Jump to content


Photo

forum hacked?


  • Please log in to reply
18 replies to this topic

#1 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 20 July 2014 - 08:11 PM

not sure if this is a problem at your end, my end, google or what but thought i'd better mention it anyway.

 

just did a clean install of suse 13.1, still doing updates like installing flash so while i am waiting opened firefox and did a google search for pcpitstop forum and then clicked on the top link in the results.

forums.pcpitstop.com/

 

then instead of it taking me to pcpitstop i was redirected to http://url4short.info/f8e75ae0 , didn't take a lot of notice about what the page said just copied the url and closed it fast, did want me to install flash tho.

 

did another google search in new window and this time when i clicked on the same link it took me to the forum as normal.

 

tried to inspect and copy the link but got this (not what i see in firefox element inspector.), don't know if it's helpful or not.


Edited by Y kawika, 21 July 2014 - 09:43 PM.
code removed


#2 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 20 July 2014 - 08:13 PM

just got this when i clicked on post topic.

 

A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: http://forums.pcpits.../prettify.js:16

 

i stopped the script. and have noticed what i tried to post in a code box is missing from my original post.

 

:b33r:

 

just did a reboot to install new kernel and i see the code box and info is there now.

 

i get that error message every time i visit this topic, seems to be loading facebook or something to do with facebook according to message in bottom left of firefox.

 

i won't finish setting up my system until i hear something back just in case you do require me to go through another clean install.


Edited by terry1966, 20 July 2014 - 08:45 PM.


#3 caintry_boy

caintry_boy

    My new set of whiskers!

  • Moderators
  • 23,801 posts
  • Gender:Male
  • Location:Kansas



Posted 20 July 2014 - 10:13 PM

Nothing going on that I know of, but you'd better wait to hear from one of the Admin.....

 

 

 

 

:geezer:


Heatware
How To Post A Test
Daniel 5:23 Instead, you have set yourself up against the Lord of heaven. --- You praised the gods of silver and gold, of bronze, iron, wood and stone, which cannot see or hear or understand. But you did not honor the God who holds in his hand your life and all your ways.


#4 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 20 July 2014 - 11:19 PM

ok went ahead and did another clean install and got the exact same results, this time i made a note of the links before clicking on them.

 

pc is currently in the process of getting updated from a clean install, started firefox from a terminal this time, thinking something might show up there that is helpful, but nope nothing i think that helps.

suse13.1@mainpc:~> firefox

(process:2276): GLib-CRITICAL **: g_slice_set_config: assertion 'sys_page_size == 0' failed

anyway did a google search for pcpitstop forums

and first link in search is this

http://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCAQFjAA&url=http%3A%2F%2Fforums.pcpitstop.com%2F&ei=XZHMU8HiNsXG0QWvjYCoBA&usg=AFQjCNEKuz69haecbbkwNSs-LhoRI1aZHw&bvm=bv.71198958,d.ZWU

and of course when i click on it, it redirects me to

http://url4short.info/f8e75ae0

close firefox and open it again and do the same search and click on the same first link, but this time it's this

http://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCAQFjAA&url=http%3A%2F%2Fforums.pcpitstop.com%2F&ei=0pHMU--gDZKV7Aas8YHgDA&usg=AFQjCNEKuz69haecbbkwNSs-LhoRI1aZHw&bvm=bv.71198958,d.ZWU

and of course now i get to the site.

 

sorry don't know enough about troubleshooting network problems so have no idea if the problem is with pcpitstops servers, googles servers or even if it's my own router where the problem is, but it does only happen that very first time it seems and i hope there's enough info provided in those links to help find and sort out the problem.

 

:b33r:



#5 Y kawika

Y kawika

    Anti-Spyware Brigade

  • Admins
  • 20,797 posts
  • Gender:Male
  • Location:Long Island, New York


Posted 21 July 2014 - 10:03 PM

Thanks Terry.

I removed the script as some that was outside of the [code=auto:0] box was causing script errors in some browsers.

 

 I was able to recreate the redirect in IE and in Opera when executing from a fresh, clean cache.

As you noted, going back and trying again did not redirect, but brought the forums up as it should be.

