EnglishFrenchJapaneseKorean
Powered by Translate
Stay in the Loop: (newsletter signup form)

Forum hacked?

Post problems and requests to the UY Dojo here. Requests include something you'd like to appear on the UY Dojo: Story synopses, Character descriptions, etc.

Moderators: Steve Hubbell, Mayhem, Moderators

Forum hacked?

Postby maichan » Wed Feb 29, 2012 9:45 +0000

Beginning late yesterday I have been getting redirected when I use the forum. This has happened on both my work and home computer, so I don't think it is in my system. I get redirected to a variety of pages.

I'm able to use the forum if I stop the page from loading as soon as it opens, otherwise I get redirected every time I click on a fourm link.

My work computer has Symantic Endpoint Protection and gives me this message:
[SID: 25291] Fake App Attack. Fake AV Redirect 31 detected

Is anyone else experiencing problems?

I've PMed Admin in hopes they have an idea what's going on.

Hope it's nothing serious and can be fixed.
Michael, a.k.a., Maichan

My Usagi Collection
User avatar
maichan
Hatamoto<Special Retainer>
 
Posts: 1931
Joined: Fri Jul 22, 2011 23:04 +0000
Location: A little Minka, somewhere in the countryside...

Postby Gaffey » Wed Feb 29, 2012 11:41 +0000

Same thing happened to me.
User avatar
Gaffey
Hatamoto<Special Retainer>
 
Posts: 2399
Joined: Thu Sep 19, 2002 18:37 +0000

Postby Mayhem » Wed Feb 29, 2012 13:58 +0000

Can't say I saw it myself. Where were you being directed towards?
With a breeze comes a storm, but then you'll all be washed away...
User avatar
Mayhem
Daimyo <High-Ranking Lord>
 
Posts: 2788
Joined: Wed Sep 18, 2002 3:54 +0000
Location: London, England

Postby maichan » Wed Feb 29, 2012 14:07 +0000

I get redirected to a variety of URLs. I don't let them load, so I don't know what they are about - I don't want to post them here.

It was a one time incident on my computer at home, but here at work it happens with every click or page change. It's only happening on the forum, not on the main dojo pages. I'm running IE 8 at work, and I think I have IE 9 at home.
Michael, a.k.a., Maichan

My Usagi Collection
User avatar
maichan
Hatamoto<Special Retainer>
 
Posts: 1931
Joined: Fri Jul 22, 2011 23:04 +0000
Location: A little Minka, somewhere in the countryside...

Postby Gaffey » Wed Feb 29, 2012 16:36 +0000

...
Last edited by Gaffey on Sun Mar 04, 2012 15:15 +0000, edited 1 time in total.
User avatar
Gaffey
Hatamoto<Special Retainer>
 
Posts: 2399
Joined: Thu Sep 19, 2002 18:37 +0000

ditto

Postby go » Wed Feb 29, 2012 18:00 +0000

Dear Readers,
i am getting the same redirection.
using firefox as my browser...
Best wishes to all!
go
User avatar
go
Shinobi<Special Ninja Agent>
 
Posts: 1526
Joined: Wed Sep 18, 2002 17:19 +0000

Postby Stormhaven » Wed Feb 29, 2012 19:13 +0000

I do not see this behavior at all (either on Chrome and Firefox). More than likely you guys might have some malware on your boxes which is doing some URL hijacking. Do the standard AV scan + Malwarebytes scans and see what they find.
Stormhaven
Shugyosha<Student Warrior>
 
Posts: 34
Joined: Sun Mar 09, 2003 2:51 +0000

Postby maichan » Wed Feb 29, 2012 21:09 +0000

Well, I don't have a clue what's going on. The Dojo forum is set as one of my homepage tabs, and when I opened my browser after turning on my home computer, instead of the Dojo Forum the tab was a 'false' Microsoft Security warning. I closed that tab, ran a full scan and nothing came up on my computer. I don't know a lot about these things sorts of things, but I assume the problem was coming from the forum, even though I am currently on it without any problem. I've only had this problem show up since yesterday, and only on the Dojo forum.... :( :?:
Michael, a.k.a., Maichan

My Usagi Collection
User avatar
maichan
Hatamoto<Special Retainer>
 
Posts: 1931
Joined: Fri Jul 22, 2011 23:04 +0000
Location: A little Minka, somewhere in the countryside...

