geekhack hacked again!?
-
thegunner100
- Location: NYC, USA
- Main keyboard: "Sakura" Realforce 87u 55g
- Main mouse: Logitech G5(v2)
- Favorite switch: Topre 45/55g
- DT Pro Member: -
^Coming from a mod.
I'm afraid to post anything until I know that it won't be rolled back.
I'm afraid to post anything until I know that it won't be rolled back.
-
TexasFlood
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
So earlier I hadn't hit the main page which is why I hadn't seen this. I did get redirected upon hitting the main page. Again, I'm not that worried about it being a threat to my PC.
-
mkawa
- Location: USA
- DT Pro Member: -
well, given that they're redirecting you to arbitrary code, you should definitely be avoiding the root page. then again, i keep clicking the damned "forum" button at the top too, so i know your pain.
my feeling is that, although we are probably looking at another db rollback, and possibly some significant changes, we have some freedom right now on when that happens, so we can give people a chance to save their transactions before we bring the forum back into working order and are forced to lose data on gh's end.
my feeling is that, although we are probably looking at another db rollback, and possibly some significant changes, we have some freedom right now on when that happens, so we can give people a chance to save their transactions before we bring the forum back into working order and are forced to lose data on gh's end.
-
mkawa
- Location: USA
- DT Pro Member: -
for the time being, please using the google cache of index.php as the front page, and try to stop yourself from clicking the "forum" bottom on the title bar 
http://webcache.googleusercontent.com/s ... 0&bih=1321
http://webcache.googleusercontent.com/s ... 0&bih=1321
-
TexasFlood
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
Sure, there's no point of going to the main page, was just checking it earlier.
I'm not that worried about it but no point in tempting fate either.
I'm not that worried about it but no point in tempting fate either.
-
thegunner100
- Location: NYC, USA
- Main keyboard: "Sakura" Realforce 87u 55g
- Main mouse: Logitech G5(v2)
- Favorite switch: Topre 45/55g
- DT Pro Member: -
I rarely actually go to the index page. I usually just chill at the spy 
-
TexasFlood
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
Just to be clear, I meant there is no point in going to the index page NOW since it's broke and will just redirect you anyway. Thanks mkawa for posting the google cache if case someone needs it.
-
ripster
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
I will chill until you experts say it is safe.
http://www.overclock.net/t/1247033/geek ... t_17581368
Ouch!
http://www.overclock.net/t/1247033/geek ... t_17581368
itznfb wrote:For the past week or so Geekhack has been infecting every visitor with multiple trojans. Surprisingly my work's Symantec Endpoint Protection was the ONLY thing that caught it. I tested with 30 or so other AntiVirus and AntiMalware apps and nothing picked it up. Mainly because its java scripts running that are downloading and running trojans from appdata or temp space. They aren't actually installing anything or trying to gain privileged access. My Linux and OSX machines were infected as well. I caught the outgoing keystrokes with network traces.
Turn off java if you're going to visit Geekhack. The Admin needs some help from someone who has a clue about running a web site.
Ouch!
Turn off java if you're going to visit Geekhack. The Admin needs some help from someone who has a clue about running a web site.
Last edited by ripster on 28 Jun 2012, 08:47, edited 1 time in total.
-
Input Nirvana
- Location: San Francisco bay area, California, USA
- Main keyboard: Kinesis Advantage
- Main mouse: Rollermouse Free2
- DT Pro Member: -
Crap! I run OSX.
WTF do I gotta do about this? NOW I'm pissed.
WTF do I gotta do about this? NOW I'm pissed.
-
thegunner100
- Location: NYC, USA
- Main keyboard: "Sakura" Realforce 87u 55g
- Main mouse: Logitech G5(v2)
- Favorite switch: Topre 45/55g
- DT Pro Member: -
Funny, I run Symantec Endpoint Protection and it hasnt picked up on anything even though javascript is turned on in Opera. But then again, I havent visited the index page since GH was back up.
-
ripster
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
Wait, you guys left JavaScript ON?
Itoldyou...
http://deskthority.net/off-topic-f10/ge ... tml#p55850
SO!
Itoldyou...
http://deskthority.net/off-topic-f10/ge ... tml#p55850
SO!
-
osea23
- Location: Bay Area, California
- Main keyboard: Ducky Shine MX Brown w/ Green LED
- Main mouse: Razer Deathadder
- Favorite switch: Cherry MX Brown
- DT Pro Member: -
Sorta scared right now. Just went onto the site and got the rootworm page. Ran MalwareBytes and Microsoft Windows Malicious Removal Tool and both haven't picked up anything yet. Will run MSE soon. *facepalm* Why did I just log onto PayPal.
-
TexasFlood
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
Holy crap! Overreact much?
Read up on Alescurf.C for yourself at Microsoft or Symantecc.
