View previous topic :: View next topic |
Author |
Message |
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21243 Location: Chicago, IL |
Posted: Thu Oct 06, 2011 8:42 am Post subject: We were hacked overnight |
|
|
So some of you might have had your Spam Blocker software get tripped earlier when the forum tried to re-direct you somewhere else, but I have fixed it now. Hopefully I found all the places where they put their code. _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
vickyg2003 Site Admin
Joined: 20 Mar 2004 Posts: 7073 Location: Florida |
Posted: Thu Oct 06, 2011 8:53 am Post subject: |
|
|
Thanks for fixing this Rob, the sight that they sent me to was a little frightening.
I wish the hacker/spammers would just leave us alone! _________________ Remember to provide feedback to let us know how the problem was solved and share your upgrades.
Tip: When creating an upgrade, always include ALL functions from the oem remote, even if you never plan on assigning them to a button. Complete function lists makes an upgrade more helpful to others.
|
|
Back to top |
|
|
3FG Expert
Joined: 19 May 2009 Posts: 3368
|
Posted: Thu Oct 06, 2011 9:50 am Post subject: |
|
|
The site I was sent to wasn't frightening, but my wife (who happened to be passing) wanted to know what the heck I was doing! |
|
Back to top |
|
|
vickyg2003 Site Admin
Joined: 20 Mar 2004 Posts: 7073 Location: Florida |
Posted: Thu Oct 06, 2011 10:10 am Post subject: |
|
|
3FG wrote: | The site I was sent to wasn't frightening, but my wife (who happened to be passing) wanted to know what the heck I was doing! |
Probably the same site. |
|
Back to top |
|
|
eferz Expert
Joined: 03 Jun 2010 Posts: 1078 Location: Austin, Texas |
Posted: Thu Oct 06, 2011 10:26 am Post subject: Re: We were hacked overnight |
|
|
The Robman wrote: | So some of you might have had your Spam Blocker software get tripped earlier when the forum tried to re-direct you somewhere else, but I have fixed it now. Hopefully I found all the places where they put their code. |
Actually my SPAM blocker didn't catch that since it wasn't an email. Though, the AVAST Web Shield blocked the site "www2.simplegjcleaner.rr.nu" due to the trojan named, "JS:FakeAV-HZ" on the page it was trying to connect. _________________ Remotes; JP1.2: Comcast URC-1067, JP1.3: Insignia NS-RC02U-10A, JP1.4 OARI06G, JP2.1: Cox URC-8820-MOTO (still trying to figure out how to make them self-aware.) |
|
Back to top |
|
|
vickyg2003 Site Admin
Joined: 20 Mar 2004 Posts: 7073 Location: Florida |
Posted: Thu Oct 06, 2011 10:52 am Post subject: |
|
|
They have hacked the wiki too. Can't get anywhere without seeing things I'd rather not see. |
|
Back to top |
|
|
eferz Expert
Joined: 03 Jun 2010 Posts: 1078 Location: Austin, Texas |
Posted: Thu Oct 06, 2011 12:52 pm Post subject: |
|
|
vickyg2003 wrote: | They have hacked the wiki too. Can't get anywhere without seeing things I'd rather not see. |
Try Avast, I'm using the free version and once it detects the trojan it will block the destination link permanently allowing you to freely navigate through the wiki worry free. _________________ Remotes; JP1.2: Comcast URC-1067, JP1.3: Insignia NS-RC02U-10A, JP1.4 OARI06G, JP2.1: Cox URC-8820-MOTO (still trying to figure out how to make them self-aware.) |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21243 Location: Chicago, IL |
Posted: Thu Oct 06, 2011 5:08 pm Post subject: |
|
|
I've spent all day cleaning the wiki and I've got most of the stuff out, but obviously not all of it because when I go to the wiki page, I see it reference sweepstakesandcontestsinfo.com which is part of the hacked code. _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
vickyg2003 Site Admin
Joined: 20 Mar 2004 Posts: 7073 Location: Florida |
Posted: Thu Oct 06, 2011 5:35 pm Post subject: |
|
|
Thanks again for your efforts. |
|
Back to top |
|
|
mathdon Expert
Joined: 22 Jul 2008 Posts: 4523 Location: Cambridge, UK |
Posted: Fri Oct 07, 2011 3:29 am Post subject: |
|
|
I am using Norton 360 version 5, which identified the hack and blocked my access to the JP1 site, telling me that it was trying to access Fake AV Website 24. Indeed, because of the time difference between here (UK) and the US, I discovered the hack while Rob was still asleep and drew his attention to it.
Whatever is left of the hack in the Wiki is still enough to activate Norton 360. I cannot access the Wiki link at all. I get the same message from Norton and the browser shows I have been redirected to:
http:/ /www3.bustdy.in/?v2d3atte=mqfNl56pqZyYm%2BPdyLapWNinzbGnlpmqqKaUrqdmmlc%3D
(I've put a space between the two /'s so that it doesn't show as a hyperlink) So some users, like me, will be unable to use the Wiki until it has been fully cleaned. _________________ Graham |
|
Back to top |
|
|
The Robman Site Owner
Joined: 01 Aug 2003 Posts: 21243 Location: Chicago, IL |
Posted: Fri Oct 07, 2011 2:55 pm Post subject: |
|
|
Can you guys try the wiki now and tell me if it's working for you. I don't see the tell-tale sign of the hacker's URL anymore when I try it. _________________ Rob
www.hifi-remote.com
Please don't PM me with remote questions, post them in the forums so all the experts can help! |
|
Back to top |
|
|
mathdon Expert
Joined: 22 Jul 2008 Posts: 4523 Location: Cambridge, UK |
Posted: Fri Oct 07, 2011 5:12 pm Post subject: |
|
|
I've only had a quick look but it seems fine now and it didn't trigger Norton to block anything. Many thanks. _________________ Graham |
|
Back to top |
|
|
|