Postby Maka » Wed Feb 29, 2012 23:13 +0000

I'm getting redirected off and on too. Just started noticing it today. On the PC using IE. On my mac, using Safari. Bummer. Peace, maka
User avatar
Maka
Daimyo <High-Ranking Lord>
 
Posts: 2973
Joined: Sun Mar 09, 2003 20:10 +0000
Location: California

Postby TigerRider » Thu Mar 01, 2012 1:09 +0000

I don't know, if that has something to do with it, so I give it just as an info:

the e-mail-acc. I use for UY, had 5 invalid trys to logg in yesterday, what is usually is null.
(but as I said, I don't know if that goes together...)

greetings, Jens
User avatar
TigerRider
Shugyosha<Student Warrior>
 
Posts: 228
Joined: Wed Oct 07, 2009 0:43 +0000
Location: Germany (Trier)

Postby maichan » Thu Mar 01, 2012 7:31 +0000

I sent a PM and an email to admin. The PM hasn't been read as of yet, and no reply on the email. If anyone knows who to contact, or another way of contacting them, it may help get this resolved (especially if it is a forum issue).
Michael, a.k.a., Maichan

My Usagi Collection
User avatar
maichan
Hatamoto<Special Retainer>
 
Posts: 1931
Joined: Fri Jul 22, 2011 23:04 +0000
Location: A little Minka, somewhere in the countryside...

Postby Stormhaven » Thu Mar 01, 2012 8:44 +0000

First step for those of you who have not yet done it is to download and run Malwarebytes Anti-Malware (you can get it on CNET here: http://download.cnet.com/Malwarebytes-A ... 04572.html - or just Google it if you don't trust direct links). It's probably one of the best anti-malware free/shareware programs out there for sniffing out malware infections.

If you have not done so already, also do a full virus scan - but before you do this, your AV should have a way to update the signature file manually. Do an "Update Now" and then run the full scan. If you notice that your last update was over two weeks ago, this may be a symptom of the overall problem. If you do not have a antivirus program (shame on you), you can download quite a few for free. I currently use Microsoft Security Essentials (http://windows.microsoft.com/en-US/wind ... essentials).

URL redirect malware is very, very common. I would not be surprised if all of you are infected. So far I do not see any behavior on this forum that would lead me to believe that the forum as a whole is infected, but without admin rights to this domain, I wouldn't be able to verify (usually the domain host provider has some default way of telling if there was an intrusion - the forum admins wouldn't be able to check, it'd have to be the domain owner/admin - which I think is Todd).

Before anyone else posts that they are or are not seeing redirect issues, please run both MalwareBytes and a AV scan.

Multiple people posting that they do or not get redirected with no further information doesn't really help narrow down the problem.
Stormhaven
Shugyosha<Student Warrior>
 
Posts: 34
Joined: Sun Mar 09, 2003 2:51 +0000

Postby maichan » Thu Mar 01, 2012 11:52 +0000

Okay... to the best of my knowledge my work computer is clean.

I ran our AV (Symantec - updates current). Only one incident of Tracking Cookies was discovered and eliminated.

I ran the Malwarebytes Anti-Malware and nothing was detected.

After doing that, I'm still having the problem. Everytime I go to a new page on the forum I am redirected, but I can backup & stop it .... so I can use the forum, but am handicapped. Once again, it is only the forum I have trouble on - not the main site and not any other sites or forums. My work computer is running Window XP Pro, and I'm using IE 8.

I ran my AV on my home computer last night, and it was clean. I also have Microsoft Security Essentials. I will run the Malwarebytes Anti-Malware when I get home tonight.

One difference between the problem at work & at home - on my home computer I only seem to have the problem when I initially open the forum, after that things run normal.

I am always logged on at both home & work (if that matters or not).
Michael, a.k.a., Maichan

My Usagi Collection
User avatar
maichan
Hatamoto<Special Retainer>
 
Posts: 1931
Joined: Fri Jul 22, 2011 23:04 +0000
Location: A little Minka, somewhere in the countryside...

Postby Stormhaven » Thu Mar 01, 2012 13:51 +0000

I checked out an old box of mine which still has IE - very nice!

Yes, the board has been hacked with a redirect, most likely hidden in the css code. It seems to only show up with specific browsers - I didn't run into it at all with Firefox 10 or Chrome 17.
Stormhaven
Shugyosha<Student Warrior>
 
Posts: 34
Joined: Sun Mar 09, 2003 2:51 +0000

Postby Stormhaven » Thu Mar 01, 2012 14:09 +0000

I've sent a PM directly to Todd, hopefully he'll see it quickly.

Lets do this now so we can get more information - for those of you who get the redirects and both AV and Malwarebytes comes up clean (this is important, we don't want to start muddling the waters with unrelated issues) please post your browser name and version. You can usually find this information by going to Help > About, with some of the newer browsers that hide their file menu bar, tap the ALT key, that should show you the Help drop down menu.

I'll start out:
Internet Explorer 9.0.8112.16421 - redirects
Chrome 17.0.963.56 m - Does not redirect
Firefox 10.0.2 - Does not redirect

Since some of the sites that you get redirected to are attempting to download malicious files, I am going to post an announcement in the main forum as well. In the meantime, I would suggest only viewing the Dojoboard with one of the "safe" browser options.
Stormhaven
Shugyosha<Student Warrior>
 
Posts: 34
Joined: Sun Mar 09, 2003 2:51 +0000

Next

Return to Usagi Yojimbo Dojo Help

Who is online

Users browsing this forum: No registered users and 2 guests