Results 1 to 6 of 6

Thread: Possible redirect exploit. Please keep an eye out in case I didn't manage to fix it.

  1. 12-01-2016, 03:00 PM #1
    Cpt. Lundgren
    Cpt. Lundgren is offline Administrator
    Join Date
    Dec 2000
    Location
    Stockholm, Sweden
    Posts
    1,134

    Exclamation Possible redirect exploit. Please keep an eye out in case I didn't manage to fix it.

    We had some problems where the visitor got redirected to another site. I have replaced all of the php-files for the forums, checked the templates for anything suspicious, and some other controls to get rid of it. Before that, I managed to get my anti-virus to warn for a redirect malware twice, and none after even after several tries from two different computers. Still, as the redirect wasn't triggered each time, it can mean I was just lucky/unlucky and it is still there.

    While I will keep hammering some tests to improve the odds to detect it if is still there, please send me a PM or post in this thread if anyone of you finds it or hear about it from someone else. So far, it has been triggered by following a normal link here. While my anti-virus didn't tell me where it was attempting to redirect, the redirection reported to me was to a download at myfilestore.com.

    Thank you The Tatterdemalion King for pointing the malware attack out.
    Reply With Quote Reply With Quote
  2. 12-01-2016, 04:45 PM #2
    Owen E Oulton
    Owen E Oulton is offline Moderator
    Join Date
    Aug 1999
    Location
    Ottawa, Ontario, Canada
    Posts
    3,490
    Bastards need to be crucified by their testicles...
    Reply With Quote Reply With Quote
  3. 12-01-2016, 08:38 PM #3
    Chris Donovan
    Chris Donovan is offline Registered User
    Join Date
    Aug 2016
    Posts
    106
    For whatever it's worth, it's not just you. I've had this happen 3-4 times in the last 10 days or so. Where are you being redirected to?

    I'm being sent to a "your computer is infected" type site.
    Reply With Quote Reply With Quote
  4. 12-02-2016, 03:13 AM #4
    Cpt. Lundgren
    Cpt. Lundgren is offline Administrator
    Join Date
    Dec 2000
    Location
    Stockholm, Sweden
    Posts
    1,134
    Quote Originally Posted by Owen E Oulton View Post
    Bastards need to be crucified by their testicles...
    Can't argue with that.

    Quote Originally Posted by Chris Donovan View Post
    For whatever it's worth, it's not just you. I've had this happen 3-4 times in the last 10 days or so. Where are you being redirected to?

    I'm being sent to a "your computer is infected" type site.
    I didn't knew about it until TTK pointed it out to me, but I managed to trigger it twice before I got home and could take down the site for a while.

    I don't know where it tried to send me, as my anti-virus/anti-malware caught it. Not sure how filestore.com link presented itself, but it sound as if it has been directing to different locations.

    Main question is, did I manage to get rid of it or is the problem still around? So far, I haven't managed to trigger it again myself.
    Reply With Quote Reply With Quote
  5. 12-02-2016, 12:23 PM #5
    Chris Donovan
    Chris Donovan is offline Registered User
    Join Date
    Aug 2016
    Posts
    106
    I couldn't say. I never triggered it here at all, but then again I'm not a regular "dweller" here.
    Reply With Quote Reply With Quote
  6. 12-02-2016, 06:33 PM #6
    The Tatterdemalion King
    The Tatterdemalion King is offline Registered User
    Send a message via ICQ to The Tatterdemalion King
    Join Date
    Sep 1999
    Location
    T.O.
    Posts
    3,445
    I haven't been able to replicate it.
    Portfolio | Blog Currently Running: Call of Cthulhu, Star Trek GUMSHOE Currently Playing: DramaSystem, Swords & Wizardry
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules