-
metafour
- Posts: 104
- Joined: 12 Feb 2012, 07:20
- Location: US
- Main keyboard: Leopold TKL
- Main mouse: G5
- Favorite switch: Red
- DT Pro Member: -
28 Jun 2012, 14:01
7bit wrote:metafour wrote:The problem is that it has happened a number of times now. If more secure software is not going to be used then I think moving to a different domain needs to be tested to see if the intrusions cease.
...
The domain name will not change much!
Solution for GeekHack:
- moving to a new software
- moving to a new backup system
- moving to deskthority.org
I take the 3rd solution.
According to this thread it appears you have already moved here:
http://geekhack.org/showthread.php?3290 ... no-package
I believe it has been mentioned in the past that the belief is the site's domain name is the largest contributing factor to the intrusion attempts.
-
Acanthophis
- Posts: 1034
- Joined: 15 Apr 2011, 09:38
- Location: Germany
- DT Pro Member: -
28 Jun 2012, 14:12
metafour wrote:I believe it has been mentioned in the past that the belief is the site's domain name is the largest contributing factor to the intrusion attempts.
Well, duh!
-
7bit
- Posts: 11435
- Joined: 01 Feb 2011, 00:37
- Location: Berlin, DE
- Main keyboard: Tipro / IBM 3270 emulator
- Main mouse: Logitech granite for SGI
- Favorite switch: MX Lock
- DT Pro Member: 0001
28 Jun 2012, 14:13
DeathAdder wrote:3rd solution would be a disaster...
Yes.
We need another site (deskhack.net) with an orange/black theme!
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 14:56
This could affect my Wiki page views.
I have 1 million now but was hoping to hit two befoe the site died.
[top]Most Popular Ripster Guides: ONE MILLION VIEWS!
MOST POPULAR - THE TOP 20 RIPSTER GUIDE HITS BY HISTORICAL VIEWS:
>159K The Geekhack Mechanical Keyboard Guide
>110K Ripster And Chloe's Cherry MX Wiki
>83K Geekhack Worldwide Shopping Links
>69K Ripster Review of Das/Filco
>67K Ripster's Model M Comparison - IBM to Lexmark to Unicomp - Did Quality Decline?
>63K Ripster's Nostromo N52 Mod Adding Cherry MX Switches
>60K All About Keys
>47K Ripster's Guide To Doubleshot Key Swaps
>46K Ripster And Chloe All About ALPS Guide
>43K Ripster's NKRO Guide
>32k Ripster's Key Pulling Guide
>33k Ripster Review of Filco Tenkeyless Brown Cherry (Gen1)
>33K Ripster's Model M Rivet Replacement Guide
>30K PBT Versus ABS Keys - Abrasion and Chemical Tests of KBC/Ducky PBT and Filco ABS keys
>30K Ripster's Key Reference
>30K RipOmeter
>30K Ripster's Guide to The Mystery of The Topre Capacitive Switch and Stiffness Mod
>20K Ripster's Retrobrite Guide - Get Rid of That Yellow Piss Color
>20K Ripster's Megasound Roundup
>20k Paul Rand, The Designer of The Model M Logo
>One Million Views!
TWO million eyeballs.
NEXT A BIIILLLLLIIIIOOOONNNN!
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 15:06
Hmmmmmm...
NOW the Geekhack moderators are finally silent at least. Such a chatty bunch.
View Profile
View Forum Posts
Private Message
Junior Member
Join Date
Jan 2012
Posts
18
is there any way to remove that trojan?
i got it because i turned off noscript on this site :/
They never were good at PRACTICAL advice.
-
postlapsaetia
- Posts: 19
- Joined: 19 Mar 2012, 02:01
- Location: NY, USA
- Main keyboard: KBC Poker/IBM SSK
- Main mouse: MX518/EC1eVo
- Favorite switch: Ergoclear/Buckling Spring/Ghetto Greens
- DT Pro Member: -
28 Jun 2012, 15:33
MSE just caught Exploit:JavaCVE-2012-0507.BQ for me. A full Malwarebytes scan turned up with nothing. Now I have NoScript running and I'm staying clear of GH until this problem is resolved.
-
off
- Posts: 1159
- Joined: 02 Mar 2012, 04:32
- Location: the crapper, NL, EU
- DT Pro Member: -
28 Jun 2012, 15:36
@postlapsaetia: Did you get that with noscript running (and geekhack dissallowed), or did you install it afterwards?
-
Acanthophis
- Posts: 1034
- Joined: 15 Apr 2011, 09:38
- Location: Germany
- DT Pro Member: -
28 Jun 2012, 15:36
Great. Now I am with my gf at her home 600km away from my possibly infected PC...
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 15:39
HPV virus shot reminder for everyone!
Infected PCs are annoying.
Infected penises are SERIOUS BUSINESS!
