits the format of a mod_rewrite per se; That'd typically make a play for the page redirection (although the full page redirect A.M.B, Sarah and myself got might, though I reckon that 'they' fluffed the code again and managed to just force the link, rather than hiding it in the text).
This seems to be going after the content of the table that holds the autolink records.
...Looks like we've just had a restart of the site too...
|
|
|
|
|
|
You'll need to Register first of course.
You'll need to Register first of course.
|
Richard_Sideways, but isn't the mod_rewrite hole allowing the sql injection to occur who's either compromising. The phpmyadmin side and therefore allowing more detailed hacking?
I am guessing there is a lookup table for word replacements and they are inserting records into that table.
I am sure I have a load of php fixes that I had to apply a while back that shuts the door on almost all sql injection type attacks via php.
|
|
|
|
|
|
|
|
hmmm had an auto redirect just now too. corporate firewall caught it and flashed up the access denied page.
place won't be the same if there's a total update of phpbb underpinnings, and the e-commerce bits fudged in by whatever means.
|
|
|
|
|
|
|
|
|
I've had one too, opens in another window, some cams site. Happened when clicking on the top banner from a thread.
|
|
|
|
|
|
You'll get to see more forums and be part of the best ski club on the net.
You'll get to see more forums and be part of the best ski club on the net.
|
Was fixed but now a is a link to dodgy site. Have let Admin know.
Fixed a lready - he's quick ya know
|
|
|
|
|
|
|
|
|
Think we have a whack-a-mole scenario... expect more outbreaks.
|
|
|
|
|
|
snowHeads are a friendly bunch.
snowHeads are a friendly bunch.
|
Problem could be much more complex - I've had nigh on twenty sites hacked since August.
Along with many others who have the same problem(s) http://forums.modx.com/thread/?thread=91891&page=
All were running older versions of MODx.
The hackers had identified a way to breach the security and once in they were able to place a series of php files hidden in a raft of directories, very very difficult to find.
Only way was to re install latest versions of software etc and go through other dirs with a fine tooth comb.
Not too sure what this site is running, but the forum software is similar to other sites, and probably now is quite "old", and would imagine the hackers know what to do etc etc to get in.
|
|
|
|
|
|
And love to help out and answer questions and of course, read each other's snow reports.
And love to help out and answer questions and of course, read each other's snow reports.
|
|
All seems quiet today. Another forum I'm on was taken down for about 2 weeks by a hack which completely trashed it, so SH might have got off lightly if Admin and the team have brought it under control.
|
|
|
|
|
|
|
|
|
Richard_Sideways, no I had a redirect to a dodgy sex cam site this morning. Can't think it was on the instruction in La Tania thread.
|
|
|
|
|
|
You know it makes sense.
|
Hmm. risked coming on here this morning. haven't seen any redirects myself, but if they have happened, I think i'll avoid till I get home. don't want too many black marks recorded on the corporate firewall blocker.
Might be time to think about moving the bash custom stuff somewhere separate, and move forum to stock latest forum code?
|
|
|
|
|
|
Otherwise you'll just go on seeing the one name:
Otherwise you'll just go on seeing the one name:
|
|
What's going on? There was I happily enjoying youporn and .i gotbredirected to this weird ski fetish site!
|
|
|
|
|
|
Poster: A snowHead
|
|
|
|
Obviously A snowHead isn't a real person
Obviously A snowHead isn't a real person
|
|
Now have had two redirects this morning to the cam site
|
|
|
|
|
|
Well, the person's real but it's just a made up name, see?
Well, the person's real but it's just a made up name, see?
|
|
Hacked again?
|
|
|
|
|
|
|
|
FAQ
