Page 1 of 4

Forum hacked?

PostPosted: Wed Feb 29, 2012 9:45 +0000
by maichan
Beginning late yesterday I have been getting redirected when I use the forum. This has happened on both my work and home computer, so I don't think it is in my system. I get redirected to a variety of pages.

I'm able to use the forum if I stop the page from loading as soon as it opens, otherwise I get redirected every time I click on a fourm link.

My work computer has Symantic Endpoint Protection and gives me this message:
[SID: 25291] Fake App Attack. Fake AV Redirect 31 detected

Is anyone else experiencing problems?

I've PMed Admin in hopes they have an idea what's going on.

Hope it's nothing serious and can be fixed.

PostPosted: Wed Feb 29, 2012 11:41 +0000
by Gaffey
Same thing happened to me.

PostPosted: Wed Feb 29, 2012 13:58 +0000
by Mayhem
Can't say I saw it myself. Where were you being directed towards?

PostPosted: Wed Feb 29, 2012 14:07 +0000
by maichan
I get redirected to a variety of URLs. I don't let them load, so I don't know what they are about - I don't want to post them here.

It was a one time incident on my computer at home, but here at work it happens with every click or page change. It's only happening on the forum, not on the main dojo pages. I'm running IE 8 at work, and I think I have IE 9 at home.

PostPosted: Wed Feb 29, 2012 16:36 +0000
by Gaffey
...

ditto

PostPosted: Wed Feb 29, 2012 18:00 +0000
by go
Dear Readers,
i am getting the same redirection.
using firefox as my browser...
Best wishes to all!
go

PostPosted: Wed Feb 29, 2012 19:13 +0000
by Stormhaven
I do not see this behavior at all (either on Chrome and Firefox). More than likely you guys might have some malware on your boxes which is doing some URL hijacking. Do the standard AV scan + Malwarebytes scans and see what they find.

PostPosted: Wed Feb 29, 2012 21:09 +0000
by maichan
Well, I don't have a clue what's going on. The Dojo forum is set as one of my homepage tabs, and when I opened my browser after turning on my home computer, instead of the Dojo Forum the tab was a 'false' Microsoft Security warning. I closed that tab, ran a full scan and nothing came up on my computer. I don't know a lot about these things sorts of things, but I assume the problem was coming from the forum, even though I am currently on it without any problem. I've only had this problem show up since yesterday, and only on the Dojo forum.... :( :?:

PostPosted: Wed Feb 29, 2012 23:13 +0000
by Maka
I'm getting redirected off and on too. Just started noticing it today. On the PC using IE. On my mac, using Safari. Bummer. Peace, maka

PostPosted: Thu Mar 01, 2012 1:09 +0000
by TigerRider
I don't know, if that has something to do with it, so I give it just as an info:

the e-mail-acc. I use for UY, had 5 invalid trys to logg in yesterday, what is usually is null.
(but as I said, I don't know if that goes together...)

greetings, Jens

PostPosted: Thu Mar 01, 2012 7:31 +0000
by maichan
I sent a PM and an email to admin. The PM hasn't been read as of yet, and no reply on the email. If anyone knows who to contact, or another way of contacting them, it may help get this resolved (especially if it is a forum issue).

PostPosted: Thu Mar 01, 2012 8:44 +0000
by Stormhaven
First step for those of you who have not yet done it is to download and run Malwarebytes Anti-Malware (you can get it on CNET here: http://download.cnet.com/Malwarebytes-A ... 04572.html - or just Google it if you don't trust direct links). It's probably one of the best anti-malware free/shareware programs out there for sniffing out malware infections.

If you have not done so already, also do a full virus scan - but before you do this, your AV should have a way to update the signature file manually. Do an "Update Now" and then run the full scan. If you notice that your last update was over two weeks ago, this may be a symptom of the overall problem. If you do not have a antivirus program (shame on you), you can download quite a few for free. I currently use Microsoft Security Essentials (http://windows.microsoft.com/en-US/wind ... essentials).

URL redirect malware is very, very common. I would not be surprised if all of you are infected. So far I do not see any behavior on this forum that would lead me to believe that the forum as a whole is infected, but without admin rights to this domain, I wouldn't be able to verify (usually the domain host provider has some default way of telling if there was an intrusion - the forum admins wouldn't be able to check, it'd have to be the domain owner/admin - which I think is Todd).

Before anyone else posts that they are or are not seeing redirect issues, please run both MalwareBytes and a AV scan.

Multiple people posting that they do or not get redirected with no further information doesn't really help narrow down the problem.

PostPosted: Thu Mar 01, 2012 11:52 +0000
by maichan
Okay... to the best of my knowledge my work computer is clean.

I ran our AV (Symantec - updates current). Only one incident of Tracking Cookies was discovered and eliminated.

I ran the Malwarebytes Anti-Malware and nothing was detected.

After doing that, I'm still having the problem. Everytime I go to a new page on the forum I am redirected, but I can backup & stop it .... so I can use the forum, but am handicapped. Once again, it is only the forum I have trouble on - not the main site and not any other sites or forums. My work computer is running Window XP Pro, and I'm using IE 8.

I ran my AV on my home computer last night, and it was clean. I also have Microsoft Security Essentials. I will run the Malwarebytes Anti-Malware when I get home tonight.

One difference between the problem at work & at home - on my home computer I only seem to have the problem when I initially open the forum, after that things run normal.

I am always logged on at both home & work (if that matters or not).

PostPosted: Thu Mar 01, 2012 13:51 +0000
by Stormhaven
I checked out an old box of mine which still has IE - very nice!

Yes, the board has been hacked with a redirect, most likely hidden in the css code. It seems to only show up with specific browsers - I didn't run into it at all with Firefox 10 or Chrome 17.

PostPosted: Thu Mar 01, 2012 14:09 +0000
by Stormhaven
I've sent a PM directly to Todd, hopefully he'll see it quickly.

Lets do this now so we can get more information - for those of you who get the redirects and both AV and Malwarebytes comes up clean (this is important, we don't want to start muddling the waters with unrelated issues) please post your browser name and version. You can usually find this information by going to Help > About, with some of the newer browsers that hide their file menu bar, tap the ALT key, that should show you the Help drop down menu.

I'll start out:
Internet Explorer 9.0.8112.16421 - redirects
Chrome 17.0.963.56 m - Does not redirect
Firefox 10.0.2 - Does not redirect

Since some of the sites that you get redirected to are attempting to download malicious files, I am going to post an announcement in the main forum as well. In the meantime, I would suggest only viewing the Dojoboard with one of the "safe" browser options.