Forum Problems !

[Tony A]

So you joined AFTER he was banned and yet he was one of the reasons why you joined?

Hmmmm.

Oaksoft, maybe Bud Bundy was a regular reader before he joined?

Hmmm...Maybe my statement is too far-fetched.

[davidg]

Anyone else had the odd spam email getting through to their inbox that doesn't normally happen since this? I don't usually get them but had a few the last 24 hours.

[insaintee]

I would love to see Sid back on the forum, very much missed by me and others.

Some of the pish posted by the aye naw mongols is a real grind and they

are being allowed to dominate yet again, sid is outspoken but I enjoy his posts.

Keep looking, I believe he is to be found by those that seek him Edited November 11, 2012 by insaintee

[Tony A]

Anyone else had the odd spam email getting through to their inbox that doesn't normally happen since this? I don't usually get them but had a few the last 24 hours.

No, I've not experienced that so far?

[oaksoft]

There is an advert in the pool about "I earn £500 a day sitting at home in my pants doing nothing" - maybe you clicked on that ?

I can't be certain that I didn't.

Can't believe anyone falls for that shite these days.

For those who are young, broke and tempted let me just explain how these scams work.

The idea is that you pay a fee of some sort to the person who listed the advert.

To get around the law on these things a "product" is then given to you. It's not important what that product is - it just gets around the law. Sometimes it will be a book or pamphlet explaining what I'm describing here.

The way to make money is to relist on as many website forums as you can find advertising through your own link. If anyone clicks your link and gives you money some of that is given to the guy who you originally contacted and paid. In that way a root system is built with money coming in at the bottom and filtering all the way to the top - the guy who thought this scam up in the first place.

It's been variously known as multi-layer marketing (MLM) or network marketing.

Either way it's a scam to make the guys up the top of the root rich as hell with mugs at the bottom playing them. The trick is to get on the root early because there's only so many idiots out there. The last to get on generally lose out.

They are unethical at best because they target those most desperate.

That's why they were outlawed.

Sadly people seem to find ways around it and there are enough chimps out there stupid enough to believe they can earn a billion zillion quid in their underpants by doing nothing.

I remember another classic scam years ago. Someone had an advert claiming to know how to half your petrol bill overnight. All you had to do was send in a fiver for his "book".

The book turned out to be a sheet of paper which had written on it "To halve your fuel bill, simply car share to work woth one other person." That made the news. He was interviewed but it was a legal scam.

Edited November 11, 2012 by oaksoft

[oaksoft]

There is an advert in the pool about "I earn £500 a day sitting at home in my pants doing nothing" - maybe you clicked on that ?

OK just logged in a few minutes ago and was immediately redirected to :-

http://surveyorster.net/d/juicyru.com

WTF??

[dmc]

I would love to see Sid back on the forum, very much missed by me and others.

Some of the pish posted by the aye naw mongols is a real grind and they

are being allowed to dominate yet again, sid is outspoken but I enjoy his posts.

Please tell me you are talking about relatives of Ghenkis Khan, surely not even a slug like you would stoop so low!

[div]

OK just logged in a few minutes ago and was immediately redirected to :-

http://surveyorster.net/d/juicyru.com

WTF??

Can you clear your temporary internet files, sounds like you are caching a bad file somewhere, as there is no infection on the site at all.

No data has been compromised here, so no users email addresses have been taken or any other data.

There was a breach through a hole in the forum software (that has since been patched), the following advisory was issued about it last week but obviously I was too slow in closing the door;

http://community.invisionpower.com/topic/372245-ipboard-33x-32x-and-31x-critical-security-update-6-november-2012/

A user managed to execute a script on the forum that caused malicious code to be added to the forum pages that was attempting to redirect visitors to another (malicious) site. In most modern browsers this redirect failed but it caused our site to not load properly hence why you saw "bits" of the site.

I cleaned the code up a few times only for it to reappear but I have since found, and remove the script that was creating it and applied the security patch to hopefully prevent recurrence.

A full security sweep of the server has taken place and it all now reports as clean.

[saintnextlifetime]

Can you clear your temporary internet files, sounds like you are caching a bad file somewhere, as there is no infection on the site at all.

No data has been compromised here, so no users email addresses have been taken or any other data.

There was a breach through a hole in the forum software (that has since been patched), the following advisory was issued about it last week but obviously I was too slow in closing the door;

http://community.inv...-november-2012/

A user managed to execute a script on the forum that caused malicious code to be added to the forum pages that was attempting to redirect visitors to another (malicious) site. In most modern browsers this redirect failed but it caused our site to not load properly hence why you saw "bits" of the site.

I cleaned the code up a few times only for it to reappear but I have since found, and remove the script that was creating it and applied the security patch to hopefully prevent recurrence.

A full security sweep of the server has taken place and it all now reports as clean.

I have also been redirected , in the same manner on logging in. .

