Possible hacker of Sciforums

Discussion in 'Site Feedback' started by Write4U, Sep 17, 2014.

  1. Write4U Valued Senior Member

    Messages:
    20,069
    today I tried to open Sciforums, which worked ok, however, it seems that Sciforums server has been hacked and in addition to normal opening, an ADDITIONAL page popped up, apparently redirected from your server.

    Advised my local police department, who verified the redirect from your server.

    Below is copy of the redirected site. I did not want to copy the entire page as it contains child pornography.

    http://finger.startrightnow.co.uk/notabena/2001-6-29.html
     
  2. Guest Guest Advertisement



    to hide all adverts.
  3. Bells Staff Member

    Messages:
    24,270
    Thank you for the heads up. I noticed a pop-up window when I logged into the site before but it was blocked from opening, so I didn't see what it was trying to open. I'll pass this on to the owners right away.

    Edit to add:

    I have sent PM's to the admin linking to this thread and also alerting them to what else I had noticed to - site was down sporadically yesterday and today we get pop up window with a redirect..

    For everyone else, please do not open the pop-up window if you are alerted or redirected to it. Check your browser to make sure you can get an alert that a pop-up window is trying to open.

    I will let you all know if I hear anything back in the meantime.
     
  4. Guest Guest Advertisement



    to hide all adverts.
  5. Write4U Valued Senior Member

    Messages:
    20,069
    Thank you Bells, FYI, the pop-up site is a scam, with a facsimile of an official FBI warning, accusing the user of engaging in child pornography, with explicit pictures and demanding $300 to somehow avoid further investigation. I nearly had a heart attack when I saw.
    Not good!!!!!!!!

    p.s. when I replied to your post, the pop-up did not appear. Apparently it happens only if trying to open the main Sciforums.com site.
     
  6. Guest Guest Advertisement



    to hide all adverts.
  7. Kittamaru Ashes to ashes, dust to dust. Adieu, Sciforums. Valued Senior Member

    Messages:
    13,938
    Odd... I didn't notice any weird behavior at all... haven't gotten any popups or the like... hm, weird indeed.
     
  8. Write4U Valued Senior Member

    Messages:
    20,069
    Apparently it happens when trying to go directly to (www.Sciforums.com) main site. It does not seem to happen when replying to e-mail notification of a post.

    I have increased my security level to "High", instead of default "Medium", and listed the redirected spam addy to my restricted site list.
     
  9. Kittamaru Ashes to ashes, dust to dust. Adieu, Sciforums. Valued Senior Member

    Messages:
    13,938
    Even then it doesn't come up for me... dunno...

    What browser are ya'll using? I've tested on Chrome and FireFox with no ill-effects
     
  10. milkweed Valued Senior Member

    Messages:
    1,654
    I've got firefox and its blocking a popup from opening. I dont remember a popup coming onto this site before today.

    See if it happens when you clear you cache.
     
  11. origin Heading towards oblivion Valued Senior Member

    Messages:
    11,888
    I had the popup too it was blocked though.
     
  12. Bells Staff Member

    Messages:
    24,270
    It pops up the first time you log into the site's front/main page.

    I had been having major issues connecting to this site yesterday, as it was constantly down for me. So I am guessing this is when this occurred as the (blocked) pop up appeared after that issue cleared up for me.
     
  13. Bells Staff Member

    Messages:
    24,270
    No problem.

    I haven't heard anything back from them, but I sent it to each of the admin. Hopefully it won't be too long.

    I am not game to open the pop-up. I am not surprised you were concerned. I'd be concerned too. My advice would be to run a scan on your computer as well, just in case.
     
  14. Write4U Valued Senior Member

    Messages:
    20,069
    I have installed Google chrome (instead of IE) and that does block the pop-up. But this does not solve the problem, it just hides it.

    Thanks for your help notifying admin.
     
  15. leopold Valued Senior Member

    Messages:
    17,455
  16. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    The server's been under attack for a while, but it's a huge game of whack-a-mole. Just make sure you are using popup blockers since that's how this particular attack is functioning. The site dev's will fix it when they get a chance.
     
  17. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    That's due to the method used for the insertion. Sciforums runs on forum software that has a "Poor Man's Cron", it means that some actions that occur on sciforums like cleanups, backups etc are triggered by people visiting the site and clicking the page. I would guess that the attack has exploited that Cron method and injects URL's into pages at the intervals where the Cronjob would be triggered. (The event isn't triggered with every page load or every user) I'll make sure the devs are informed.

    I'm not entirely sure if the page is then being rewritten afterwards by something the dev's setup or there is a rotation in regards to what URL will popup next from the hackers exploit.
     
  18. Enmos Valued Senior Member

    Messages:
    43,184
  19. Dr_Toad It's green! Valued Senior Member

    Messages:
    2,527
    Unfortunately, I had previously allowed popup windows from here. This morning when I first logged in, there was nothing wrong, but on my second visit my screen filled up with new tabs, all of which told me my browser had been locked and I'd been reported to the FBI.

    That didn't quite crash me, but Windows users may have a different story. I had to manually delete my session restore files twice before I managed to shut the screaming child up.

    I hope y'all can flush the toilet soon.

    Please Register or Log in to view the hidden image!

     
  20. leopold Valued Senior Member

    Messages:
    17,455
    my browser also did this, but i'm not sure if i was visiting sciforums at the time.
    it locked up my machine to the point i had to do a cold boot.

    also, i've disabled system restore and my browser deletes the cache when it closes.
    these two items helps to keep from storing any such "funnyware".
    i also have mcafee securityscan and virus scan installed, along with tune-up utilities which removes certain registry entries.

    i don't know if any of this relates to the current problem or not.
     
  21. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    I'd suggest anyone using Windows XP/Vista and using older version of Internet Explorer to cease visiting the site until the problems been fixed. Those operating systems and software are what most exploits are aimed at nowadays and there is little to protect them from getting infected (even with AV)

    You might want to also make sure that you don't have any USB storage devices plugged in as some of those payloads might actually end up being true Ransomware.

    (If you are going to be here, make sure you've backed up all your personal data just encase the worst happens.)
     
  22. Magical Realist Valued Senior Member

    Messages:
    16,607
    It happened to me yesterday too. I finally figured out how to escape from that disgusting page and it hasn't appeared since. I used Windows Defender to check my system and nothing came up.
     
  23. Stryder Keeper of "good" ideas. Valued Senior Member

    Messages:
    13,105
    Incidentally I'm unsure if it's a targeted attack or if it's down to a worm within the infrastructure of Sciforums servers, that's something only the dev's would know.
     
    Quantum Quack likes this.

Share This Page