I'll bet they're after the domain name, it would be quite fitting for a hacking organization after all.Sifo wrote:Guess I'll chill here. I asked r00tw0rm what they want with GH, didn't get a straight up response.
geekhack hacked again!?
- lorem3k
- Location: Where haven't we been? (Calgary, AB)
- Main keyboard: Leopold FC200RT/AWN
- Main mouse: Logitech G400
- DT Pro Member: -
- TexasFlood
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O
- codehead
- Location: Finland
- Main keyboard: Monterey K108,Matias Tactile Pro 4.0,IBM Model M
- Main mouse: Any mouse will do
- Favorite switch: Blue SMK Alps, Matias Clicky,Buckling Spring
- DT Pro Member: -
And oh the humanity...These god damn script kiddies who actually post videos on some search'n'replace Perl crap they'd written. Nice traces left by using a localized Linux. http://www.youtube.com/watch?v=xCf54VeHipc
Just like those assholes who fucked up one of my other favorite sites, scenemusic.net. But luckily those guys rewrote the whole thing.
Just like those assholes who fucked up one of my other favorite sites, scenemusic.net. But luckily those guys rewrote the whole thing.
-
- DT Pro Member: -
JS/TrojanDownloader.Psyme.NCW trojanTexasFlood wrote:If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O
- TexasFlood
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
Really? Wow, looked that up, discovered in 2004!Sifo wrote:JS/TrojanDownloader.Psyme.NCW trojanTexasFlood wrote:If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O
- captain
- Main keyboard: main? main? what is main?
- Main mouse: Mickey
- Favorite switch: it's complicated
- DT Pro Member: -
Haha! Funny you say that, because I have lost 20lbs since restarting the brewery. Must be all that Vitamin B! ;-)rknize wrote:German and Belgium beer yum. If I brew I'll gain 100 lbs, lol.
-
- Location: Germany
- DT Pro Member: -
guess not, better start changing if you use it on other sitesdirge wrote:Ouch, that's pretty nasty.
Are our passwords safe on that site?
- Lorem-Ipsum
- Location: United Kingdom
- Main keyboard: IBM Model M
- Main mouse: Razer Deathadder
- Favorite switch: Buckling Spring
- DT Pro Member: -
I've had a quick look through the JavaScript and from what I can see it only really tried to do anything on Windows.
Just guessing here but I would have thought that they would run detection scripts against the connecting browser to identify it and the OS, and if they have an exploit for that, match then run it.
If you're a windows user, take Ripster's advice and turn off JavaScript, make sure your browser it up to date (potentially removes exploits they could be using) and make sure you have a good, up-to-date anti-virus.
If you're a Firefox user I recommend using the NoScript add-on, it basically blocks all JavaScript unless you allow it.
Just guessing here but I would have thought that they would run detection scripts against the connecting browser to identify it and the OS, and if they have an exploit for that, match then run it.
If you're a windows user, take Ripster's advice and turn off JavaScript, make sure your browser it up to date (potentially removes exploits they could be using) and make sure you have a good, up-to-date anti-virus.
If you're a Firefox user I recommend using the NoScript add-on, it basically blocks all JavaScript unless you allow it.
- codehead
- Location: Finland
- Main keyboard: Monterey K108,Matias Tactile Pro 4.0,IBM Model M
- Main mouse: Any mouse will do
- Favorite switch: Blue SMK Alps, Matias Clicky,Buckling Spring
- DT Pro Member: -
I still think it's unacceptable that they'd gotten hacked for how many times and didn't manage to do much about it. "Lost almost all attachments". Umm, where are the filesystem level backups etc. GeekHack is a source of information for many and it's completely irresponsible to NOT have backups for this kind of valuable community generated information!
Last edited by codehead on 28 Jun 2012, 12:28, edited 1 time in total.
- Icarium
- Location: Germany
- Main keyboard: These fields just
- Main mouse: opened my eyes
- Favorite switch: I need to bring stuff to work
- DT Pro Member: -
Damn. Wanted to look up something about switches earlier...
I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...
I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...
- 7bit
- Location: Berlin, DE
- Main keyboard: Tipro / IBM 3270 emulator
- Main mouse: Logitech granite for SGI
- Favorite switch: MX Lock
- DT Pro Member: 0001
Just look into the wiki!Icarium wrote:Damn. Wanted to look up something about switches earlier...
I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...
-
- Location: Germany
- DT Pro Member: -
geekhacked.org ?Ekaros wrote:Maybe it's time for name change? ;D
How many times it has been down this year?
-
- Location: US
- Main keyboard: Leopold TKL
- Main mouse: G5
- Favorite switch: Red
- DT Pro Member: -
It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.
- 7bit
- Location: Berlin, DE
- Main keyboard: Tipro / IBM 3270 emulator
- Main mouse: Logitech granite for SGI
- Favorite switch: MX Lock
- DT Pro Member: 0001
Can't see it is up anymore:metafour wrote:It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.
- Attachments
-
- endofgeekhack.png (92.51 KiB) Viewed 4353 times
-
- Location: US
- Main keyboard: Leopold TKL
- Main mouse: G5
- Favorite switch: Red
- DT Pro Member: -
What are you trying to say or show? If that's what you get when you visit the site's main page then clearly the site is still up.
You can still get to the geekhack forums if you use URLs that aren't the main site index page.
I.e. http://geekhack.org/showthread.php?3296 ... -Redirects
You can still get to the geekhack forums if you use URLs that aren't the main site index page.
I.e. http://geekhack.org/showthread.php?3296 ... -Redirects
Last edited by metafour on 28 Jun 2012, 13:28, edited 1 time in total.
- baldgye
- Location: UK
- Main keyboard: Filco Miami TLK
- Main mouse: SteelSeries Sensei RAW
- Favorite switch: Brown
- DT Pro Member: -
Really sad, I don't think that GH should simply give up against these retarded wana be hackers... I mean really, what does a name matter?
Just annoying becuse it can totaly ruin some of the group buys running
Just annoying becuse it can totaly ruin some of the group buys running
- baldgye
- Location: UK
- Main keyboard: Filco Miami TLK
- Main mouse: SteelSeries Sensei RAW
- Favorite switch: Brown
- DT Pro Member: -
everytime I go up AVG goes mad and there is txt scrolling accross the page...7bit wrote:Can't see it is up anymore:metafour wrote:It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.
-
- Location: US
- Main keyboard: Leopold TKL
- Main mouse: G5
- Favorite switch: Red
- DT Pro Member: -
The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.
Seriously though, as soon as the admin of an exploited site is aware of the exploit the server should be taken offline. It's your responsibility as a sys admin to protect other users of the Internet. This also makes forensics and analysis easier.
When you have an infected computer on a private network the first thing you do is remove it from the network. The same principle applies here. The site should not be up and accessible to the public.
Seriously though, as soon as the admin of an exploited site is aware of the exploit the server should be taken offline. It's your responsibility as a sys admin to protect other users of the Internet. This also makes forensics and analysis easier.
When you have an infected computer on a private network the first thing you do is remove it from the network. The same principle applies here. The site should not be up and accessible to the public.
- 7bit
- Location: Berlin, DE
- Main keyboard: Tipro / IBM 3270 emulator
- Main mouse: Logitech granite for SGI
- Favorite switch: MX Lock
- DT Pro Member: 0001
The domain name will not change much!metafour wrote:The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.
...
Solution for GeekHack:
- moving to a new software
- moving to a new backup system
- moving to deskthority.org
I take the 3rd solution.