All I can see that this thing does is redirect you to a shady web site and pass along some information from your browser. Is this a good thing? No. But sites get info from your browser all the time, if you want to avoid this I suggest following Ripsters advice about gtunnel above. Is it "infecting every visitor with multiple trojans" and "sending keystrokes" out? I doubt it, there is nothing to indicate this except an unsubstantiated post claiming so.
Microsoft:
Summary
Trojan:JS/Alescurf.C is a encrypted JavaScript trojan, which is injected into HTML files. It redirects the user to a certain webpage.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Symantec:
This malicious JavaScript may be injected into legitimate Web pages.
When a user visits the page, the threat gathers certain information from the computer, including:
Computer environment
Screen resolution
Web browser
The gathered information is then sent to the following remote location: [http://]91.196.216.64/[REMOVED]
Read up on Alescurf.C for yourself at Microsoft or Symantecc.
All I can see that this thing does is redirect you to a shady web site and pass along some information from your browser. Is this a good thing? No. But sites get info from your browser all the time, if you want to avoid this I suggest following Ripsters advice about gtunnel above. Is it "infecting every visitor with multiple trojans" and "sending keystrokes" out? I doubt it, there is nothing to indicate this except an unsubstantiated post claiming so.
Microsoft:
Summary
Trojan:JS/Alescurf.C is a encrypted JavaScript trojan, which is injected into HTML files. It redirects the user to a certain webpage.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Symantec:
This malicious JavaScript may be injected into legitimate Web pages.
When a user visits the page, the threat gathers certain information from the computer, including:
Computer environment
Screen resolution
Web browser
The gathered information is then sent to the following remote location: [http://]91.196.216.64/[REMOVED]
-
ripster
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
The_Beast
Join Date
Jan 2012
Location
Wisconsin
Posts
340
Can I blame ripster?
I might know a hosting service, I'll ask him tomorrow. He's pretty good at dealing with DDOS attacks (which I don't think this was) and other web stuff.
hey, HEY!
ಠ_ಠ
And about that donation....
-
mkawa
- Location: USA
- DT Pro Member: -
further discussion on the otherwise non-defaced geekhack is happening here: http://geekhack.org/showthread.php?3296 ... -Redirects
-
ripster
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
Microsoft Security isn't exactly foolproof.TexasFlood wrote:Holy crap! Overreact much?
Read up on Alescurf.C for yourself at Microsoft or Symantecc.
All I can see that this thing does is redirect you to a shady web site and pass along some information from your browser. Is this a good thing? No. But sites get info from your browser all the time, if you want to avoid this I suggest following Ripsters advice about gtunnel above. Is it "infecting every visitor with multiple trojans" and "sending keystrokes" out? I doubt it, there is nothing to indicate this except an unsubstantiated post claiming so.
Microsoft:
Summary
Trojan:JS/Alescurf.C is a encrypted JavaScript trojan, which is injected into HTML files. It redirects the user to a certain webpage.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Symantec:
This malicious JavaScript may be injected into legitimate Web pages.
When a user visits the page, the threat gathers certain information from the computer, including:
Computer environment
Screen resolution
Web browser
The gathered information is then sent to the following remote location: [http://]91.196.216.64/[REMOVED]
http://www.reddit.com/r/worldnews/comme ... _set_fire/
Last edited by ripster on 28 Jun 2012, 08:41, edited 1 time in total.
-
ripster
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
Where do I get alerts on the otherwise defaced Geekhack?mkawa wrote:further discussion on the otherwise non-defaced geekhack is happening here: http://geekhack.org/showthread.php?3296 ... -Redirects
SURPRISE!mkawa wrote:in particular, i've talked to a friend that runs a vB-based forum with 3-5k concurrent users, and his conclusion (and opener) was "vB 4 is garbage, that's what your problem is"
You guys want to hear what I think of your Wiki platform?R00TW0RM
-
ripster
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
r00tw0rms......Nasty looking things..
http://www.ipm.iastate.edu/ipm/icm/node/2428/print
Don't want them in my iPad Nosiree!
The sad thing Is I buy Farmer's Market Organic Corn so have most likely eaten one or two.
http://www.ipm.iastate.edu/ipm/icm/node/2428/print
Don't want them in my iPad Nosiree!
The sad thing Is I buy Farmer's Market Organic Corn so have most likely eaten one or two.
-
codehead
- Location: Finland
- Main keyboard: Monterey K108,Matias Tactile Pro 4.0,IBM Model M
- Main mouse: Any mouse will do
- Favorite switch: Blue SMK Alps, Matias Clicky,Buckling Spring
- DT Pro Member: -
I'm stunned. The site's been hacked for like what, 3-4 times during a year. Maybe it's time to do something? Amateurs like that should be banned for hosting websites..