Author Topic: Forum Hacked?  (Read 18978 times)

0 Members and 1 Guest are viewing this topic.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Forum Hacked?
« on: March 22, 2008, 05:43:28 PM »
Attempts to access the forum were being diverted to a web page that never seemed to load on a hacked Turkish music site.

hxxp://www[dot]canlimuzik[dot]org/msn[dot]html

Was the forum itself hacked?

This was just before the English forum disappeared to be replaced by the Czech one.

Was the page above an exploit?

Nothing seemed to load on Ubuntu.
« Last Edit: March 22, 2008, 05:47:47 PM by FreewheelinFrank »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4165
  • Some days..... MOS...this bug's for you
Re: Forum Hacked?
« Reply #1 on: March 22, 2008, 05:47:07 PM »
Where's the rest of your post?  ;)

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Forum Hacked?
« Reply #2 on: March 22, 2008, 05:49:04 PM »
Sorry. Hit the wrong key somewhere.  :-[
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4165
  • Some days..... MOS...this bug's for you
Re: Forum Hacked?
« Reply #3 on: March 22, 2008, 05:51:35 PM »
I'd just like to hear your comment on the appearance of the forum.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Forum Hacked?
« Reply #4 on: March 22, 2008, 05:56:08 PM »
This was the message on canlimusic.org:

Quote
sitemiz bir hacker tarafýndan saldýrýya ugramýstýr.onlemler alýnana kadar kapalý kalacaktýr.

Our site has been attacked by a hacker. It will remain closed until measures have been taken.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Online bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34882
  • 57 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Forum Hacked?
« Reply #5 on: March 22, 2008, 05:57:13 PM »
Free avast! Security Seminar: http://www.authorstream.com/Presentation/bob3160-1425909-protecting-yourself/    -  Important: http://www.organdonor.gov/ -- My Blog: http://bob3160.blogspot.com/ - Win 10 Pro v1703 64bit, 8 Gig Ram, AvastFree 17.5.2302, WinPatrol, Unchecky How to Successfully Install Avast http://goo.gl/VLXde

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Forum Hacked?
« Reply #6 on: March 22, 2008, 06:01:14 PM »
Quote
I'd just like to hear your comment on the appearance of the forum.

My experience was that the forum address was being diverted to the site above for several minutes, before the Czech forum came up in it's place. My guess is the English forum got hacked and hastily taken off line.

No page seemed to load from the divert address. It was impossible to scan with Link Scanner, and I couldn't view the source.

I wonder what was going on?  ???
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2328
  • The only true failure is when you give up
Re: Forum Hacked?
« Reply #7 on: March 22, 2008, 06:03:01 PM »
I did a nice scan of my pc with superantispyware shortly after i released something "odd" was happening and even decided to temp enable NoScript xD

--lee

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Forum Hacked?
« Reply #8 on: March 22, 2008, 06:06:03 PM »
Quote
http://forum.avast.com/index.php?topic=34038.0


Yes, I noticed that thread, but nobody had mentioned the forum being diverted to a suspicious page.

A possible forum hack seemed to be worse that a bit of Czech appearing on the forum, and worth it's own thread (and a dramatic headline!).
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Forum Hacked?
« Reply #9 on: March 22, 2008, 06:12:33 PM »
The divert site was malicious:
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4165
  • Some days..... MOS...this bug's for you
Re: Forum Hacked?
« Reply #10 on: March 22, 2008, 06:20:23 PM »
Okay I changed the name of my origonal post. I wasn't redirected to any other place than the czech forum, so I must have been after you. If I would have, I would have mentioned it.

I wonder if the name has to be used to prevent the redirect?

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4863
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Forum Hacked?
« Reply #11 on: March 22, 2008, 06:31:16 PM »
Looks like forum visitors were exposed to an exploit, unfortunately one that avast! doesn't catch.

It a VBS exploit, which means that anyone with an out of date version of MS IE who happened to visit at that time has probably got pwned.

No idea what's causing the residual bit of Czech. Alwial staff will have to confirm what went on.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67121
Re: Forum Hacked?
« Reply #12 on: March 22, 2008, 06:33:14 PM »
Attempts to access the forum were being diverted to a web page that never seemed to load on a hacked Turkish music site.
hxxp://www[dot]canlimuzik[dot]org/msn[dot]html
Yes... Google stopped the hijacking...
I've tested Firefox and IE, Vista and Kubuntu...
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67121
Re: Forum Hacked?
« Reply #13 on: March 22, 2008, 06:35:51 PM »
K9 would block it as being Spyware/Malware Source and Pornography...
Again layered defense protect us when avast seems to fail...
The best things in life are free.

Offline lee20

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2328
  • The only true failure is when you give up
Re: Forum Hacked?
« Reply #14 on: March 22, 2008, 06:36:32 PM »
Quote
anyone with an out of date version of MS IE who happened to visit at that time has probably got pwned.

Imba firefox!

Anyway, glad to see most people didn't get hit by the exploits end intention, but anyone who did visit here and wasn't patched will prob be back with hijackthis/combofix logs soon  ::)

Quote
Again layered defense protect us when avast seems to fail...

Avast not officially a spyware scanner till 4.8 right? xD

--lee
« Last Edit: March 22, 2008, 06:38:35 PM by lee19 »

"Anyone who has never made a mistake has never tried anything new."-Albert Einstein

Comodo Firewall, Avast 4.8, SpywareBlaster, Spybot + superantispyware, PeerGuardian and ALL software patched!