geekhack hacked again!?

User avatar
lorem3k

28 Jun 2012, 08:57

Sifo wrote:Guess I'll chill here. I asked r00tw0rm what they want with GH, didn't get a straight up response.
I'll bet they're after the domain name, it would be quite fitting for a hacking organization after all.

User avatar
TexasFlood

28 Jun 2012, 08:59

Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O
If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.

User avatar
codehead

28 Jun 2012, 09:00

And oh the humanity...These god damn script kiddies who actually post videos on some search'n'replace Perl crap they'd written. Nice traces left by using a localized Linux. http://www.youtube.com/watch?v=xCf54VeHipc

Just like those assholes who fucked up one of my other favorite sites, scenemusic.net. But luckily those guys rewrote the whole thing.

:evil:

User avatar
codehead

28 Jun 2012, 09:01

AND THEN THEY CALL THIS PIECE OF JUNK 'DEFACER'! OH GOD!

Sifo

28 Jun 2012, 09:08

TexasFlood wrote:
Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O
If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.
JS/TrojanDownloader.Psyme.NCW trojan

User avatar
TexasFlood

28 Jun 2012, 09:25

Sifo wrote:
TexasFlood wrote:
Sifo wrote:I'm being sent trojans from index. Even just typing in the URL to my browser O_O
If it's Trojan:JS/Alescurf.C a.k.a. Trojan.JS.WPress.A (BitDefender) a.k.a. Troj/JSRedir-EQ (Sophos) then it's what I described above.
JS/TrojanDownloader.Psyme.NCW trojan
Really? Wow, looked that up, discovered in 2004!

Sifo

28 Jun 2012, 09:34

TexasFlood wrote: Really? Wow, looked that up, discovered in 2004!
Anything important about it? I couldn't find anything.

User avatar
captain

28 Jun 2012, 10:07

rknize wrote:German and Belgium beer yum. If I brew I'll gain 100 lbs, lol.
Haha! Funny you say that, because I have lost 20lbs since restarting the brewery. Must be all that Vitamin B! ;-)

metafour

28 Jun 2012, 11:21

Why is the site even up at this point?

User avatar
The_Ed
Asperger's... SQUIRREL!

28 Jun 2012, 11:25

Image

User avatar
dirge

28 Jun 2012, 11:46

Ouch, that's pretty nasty.

Are our passwords safe on that site?

mintberryminuscrunch

28 Jun 2012, 11:53

dirge wrote:Ouch, that's pretty nasty.

Are our passwords safe on that site?
guess not, better start changing if you use it on other sites

User avatar
Lorem-Ipsum

28 Jun 2012, 12:14

I've had a quick look through the JavaScript and from what I can see it only really tried to do anything on Windows.

Just guessing here but I would have thought that they would run detection scripts against the connecting browser to identify it and the OS, and if they have an exploit for that, match then run it.

If you're a windows user, take Ripster's advice and turn off JavaScript, make sure your browser it up to date (potentially removes exploits they could be using) and make sure you have a good, up-to-date anti-virus.

If you're a Firefox user I recommend using the NoScript add-on, it basically blocks all JavaScript unless you allow it.

User avatar
The_Ed
Asperger's... SQUIRREL!

28 Jun 2012, 12:22

At least they aren't giving me another infraction for saying fuck (yet).

User avatar
codehead

28 Jun 2012, 12:27

I still think it's unacceptable that they'd gotten hacked for how many times and didn't manage to do much about it. "Lost almost all attachments". Umm, where are the filesystem level backups etc. GeekHack is a source of information for many and it's completely irresponsible to NOT have backups for this kind of valuable community generated information!
Last edited by codehead on 28 Jun 2012, 12:28, edited 1 time in total.

User avatar
Icarium

28 Jun 2012, 12:27

Damn. Wanted to look up something about switches earlier...

I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...

User avatar
7bit

28 Jun 2012, 12:33

Icarium wrote:Damn. Wanted to look up something about switches earlier...

I hate to see GH struggle like this there was a TON of GREAT content.
Sure, there was a log of noise to dig it out from but still...
Just look into the wiki!

User avatar
Ekaros

28 Jun 2012, 12:36

Maybe it's time for name change? ;D

How many times it has been down this year?

mintberryminuscrunch

28 Jun 2012, 12:44

Ekaros wrote:Maybe it's time for name change? ;D

How many times it has been down this year?
geekhacked.org ?

metafour

28 Jun 2012, 13:14

It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.

User avatar
7bit

28 Jun 2012, 13:17

metafour wrote:It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.
Can't see it is up anymore:
Attachments
endofgeekhack.png
endofgeekhack.png (92.51 KiB) Viewed 4351 times

metafour

28 Jun 2012, 13:24

What are you trying to say or show? If that's what you get when you visit the site's main page then clearly the site is still up.

You can still get to the geekhack forums if you use URLs that aren't the main site index page.

I.e. http://geekhack.org/showthread.php?3296 ... -Redirects
Last edited by metafour on 28 Jun 2012, 13:28, edited 1 time in total.

User avatar
baldgye

28 Jun 2012, 13:26

Really sad, I don't think that GH should simply give up against these retarded wana be hackers... I mean really, what does a name matter?

Just annoying becuse it can totaly ruin some of the group buys running

User avatar
agor

28 Jun 2012, 13:31

All attachments lost? So there hasn't EVER been a backup?

User avatar
baldgye

28 Jun 2012, 13:35

7bit wrote:
metafour wrote:It's almost a certainty that the database will need to be restored from an earlier backup. Every new post that goes up there right now will eventually get blown away when this happens. Also, if the main page is really attempting to infect visitors computers why is the site being kept up? Take it offline and assess the situation.
Can't see it is up anymore:
everytime I go up AVG goes mad and there is txt scrolling accross the page...

metafour

28 Jun 2012, 13:36

The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.

Seriously though, as soon as the admin of an exploited site is aware of the exploit the server should be taken offline. It's your responsibility as a sys admin to protect other users of the Internet. This also makes forensics and analysis easier.

When you have an infected computer on a private network the first thing you do is remove it from the network. The same principle applies here. The site should not be up and accessible to the public.

User avatar
baldgye

28 Jun 2012, 13:43

yeah especially if its trying to infect people

User avatar
7bit

28 Jun 2012, 13:52

metafour wrote:The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.
...
The domain name will not change much!

Solution for GeekHack:
- moving to a new software
- moving to a new backup system
- moving to deskthority.org

I take the 3rd solution.
:-)

User avatar
baldgye

28 Jun 2012, 13:53

before switching software and backup, they really should work out how they where hacked and what could prevent it...

User avatar
Acanthophis

28 Jun 2012, 13:56

3rd solution would be a disaster...

Post Reply

Return to “Geekhacker refugee camp”