Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47
  1. #1
    Casual Long-Time Poster
    Join Date
    Feb 2007
    Location
    Look behind you
    Posts
    1,557

    Gamesforum infected?

    Hey everyone,

    I am a little concerned about Gamesforum.

    I have came across the problem where whenever I try to access gamesforum without having already got browsing data from it, I get redirected to hxxp://www.url123.info/067271ea (link intentionally corrupted, I don't want people to accidentally click it). This website is stuffed with popups, adverts and those annoying "are you sure you want to leave" messages.


    The issue can be reproduced by clearing all browser data (cookies, cache etc...) and then going to gamesforum by clicking a link to gamesforum from a search engine such as google: http://goo.gl/aPxOG


    Once that page has been accessed, I assume it is placing a cookie on my system to allow me access to Gamesforum without any redirections.



    Therefore the algorithm to access gamesforum would be:

    Does user have xxx cookie?
    Yes - access gamesforum
    No - redirect to hxxp://www.url123.info/067271ea and place xxx cookie on system


    Has anyone else experienced this problem before?

    I only experience this issue with Gamesforum and no other website whatsoever.
    I do not have any viruses contributing to this issue as I get it across two different operating systems (Windows 7 and Ubuntu 12.10).
    Therefore leading me to believe that gamesforum may be infected.
    Last edited by kkid; 08-12-2012 at 02:27 PM.


  2. #2
    Fear is the Mind Killer Star Hustler's Avatar
    Join Date
    Jul 2008
    Posts
    6,470
    CW and the rest of us are well aware about this issue. Hopefully Admin can fix it as soon as possible. Don't use Gamesforum through a search engine, come to the actual site itself or just save it in your favorites.
    Last edited by Star Hustler; 08-12-2012 at 02:23 PM.

  3. #3
    Senior Member willo745's Avatar
    Join Date
    Sep 2009
    Location
    Liverpool
    Posts
    9,056
    Been getting this for months and i cleared cache and cookies and it still comes back. Also GF has been loading certain threads real slow and im getting a message error to wait 10 seconds between posts every time i make a post.
    [/QUOTE]

    Thanks to Chronic Spender........

  4. #4
    Bayesian Conspirator Éclair's Avatar
    Join Date
    Jun 2010
    Posts
    3,669
    It happens to me whenever my internet cuts out. If Chrome goes to the "unable to display page" screen and I hit reload, it takes me to that site. I have to close the tab entirely, as navigating back to GF via its own URL continually redirects me.

    General Forum Rules
    Ignorance is not an excuse.

  5. #5
    I must say, I'm surprised. This issue was apparently posted back in August of last year, and here we are in January of 2013 and it still isn't fixed. It pains me to see a site taken advantage like this just because the admins might be too busy, or aren't technical. I also don't like seeing spam site's like these prosper, so I'll try to explain.

    This is a trick used by hackers to steal search engine traffic discretely. If everyone noticed this site was redirected, it will probably be urgently on admin-s to do list. The hackers hope that none of the site's "regulars" notice that anything is wrong, while all the potential new users who are referred in by search engines will be sent over to their site.

    Here's the technical mumbo jumbo which a user on vbulletin.com posted (which the site admin should read and implemented to keep his site secure)

    With the help of the security people at RealWebHost.net, we have now positively identified the method for injecting this exploit as well as specific vulnerabilities that permitted it on a 3.83, since updated to 3.87 PL2: As it turns out, it was a server configuration and security issue combined with some specific attributes of vBulletin installations which gave the intruder direct access to the MySQL database.

    The key is first to check your settings in cPanel for Remote MySQL: Unless you are using a database on a remote server, i.e., NOT on localhost, this setting should say "There are no additional MySQL access hosts configured". If you have a specific database intentionally enabled, that too is okay. What should NEVER be there is the character % - this is a wildcard which allows ALL other servers to connect to the database. If you see the wildcard enabled, DELETE IT.

    Then, make sure you change your passwords to strong passwords for both cPanel and MySQL to ensure that no one can change this setting back without your knowledge.

    Then, pick any add-on, disable it, then re-enable it to clear the datastore.

    Finally, download the file tool_reparse.php from http://www.vbulletin.org/forum/showthread.php?t=220967 and let it find discrepancies in your compiled templates and rebuild them.

    If you want a simple fix, just disable register_globals in php.ini immediately and that should fix it (though you should still do the other stuff). It should be found on the root of your URL before you get into the public_html/home area . Just look for php.ini, open it, do a ctrl+f search for "register_globals" then set it to "Off" (contact your web host to do it for you if you're not sure what I mean). I am not 100% certain this method will be an absolute fix, and admin should do research on this subject on his own.

    Everyday the site admin delays is another day more traffic is being stolen, and it will also probably have a negative impact on your search engine rankings. Not only that, but it is a huge security flaw in the site and leaving it open allows other potential hackers to do even more damaging things.
    Last edited by phsycical; 03-01-2013 at 12:27 PM.

  6. #6
    Senior Member willo745's Avatar
    Join Date
    Sep 2009
    Location
    Liverpool
    Posts
    9,056
    Dont really understand the technical side but hopefully helpful post above, its happening everytime i sign in now on both laptop or ps3. Surely admin could give say CW the authority to look at these things, i understand Admin has other sites and has a life so surely CW is now trusted enough to be able to sort these annoying problems out.
    [/QUOTE]

    Thanks to Chronic Spender........

  7. #7
    Captain Sexual Innuendo Cronus's Avatar
    Join Date
    Feb 2010
    Location
    Bristol
    Posts
    3,744
    Im surprised this issue is still not fixed, we really don't need any more security holes in the forum as much fun as the last hacking might have been!!

    Thanks very much to phsycical for their informative post.
    [CENTER]

  8. #8
    The Gotei 13's Psychopath Hyunshi's Avatar
    Join Date
    Mar 2012
    Location
    United Kingdom
    Posts
    4,276
    Only experienced this like 4 days ago & that was the only time I've experienced it.

  9. #9
    Bayesian Conspirator Éclair's Avatar
    Join Date
    Jun 2010
    Posts
    3,669
    Aye, it still pops up semi-regularly on my end.

    General Forum Rules
    Ignorance is not an excuse.

  10. #10
    WKD4496 Dark Seducer's Avatar
    Join Date
    Dec 2007
    Location
    In the eternal land of seclusion... the void.
    Posts
    5,536
    I get this on my phone if I google this site and click the GF link it takes me to another site.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •