Forum Hacked (corrected hopefully) - please read!

[mcentire1123]

Congrats Travis!

 

[ReefLady]

Thanks everyone!

The timing sure couldn't have been worse, but when duty calls... I mean I can't enjoy a honeymoon with all my friends at RS living in chaos!!

Update for everyone: There was a chance that tapatalk was used to exploit the site so I have removed that for the time being. Sorry.

 

[jjmoneyman]

You gotta do what you gotta do. We understand.

 

[dmatt88]

Phew. I'm tapatalk dependent. Hope the fix happens easy!:hug1:

 

[catran]

Opps, I PM'd you for that reason Travis. Sorry, I didn't see this post. I can access RS with Safari too, like Jared said, ya gotta do what ya gotta do!
Thanks!

 

[nanoreefing4fun]

If it helps anyone... Forum Runner has a free version that still is up & working...

 

[catran]

Cool, I will re-download it. Thanks Glenn!

 

[Clownfishfan]

Ugh I always miss all the fun.... . Buuuut go Travis !!! What kinda idiot hacks a forum on fish and the like 

 

[nazerine]

To those who were curious about the virus, this is what I had detected before the site was hacked:

It would appear the install of vbulletin has a virus and has been exploited! My corporate gateway alerted me of the threat.

I created an exception for my IP address, and it attempted to run a script and install a trojan (not sure what attack vector it is using, browsing with latest Firefox)

Object:
C:\Windows\SysWOW64\QSHVHOSTN.exe
Threat:
Win32/Qhost.NRX trojan
Information:
cleaned by deleting - quarantined

It was only attacking users who were not logged in, and would attempt to infect on the login page. No idea what the attack vector was, but it got straight into my system from the browser when I disabled the gateway anti virus. Running FF8 and only Firebug addon

 

[nanoreefing4fun]

to ReefSanctuary, a real Sanctuary of reef forums, with lots of very nice members

 

[Funlad3]

So you're saying everyone who wasn't logged in at the time with an unprotected windows OS has a virus? Mac FTW!

 

[mojoreef]

If you go to the home page and do a view source and then look down at the very bottom of the page their is a Href, that i am assuming should not be their.

href="http://birthcontroltablets.com/es/comprar-genericos-alesse-comprimido.cfm">alesse anticonceptivo</a></div> </div> <br /><div style="z-index:3" class="smallfont" align="center">


mojo

 

[nanoreefing4fun]

I see that Mike !

</div><div style="position:absolute;top:-1000px;left:-1000px;"><a href="http://birthcontroltablets.com/es/comprar-genericos-alesse-comprimido.cfm">alesse anticonceptivo</a></div> </div>


Does that mean the php code been hacked?

 

[jjmoneyman]

yeah there is a link to antibiotics as well in the source code.

 

[dmatt88]

Well heres the part of my life I wish I'd paid more attention during computer programming.:evileye:

 

[mojoreef]

I operate a forum also and I can tell you its a constant attack, between spam bots, linkbackers (you know "Work at Home") and hackers you really need to be on the ball constant and even that is far from a guarantee of being safe. Travis make sure you have your server check all the code, because hackers will leave code bits (even if you upgrade) to be able to get back in.

good luck

mojo

 

[Clownfishfan]

I'm glad I use apple and not windows.....

 

[Frankie]

What timing Travis! Have a great honeymoon!

Good work everyone with the reports and quick understanding that this was an attack by a hacker.

Anyone who received a pm from me asking for money, it was not me. Those of you stupid enough to send it... THANKS!
JK

Happy reefing everyone!

Frank

 

[jjmoneyman]

Anyone who received a pm from me asking for money, it was not me. Those of you stupid enough to send it... THANKS!
JK
Frank

Consider it an early christmas gift :jester:

 

[BigAl07]

anyone who received a pm from me asking for money, it was not me. Those of you stupid enough to send it... Thanks!
Jk