today I tried to open Sciforums, which worked ok, however, it seems that Sciforums server has been hacked and in addition to normal opening, an ADDITIONAL page popped up, apparently redirected from your server. Advised my local police department, who verified the redirect from your server. Below is copy of the redirected site. I did not want to copy the entire page as it contains child pornography. http://finger.startrightnow.co.uk/notabena/2001-6-29.html
Thank you for the heads up. I noticed a pop-up window when I logged into the site before but it was blocked from opening, so I didn't see what it was trying to open. I'll pass this on to the owners right away. Edit to add: I have sent PM's to the admin linking to this thread and also alerting them to what else I had noticed to - site was down sporadically yesterday and today we get pop up window with a redirect.. For everyone else, please do not open the pop-up window if you are alerted or redirected to it. Check your browser to make sure you can get an alert that a pop-up window is trying to open. I will let you all know if I hear anything back in the meantime.
Thank you Bells, FYI, the pop-up site is a scam, with a facsimile of an official FBI warning, accusing the user of engaging in child pornography, with explicit pictures and demanding $300 to somehow avoid further investigation. I nearly had a heart attack when I saw. Not good!!!!!!!! p.s. when I replied to your post, the pop-up did not appear. Apparently it happens only if trying to open the main Sciforums.com site.
Odd... I didn't notice any weird behavior at all... haven't gotten any popups or the like... hm, weird indeed.
Apparently it happens when trying to go directly to (www.Sciforums.com) main site. It does not seem to happen when replying to e-mail notification of a post. I have increased my security level to "High", instead of default "Medium", and listed the redirected spam addy to my restricted site list.
Even then it doesn't come up for me... dunno... What browser are ya'll using? I've tested on Chrome and FireFox with no ill-effects
I've got firefox and its blocking a popup from opening. I dont remember a popup coming onto this site before today. See if it happens when you clear you cache.
It pops up the first time you log into the site's front/main page. I had been having major issues connecting to this site yesterday, as it was constantly down for me. So I am guessing this is when this occurred as the (blocked) pop up appeared after that issue cleared up for me.
No problem. I haven't heard anything back from them, but I sent it to each of the admin. Hopefully it won't be too long. I am not game to open the pop-up. I am not surprised you were concerned. I'd be concerned too. My advice would be to run a scan on your computer as well, just in case.
I have installed Google chrome (instead of IE) and that does block the pop-up. But this does not solve the problem, it just hides it. Thanks for your help notifying admin.
i've noticed my mcafee firewall blocked attempts from IPs that resolve to an address that had the finger service. mcafee gave a little detail, saying it was possibly looking for a trojan.
The server's been under attack for a while, but it's a huge game of whack-a-mole. Just make sure you are using popup blockers since that's how this particular attack is functioning. The site dev's will fix it when they get a chance.
That's due to the method used for the insertion. Sciforums runs on forum software that has a "Poor Man's Cron", it means that some actions that occur on sciforums like cleanups, backups etc are triggered by people visiting the site and clicking the page. I would guess that the attack has exploited that Cron method and injects URL's into pages at the intervals where the Cronjob would be triggered. (The event isn't triggered with every page load or every user) I'll make sure the devs are informed. I'm not entirely sure if the page is then being rewritten afterwards by something the dev's setup or there is a rotation in regards to what URL will popup next from the hackers exploit.
Here's a great pop-up blocker for anyone that wants to install one (also blocks ads on youtube videos for example): https://adblockplus.org/ Please Register or Log in to view the hidden image!
Unfortunately, I had previously allowed popup windows from here. This morning when I first logged in, there was nothing wrong, but on my second visit my screen filled up with new tabs, all of which told me my browser had been locked and I'd been reported to the FBI. That didn't quite crash me, but Windows users may have a different story. I had to manually delete my session restore files twice before I managed to shut the screaming child up. I hope y'all can flush the toilet soon. Please Register or Log in to view the hidden image!
my browser also did this, but i'm not sure if i was visiting sciforums at the time. it locked up my machine to the point i had to do a cold boot. also, i've disabled system restore and my browser deletes the cache when it closes. these two items helps to keep from storing any such "funnyware". i also have mcafee securityscan and virus scan installed, along with tune-up utilities which removes certain registry entries. i don't know if any of this relates to the current problem or not.
I'd suggest anyone using Windows XP/Vista and using older version of Internet Explorer to cease visiting the site until the problems been fixed. Those operating systems and software are what most exploits are aimed at nowadays and there is little to protect them from getting infected (even with AV) You might want to also make sure that you don't have any USB storage devices plugged in as some of those payloads might actually end up being true Ransomware. (If you are going to be here, make sure you've backed up all your personal data just encase the worst happens.)
It happened to me yesterday too. I finally figured out how to escape from that disgusting page and it hasn't appeared since. I used Windows Defender to check my system and nothing came up.
Incidentally I'm unsure if it's a targeted attack or if it's down to a worm within the infrastructure of Sciforums servers, that's something only the dev's would know.