Page Index Toggle Pages: [1] 2 
Topic Tools
Very Hot Topic (More than 25 Replies) Grrrr - another Server Farm blitzo - (Read 5,154 times)
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,809
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Grrrr - another Server Farm blitzo -
Reply #27 - Feb 14th, 2013 at 5:16pm
Post Tools
I think I know what the hack is, but I do not have any of the needed resources to fully investigate and cure the problem - only the host is in that position.

But I will continue being the feces warden.

Lips Sealed

  

I find your lack of faith disturbing.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,809
Location: Land of the Blazing Sun!

YaBB 2.6.0
Re: Grrrr - another Server Farm blitzo -
Reply #26 - Feb 14th, 2013 at 5:11pm
Post Tools
YET AGAIN

same dog poop - now cleaned up

Chief dog poop collector
Angry

  

yabb_clean-4_001.png ( 112 KB | 58 Downloads )
yabb_clean-4_001.png

I find your lack of faith disturbing.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Online



Posts: 2,250
Location: Earth

YaBB 2.6.0
Re: Grrrr - another Server Farm blitzo -
Reply #25 - Feb 14th, 2013 at 4:15pm
Post Tools
2.5.2 is running the same Admin.pl as 2.5AE - and the differences in code between 2.4 and 2.5 is cosmetic, not functional.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #24 - Feb 14th, 2013 at 1:48pm
Post Tools
Quote:
I take that back my forum admin is trying to redirect to gabriellerosephotography.com


Have located the code where this is coming from and posted it up on the Team Board for Jon to play with when he comes online.
  
Back to top
 
IP Logged
 
westwegoman
Ex Member
**




None
Re: Grrrr - another Server Farm blitzo -
Reply #23 - Feb 14th, 2013 at 11:51am
Post Tools
It affects my admin centers every time yabbforum gets hacked. I have removed most of the links in the admin center, which has stopped it for the most part.

2.5AE and 2.5.2
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,599
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #22 - Feb 14th, 2013 at 10:28am
Post Tools
Quote:
I take that back my forum admin is trying to redirect to

Our 2.4 forum admin is operating normally. I wonder if this has anything to do with version 2.5.2 and how it relates to respective "What's new at YaBB?" sections?

In other words, can it be that malicious code has gotten through to this forum again, and as such, it would be getting through to every forum that opens its respective Admin Centers?

If so, is this affecting just 2.5.2 or previous versions as well since the same news/page feed would be coming through?

Maybe Jon can shed light on what could be going on.

Edited:
And he has! Smiley

JonB wrote on Feb 14th, 2013 at 6:02pm:
I can say this - I know exactly 'what' is happening (and what files get injections).


« Last Edit: Feb 14th, 2013 at 7:44pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #21 - Feb 14th, 2013 at 10:18am
Post Tools
Quote:
All back to normal now.  Wish I had of captured the details from the warning page.  It definitely came from Google.

Also gone from my forum admin page.

To me what it says is the spammers are getting serious because we are being successful in stopping them from registering and posting. Smiley


I take that back my forum admin is trying to redirect to gabriellerosephotography.com

This sux
  
Back to top
 
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #20 - Feb 14th, 2013 at 10:16am
Post Tools
All back to normal now.  Wish I had of captured the details from the warning page.  It definitely came from Google.

Also gone from my forum admin page.

To me what it says is the spammers are getting serious because we are being successful in stopping them from registering and posting. Smiley
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,599
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #19 - Feb 14th, 2013 at 10:06am
Post Tools
Quote:
As of this very moment it is still not right.  I have bypassed my security settings to post this. Here is the warning.

I can confirm what Derek has reported. I had forgotten this happened to me earlier, which is why I didn't report it here.

What I ended up doing was going through the process of that warning, and then clicking the link that stated yabbforum.com is not an attack site.

I should point out, too, that I got an online message after my report telling me that yabbforum.com was clear, and that it's not an attack site. So I don't know why that message is coming up.

I think what may have happened was that the spammers who got through numerous times back on February 1st caused this forum to be temporarily listed as an attack site.

« Last Edit: Feb 14th, 2013 at 10:33am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #18 - Feb 14th, 2013 at 9:57am
Post Tools
Same warning is coming up in my forum admin page
  
Back to top
 
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #17 - Feb 14th, 2013 at 9:56am
Post Tools
As of this very moment it is still not right.  I have bypassed my security settings to post this. Here is the warning.
  

attacks.png ( 59 KB | 57 Downloads )
attacks.png
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,599
Location: Los Angeles

YaBB 2.4
Re: Grrrr - another Server Farm blitzo -
Reply #16 - Feb 14th, 2013 at 9:32am
Post Tools
Jon, this forum is obviously up for me as of this post, but recently a couple of people seem to be having some trouble with it if you want to check things out.

Source:
Quote:
It seems the jackwads have jacked up yabbforum.com again. (Spammers)

Source:
Quote:
She's gone under again.

If it means anything, I am noticing something strange in the upper left hand corner of this forum. Maybe that will give you a clue about what could be happening, if anything is happening.

After all, as of this post at least, this forum is up for me.

Edited:
Upper left hand corner while using Chrome, Firefox, and Safari (looks kind of like a line of periods in Firefox). Internet Explorer seems fine, but it's actually happening with that browser as well (it simply disappears very quickly).

« Last Edit: Feb 14th, 2013 at 9:45am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
Elrick.
YaBB Moderators
Beta Testers
***
Offline



Posts: 163
Location: Edge of the Abyss

YaBB 2.6.0
Re: Grrrr - another Server Farm blitzo -
Reply #15 - Feb 2nd, 2013 at 3:18pm
Post Tools
Quick and effective actions Jon. You could have had a lying in for a while were it not for those hackers!. Wink  You can set up 'cron jobs' in cpanel. Those are scripts that run at specific commands on htacces file and send the hackers a nice present (like run disk reconfig)!!! with a bit of malware from your thoughts!! Roll Eyes So they wont forget you!!.

Time to reconsider Admin Update Insert as optional?
  

<div class=
Back to top
 
IP Logged
 
Derek Bullock
Ex Member


Re: Grrrr - another Server Farm blitzo -
Reply #14 - Feb 2nd, 2013 at 1:22am
Post Tools
Well done JonB.

Thanks
  
Back to top
 
IP Logged
 
westwegoman
Ex Member
**




None
Re: Grrrr - another Server Farm blitzo -
Reply #13 - Feb 1st, 2013 at 6:54pm
Post Tools
JonB wrote on Feb 1st, 2013 at 6:46pm:
@ westwegoman - Please clean your cache again and see if your AV reports anything in IE when using the forum.

All looks normal now. Looks like you got it Smiley
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
Bookmarks: del.icio.us Digg Facebook Google Google+ Linked in reddit StumbleUpon Twitter Yahoo
 
  « Board Index ‹ Board  ^Top