Per the weekends debacle with the malicious redirection , despite not actually be redirected , the Trojan involved , has been able to wipe the c' drive on my lap top . Whether it can be recovered is yet to be seen. .

[div]

I have also been redirected , in the same manner on logging in. .

I am interested in getting to the bottom of this one. Can I ask you to clear your temporary internet files and try logging in again and let me know if the same thing happens ?

Per the weekends debacle with the malicious redirection , despite not actually be redirected , the Trojan involved , has been able to wipe the c' drive on my lap top . Whether it can be recovered is yet to be seen. .

Sorry but if you have had local virus issues they did not come from this website, we had no such infection and nor is it possible for any web side infection to download software capable of doing system drive damage without any user interaction.

[buddiecat]

Anyone else had the odd spam email getting through to their inbox that doesn't normally happen since this? I don't usually get them but had a few the last 24 hours.

13 spam in the last 24hrs usually get that in a week, mostly all payday loan type ads and ppi recliam ads

[oaksoft]

Can you clear your temporary internet files, sounds like you are caching a bad file somewhere, as there is no infection on the site at all.

No data has been compromised here, so no users email addresses have been taken or any other data.

There was a breach through a hole in the forum software (that has since been patched), the following advisory was issued about it last week but obviously I was too slow in closing the door;

http://community.inv...-november-2012/

A user managed to execute a script on the forum that caused malicious code to be added to the forum pages that was attempting to redirect visitors to another (malicious) site. In most modern browsers this redirect failed but it caused our site to not load properly hence why you saw "bits" of the site.

I cleaned the code up a few times only for it to reappear but I have since found, and remove the script that was creating it and applied the security patch to hopefully prevent recurrence.

A full security sweep of the server has taken place and it all now reports as clean.

OK that appears to have worked for now. Thanks.

[div]

13 spam in the last 24hrs usually get that in a week, mostly all payday loan type ads and ppi recliam ads

I will be getting the blame for the poor weather soon as well !

Global spam levels are currently at the highest level they have been all year as you can see from this monthly tracker;

http://www.symanteccloud.com/en/gb/globalthreats/charts/spam_monthly

[saintnextlifetime]

I am interested in getting to the bottom of this one. Can I ask you to clear your temporary internet files and try logging in again and let me know if the same thing happens ?

Sorry but if you have had local virus issues they did not come from this website, we had no such infection and nor is it possible for any web side infection to download software capable of doing system drive damage without any user interaction.

What I can tell you is that , a trojan was able to come in via the website posing as a Java script update . The laptop is with a computer engineer at the moment , he managed to find the malicious programme which had actually hidden my data on the disc rather than a wipe . He said that the programme hadn't worked right for the malicious party because l had been alerted to the fact that it was resident by my antivirus programme . It basically used a Java dialogue box to create a vulnerability . .

[davidg]

What I can tell you is that , a trojan was able to come in via the website posing as a Java script update . The laptop is with a computer engineer at the moment , he managed to find the malicious programme which had actually hidden my data on the disc rather than a wipe . He said that the programme hadn't worked right for the malicious party because l had been alerted to the fact that it was resident by my antivirus programme . It basically used a Java dialogue box to create a vulnerability . .

What does this mean? Not too clued up on computer jargon, it's like the offside rule…

Could spam emails be related to the forum problems?

I started getting them the same day as the problems kicked off. Seems like a bit if a coincidence?

[saintnextlifetime]

What does this mean? Not too clued up on computer jargon, it's like the offside rule…

Could spam emails be related to the forum problems?

I started getting them the same day as the problems kicked off. Seems like a bit if a coincidence?

Yes , yes David , very like the offside rule. .

Okay it basically means that my computer got f**ked by the malicious programme that got through the site via the " hole" that Div mentioned . Most of what I said is directly from the engineer , whom is fixing it for me. A Trojan is the name of a programme that comes on to your computer , hidden or appearing to be something else , in this case a Java Script . .

As for the spam you are getting , fugnose Buddie. .

[buddiecat]

I will be getting the blame for the poor weather soon as well !

Global spam levels are currently at the highest level they have been all year as you can see from this monthly tracker;

http://www.symantecc...ts/spam_monthly

i'm no blaming you, calm down, i'm only answering a question, i'm experiencing a high level of spam and had accidentally clicked on a loan ad on here, i know that can't be your fault,

[Tony A]

What I can tell you is that , a trojan was able to come in via the website posing as a Java script update . The laptop is with a computer engineer at the moment , he managed to find the malicious programme which had actually hidden my data on the disc rather than a wipe . He said that the programme hadn't worked right for the malicious party because l had been alerted to the fact that it was resident by my antivirus programme . It basically used a Java dialogue box to create a vulnerability . .

Yes , yes David , very like the offside rule. .

