We were hacked overnight

Post by **The Robman** » Thu Oct 06, 2011 7:42 am

So some of you might have had your Spam Blocker software get tripped earlier when the forum tried to re-direct you somewhere else, but I have fixed it now. Hopefully I found all the places where they put their code.

Post by **vickyg2003** » Thu Oct 06, 2011 7:53 am

Thanks for fixing this Rob, the sight that they sent me to was a little frightening.

I wish the hacker/spammers would just leave us alone!

3FG · Post by **3FG** » Thu Oct 06, 2011 8:50 am

The site I was sent to wasn't frightening, but my wife (who happened to be passing) wanted to know what the heck I was doing!

Post by **vickyg2003** » Thu Oct 06, 2011 9:10 am

3FG wrote:The site I was sent to wasn't frightening, but my wife (who happened to be passing) wanted to know what the heck I was doing!

Probably the same site.

eferz · Post by **eferz** » Thu Oct 06, 2011 9:26 am

The Robman wrote:So some of you might have had your Spam Blocker software get tripped earlier when the forum tried to re-direct you somewhere else, but I have fixed it now. Hopefully I found all the places where they put their code.

Actually my SPAM blocker didn't catch that since it wasn't an email. Though, the AVAST Web Shield blocked the site "www2.simplegjcleaner.rr.nu" due to the trojan named, "JS:FakeAV-HZ" on the page it was trying to connect.

Post by **vickyg2003** » Thu Oct 06, 2011 9:52 am

They have hacked the wiki too. Can't get anywhere without seeing things I'd rather not see.

eferz · Post by **eferz** » Thu Oct 06, 2011 11:52 am

vickyg2003 wrote:They have hacked the wiki too. Can't get anywhere without seeing things I'd rather not see.

Try Avast, I'm using the free version and once it detects the trojan it will block the destination link permanently allowing you to freely navigate through the wiki worry free.

Post by **The Robman** » Thu Oct 06, 2011 4:08 pm

I've spent all day cleaning the wiki and I've got most of the stuff out, but obviously not all of it because when I go to the wiki page, I see it reference sweepstakesandcontestsinfo.com which is part of the hacked code.

Post by **vickyg2003** » Thu Oct 06, 2011 4:35 pm

Thanks again for your efforts.

Post by **mathdon** » Fri Oct 07, 2011 2:29 am

I am using Norton 360 version 5, which identified the hack and blocked my access to the JP1 site, telling me that it was trying to access Fake AV Website 24. Indeed, because of the time difference between here (UK) and the US, I discovered the hack while Rob was still asleep and drew his attention to it.

Whatever is left of the hack in the Wiki is still enough to activate Norton 360. I cannot access the Wiki link at all. I get the same message from Norton and the browser shows I have been redirected to:

http:/ /www3.bustdy.in/?v2d3atte=mqfNl56pqZyYm%2BPdyLapWNinzbGnlpmqqKaUrqdmmlc%3D

(I've put a space between the two /'s so that it doesn't show as a hyperlink) So some users, like me, will be unable to use the Wiki until it has been fully cleaned.

Post by **The Robman** » Fri Oct 07, 2011 1:55 pm

Can you guys try the wiki now and tell me if it's working for you. I don't see the tell-tale sign of the hacker's URL anymore when I try it.

Post by **mathdon** » Fri Oct 07, 2011 4:12 pm

I've only had a quick look but it seems fine now and it didn't trigger Norton to block anything. Many thanks.

JP1 Remotes

We were hacked overnight

We were hacked overnight

Re: We were hacked overnight