It appears to be playing off of a browser's cache and possibly google's schema.org and/or apis.google.com structured data servers.

I don't know, just guessing. 

 

In any event, Google has been notified of the script injection and we hope to hear back from them soon.  

 

Nice catch and your detailed information is very helpful and very much appreciated. 

 

:) Y


Y kawika's Computers and Stuff

Post When You Want and Help When You Can..........Y


#6 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 22 July 2014 - 01:51 AM

no probs, glad to help. :tup:
 

when executing from a fresh, clean cache.

 
if i'd thought of it i could have done that too, instead of doing another complete clean os install. just shows how bad i am at troubleshooting. :rofl3:
 
wasn't sure if the problem was here or google, and that site it redirected to looked really dodgy especially with all the popups i got (not used to seeing ads and popups when i browse.) so thought i'd better pass the problem onto the people who can sort it out. ;)
 
:b33r:



#7 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 23 July 2014 - 06:04 PM

curious but what was the final outcome.
 
found this :-

the last time suspicious content was found on this site was on 2014-07-22.

Malicious software includes 195 virus.

and wondered what said content was and if it might have had anything to do with the problem posted here.
 
full report.

Safe Browsing

Diagnostic page for pcpitstop.com
What is the current listing status for pcpitstop.com?

This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 333 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-07-23, and the last time suspicious content was found on this site was on 2014-07-22.
Malicious software includes 195 virus.
This site was hosted on 4 network(s) including AS19994 (RACKSPACE), AS36351 (SOFTLAYER), AS32244 (LIQUID-WEB-INC).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, pcpitstop.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

Yes, this site has hosted malicious software over the past 90 days. It infected 0 domain(s), including .

Next steps:

http://www.google.co...e=pcpitstop.com
 
here's a report of the pcmatic site.

Safe Browsing

Diagnostic page for pcmatic.com
What is the current listing status for pcmatic.com?

This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 5 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-07-23, and suspicious content was never found on this site within the past 90 days.
This site was hosted on 1 network(s) including AS19994 (RACKSPACE).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, pcmatic.com did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

Next steps:

 

http://www.google.co...com/uk?aff=1101
 
does make me wonder just how good pcpitstops server security is, or if that is just the logs in the malware part of the forum throwing up all those viruses.
 
:b33r:


Edited by terry1966, 23 July 2014 - 06:08 PM.


#8 Y kawika

Y kawika

    Anti-Spyware Brigade

  • Admins
  • 20,797 posts
  • Gender:Male
  • Location:Long Island, New York


Posted 23 July 2014 - 06:23 PM

The issue is still active.

 

Google said thanks and they'll look into it, but your last post got me thinking, so I tried it with "Bing" and low and behold I got the same results.

I'm off to IPS to follow through.

 

Thanks again, Terry. :tup:

 

:) Y


Y kawika's Computers and Stuff

Post When You Want and Help When You Can..........Y


#9 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 23 July 2014 - 08:26 PM

been doing some thinking and wonder if a lot of complaints, bad reviews about pcmatic saying it's a scam have been down to redirects to a malware site pretending to be pcpitstop/pcmatic especially when i read of people being asked to cough up $350 (be highly disappointed if such cases were really from pcpitstop.) to fix a problem with pcmatic and replies from someone i assume from pcpitstop saying they have no record of any such customer purchase.

 

:b33r:



#10 Y kawika

Y kawika

    Anti-Spyware Brigade

  • Admins
  • 20,797 posts
  • Gender:Male
  • Location:Long Island, New York


Posted 23 July 2014 - 08:27 PM

The issue has been resolved and stronger restrictions are now in place to stop this from occurring again.

 

Thank you Terry for bringing the issue to our attention.

 

:) Y


Y kawika's Computers and Stuff

Post When You Want and Help When You Can..........Y


#11 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 23 July 2014 - 08:33 PM

glad to help.

 

wasn't your fault was it? :P

 

just teasing and glad whatever the problems were are now sorted and not likely to happen again in future, as mentioned in previous post tho, do wonder what damage was done to pcpitstop/pcmatics reputation because of whatever was going on.

 

:b33r:



#12 Y kawika

Y kawika

    Anti-Spyware Brigade

  • Admins
  • 20,797 posts
  • Gender:Male
  • Location:Long Island, New York


Posted 23 July 2014 - 09:10 PM



glad to help.

 

wasn't your fault was it? :P

 

just teasing and glad whatever the problems were are now sorted and not likely to happen again in future, as mentioned in previous post tho, do wonder what damage was done to pcpitstop/pcmatics reputation because of whatever was going on.

 

:b33r:

 

No, not my fault. :P

 

Fortunately the redirects were not as dramatic as you outlined, but I can't imagine any redirects having a benefit to a product like PC Matic.

Sign of the times though, as a product gains popularity, it also becomes a larger target.

 

:) Y


Y kawika's Computers and Stuff

Post When You Want and Help When You Can..........Y


#13 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 23 July 2014 - 09:42 PM

 

Fortunately the redirects were not as dramatic as you outlined,

just my paranoia kicking in along with a lack of knowledge on exactly what's going on and how things work.

 

eg report says pcpitstop is on 4 networks yet only lists 3.

 

and when you click on those 3 and read the reports, not very good news for security procedures on them in my opinion.

 

:laughing:

 

:b33r:


Edited by terry1966, 23 July 2014 - 09:47 PM.


#14 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 24 July 2014 - 01:00 AM

just me or did something get broken with the fix?

 

eg. under our avatars now in every post the info that used to show is missing and there is just a little square box or 2 depending on what use to show up there.

 

:b33r:



#15 Bruce

Bruce

    Geezer

  • Grand Poobah
  • 42,800 posts
  • Gender:Male
  • Location:Wales Massachusetts


Posted 24 July 2014 - 04:18 AM

That redirect has been happening off and on for a couple of years now.


http://itsyourpc.org

Microsoft blew its right foot off with Windows 8.
They went to the doctor to get it reattached with Windows 8.1 only to wake up to find out that a second left foot was attached in place.


#16 Y kawika

Y kawika

    Anti-Spyware Brigade

  • Admins
  • 20,797 posts
  • Gender:Male
  • Location:Long Island, New York


Posted 24 July 2014 - 05:40 AM

just me or did something get broken with the fix?

 

eg. under our avatars now in every post the info that used to show is missing and there is just a little square box or 2 depending on what use to show up there.

 

:b33r:

 

Yes indeed.

Looks like we'll need to relink some of our images.

Uggh! :facepalm:

 

:) Y


Y kawika's Computers and Stuff

Post When You Want and Help When You Can..........Y


#17 terry1966

terry1966

    Advanced Member

  • Anti-Spyware Brigade
  • 9,422 posts
  • Gender:Male
  • Location:Abingdon..UK.


Posted 24 July 2014 - 07:35 AM

That redirect has been happening off and on for a couple of years now.

 

never run across it myself till now.

 

:b33r:



#18 caintry_boy

caintry_boy

    My new set of whiskers!

  • Moderators
  • 23,801 posts
  • Gender:Male
  • Location:Kansas



Posted 24 July 2014 - 01:49 PM

That redirect has been happening off and on for a couple of years now.

 

Gee, thanks for bringing it up 2 years ago Bruce...:IG:

 

Just razzin' ya' buddy, don't get bent...

 

 

 

 

:geezer:


Heatware
How To Post A Test
Daniel 5:23 Instead, you have set yourself up against the Lord of heaven. --- You praised the gods of silver and gold, of bronze, iron, wood and stone, which cannot see or hear or understand. But you did not honor the God who holds in his hand your life and all your ways.


#19 Bruce

Bruce

    Geezer

  • Grand Poobah
  • 42,800 posts
  • Gender:Male
  • Location:Wales Massachusetts


Posted 27 July 2014 - 04:48 AM

Never seemed a big issue to me. It usually only happened in a brand new machine that had never been to the forum before via a google search. I always thought it was strange, but not something to be worried about. It only happened when coming here via a google search.


http://itsyourpc.org

Microsoft blew its right foot off with Windows 8.
They went to the doctor to get it reattached with Windows 8.1 only to wake up to find out that a second left foot was attached in place.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users