Okay it basically means that my computer got f**ked by the malicious programme that got through the site via the " hole" that Div mentioned . Most of what I said is directly from the engineer , whom is fixing it for me. A Trojan is the name of a programme that comes on to your computer , hidden or appearing to be something else , in this case a Java Script . .

As for the spam you are getting , fugnose Buddie. .

Does this mean that everyone who's been on here in the timeframe of the problems could potentially have a virus on their PC?

[buddiecat]

Does this mean that everyone who's been on here in the timeframe of the problems could potentially have a virus on their PC?

nope, unless you had problems like your pc shutting down or running real slow then you're ok, any decent security package would not have allowed any problems, and as div said this site is not generating problems, my security just shut down one advert, i had no other issues at all Edited November 13, 2012 by buddiecat

[div]

Does this mean that everyone who's been on here in the timeframe of the problems could potentially have a virus on their PC?

Nope.

The code that was injected into our forum pages was used to redirect users to a third party website. In the vast majority of cases it didn't work as it relied on a particular vulnerability in the browser to work. If you were running old browser software you would potentially have been taken to a third party website which would have, I assume, attempted to download malware to your PC.

If you keep your browser software up to date all you would have seen was a messed up version of B&W Army, no harm was done and the source of the infection and the malicious code have been found and removed on our side.

I host well over 200 websites now across 5 dedicated servers and take server patching and security very seriously as my livelihood depends on it. In this case I was caught out by a vulnerability in the forum software itself that a critical update was released for last week.

Lesson learned is to apply those patches immediately even if it means downtime.

Humble apologies to those affected by the issue at the weekend.

ps; It goes without saying that you should always ensure your browser versions are up to date, that your security software is up to date, that your windows updates are applied religiously and that your important data is backed up to somewhere safe outside of your PC and preferably outside of your house into the cloud using something like Dropbox, Sugarsync, Sky Drive etc...

[saintnextlifetime]

Nope.

The code that was injected into our forum pages was used to redirect users to a third party website. In the vast majority of cases it didn't work as it relied on a particular vulnerability in the browser to work. If you were running old browser software you would potentially have been taken to a third party website which would have, I assume, attempted to download malware to your PC.

If you keep your browser software up to date all you would have seen was a messed up version of B&W Army, no harm was done and the source of the infection and the malicious code have been found and removed on our side.

I host well over 200 websites now across 5 dedicated servers and take server patching and security very seriously as my livelihood depends on it. In this case I was caught out by a vulnerability in the forum software itself that a critical update was released for last week.

Lesson learned is to apply those patches immediately even if it means downtime.

Humble apologies to those affected by the issue at the weekend.

ps; It goes without saying that you should always ensure your browser versions are up to date, that your security software is up to date, that your windows updates are applied religiously and that your important data is backed up to somewhere safe outside of your PC and preferably outside of your house into the cloud using something like Dropbox, Sugarsync, Sky Drive etc...

Yes , vulnerability has to be there as I understand it and it doesn't really matter how good your ant-virus software is . I only fully understand this now , as the Trojan needs to get access via something which appears to be bona -fide . However , in this case , the Trojan was able to exploit the Java vulnerability. To be honest , when I saw the strip down version of the site , followed by a Java Update , it made sense to take the update as that may have been the reason for the effects at the time , as it seemed. .

Apart from all that , I still say their second goal was waaaay offside. .

[Dibbles old paperboy]

Since this started my Google chrome browser is playing up. I am getting an error message when i open the browser: "Your profile could not be opened correctly. Some features may be unavailable. Please check that the profile exists and you have permission to read and write its contents". Bookmarks have disappeared and the web history buffers but doesn't display. Unrelated?

[div]

Since this started my Google chrome browser is playing up. I am getting an error message when i open the browser: "Your profile could not be opened correctly. Some features may be unavailable. Please check that the profile exists and you have permission to read and write its contents". Bookmarks have disappeared and the web history buffers but doesn't display. Unrelated?

Possibly if as Saintinnextlifetime has reported that the malware "hid" certain folders on his machine.

Have you cleared your temp internet files, is your chrome version up to date, do you have any other browsers installed and if so are they displaying any errors, is your security software up to date, have you had any warnings from it etc ?

[saintnextlifetime]

Possibly if as Saintinnextlifetime has reported that the malware "hid" certain folders on his machine.

Have you cleared your temp internet files, is your chrome version up to date, do you have any other browsers installed and if so are they displaying any errors, is your security software up to date, have you had any warnings from it etc ?

When I first clicked on this post a couple of minutes ago , in redirected me through to a wwebsite called Bagram , which appeared to be a gambling site! I had to close the tab and then open another tab to get back on BAWA. .

It would seem that there still might be an issue on the site . Apparently , this is the latest form of malicious software/spyware whereby they try and redirect you to buy something as opposed to the type that hides in your computer and then sends your data to , well , erm , theives. .

[HSS]

I've not had any problems.Should I be worried?