-
Icarium
- Posts: 1400
- Joined: 11 Jan 2012, 17:22
- Location: Germany
- Main keyboard: These fields just
- Main mouse: opened my eyes
- Favorite switch: I need to bring stuff to work
- DT Pro Member: -
28 Jun 2012, 15:50
Until my computer starts to act weird I will just assume that I didn't catch anything.
In this respect I did feel better when I was still using Linux, though.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 15:51
People that worry more about all their Geekhack keyboard pics being lost than their penises being infected have their priorities ALL WRONG!
IPad through a proxy here. Last thing I want to do is give my IP address to some dude named ROOTWORM.
But I'll save you the trouble. Only clueless Asians seem to be posting at Geekhack today.
Last edited by
ripster on 28 Jun 2012, 16:00, edited 5 times in total.
-
webwit
- Wild Duck
- Posts: 9333
- Joined: 28 Jan 2011, 00:27
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
-
Contact:
28 Jun 2012, 15:56
The urban legend persists that it is because of the name. Although all the people who come up with that story don't provide actual evidence. This is because it isn't true. Script kiddies don't scan for web sites with that word in it. They scan all web sites, ip range by ip range. The same vulnerabilities they try on each ip and domain name. So on deskthority too, they check for a wild variety of exploits for software which isn't there, like wordpress and vbb. Then usually the web server just returns that page doesn't exist. The reason geekhack keeps getting hacked is because they use a popular target with lots of holes (vbb) and because, despite all earlier hacks, they fail to update to the latest patches before the exploits are turned into script kiddie tools.
-
off
- Posts: 1159
- Joined: 02 Mar 2012, 04:32
- Location: the crapper, NL, EU
- DT Pro Member: -
28 Jun 2012, 16:05
Quite plausible; but that would indicate iMav and his hosting service really lack common sense, after all this time even.
Still do have the feeling these 'hacks' might actually be targetted, at GeekHack (for instance by Ripster's partner who wants to spend more time together), or perhaps after all because of the name; a site with geek&hack in the name that has seemingly very weak protection is the penultimate target to make a point / score points.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 16:10
Being permabanned for saying having 23 moderators for a small hobby forum was a crazy idea I can confirm iMav has little common sense.
-
itlnstln
- Posts: 692
- Joined: 03 Feb 2011, 19:57
- Location: San Antonio, TX
- Main keyboard: Noppoo Choc Mini
- Favorite switch: Cherry Brown
- DT Pro Member: -
28 Jun 2012, 16:12
ripster wrote:Being permabanned for saying having 23 moderators for a small hobby forum was a crazy idea I can confirm iMav has little common sense.
That, and basically granting moderator privileges to anyone that asked. Not only is that a lack of common sense, but it also showed/shows how seemingly out of touch he is with the forum.
-
webwit
- Wild Duck
- Posts: 9333
- Joined: 28 Jan 2011, 00:27
- Location: The Netherlands
- Main keyboard: Model F62
- Favorite switch: IBM beam spring
- DT Pro Member: 0000
-
Contact:
28 Jun 2012, 16:12
Like I said they try the same exploits at other sites such as deskthority. Vbb, latest version May 22, 2012. Update quicker.
-
TexasFlood
- Posts: 393
- Joined: 29 May 2012, 23:28
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
28 Jun 2012, 16:24
Sifo wrote:TexasFlood wrote:
Really? Wow, looked that up, discovered in 2004!
Anything important about it? I couldn't find anything.
I googled it and found a blurb somewhere which listed this as mapped to what symantec calls
Downloader.Psyme., so unless that mapping is not accurate, check the info at that link.
Quick summary...
Downloader.Psyme is a Trojan horse that downloads and executes a file using a known exploit of ADODB Stream objects in Microsoft Internet Explorer.
Threat Assessment
Threat Containment: Easy
Removal: Easy
Damage Level: Low
-
postlapsaetia
- Posts: 19
- Joined: 19 Mar 2012, 02:01
- Location: NY, USA
- Main keyboard: KBC Poker/IBM SSK
- Main mouse: MX518/EC1eVo
- Favorite switch: Ergoclear/Buckling Spring/Ghetto Greens
- DT Pro Member: -
28 Jun 2012, 16:28
off wrote:@postlapsaetia: Did you get that with noscript running (and geekhack dissallowed), or did you install it afterwards?
I got it with noscript disabled. I had it disabled because it was annoying me a lot, but now I just configured it for the sites I visit most and so that it doesn't notify me of every little thing.
-
Ekaros
- Posts: 423
- Joined: 04 Mar 2011, 14:26
- Location: Finland,
- Main keyboard: FILCO MAJESTOUCH 105 MX Brown SW/FI
- Main mouse: Razer
- Favorite switch: MX Clear
- DT Pro Member: -
28 Jun 2012, 16:38
So crap security on site which name that begs to be hacked? One or other is manageable but both? I think name also does drag some attention, but yeah, security and a few other issues...
-
metafour
- Posts: 104
- Joined: 12 Feb 2012, 07:20
- Location: US
- Main keyboard: Leopold TKL
- Main mouse: G5
- Favorite switch: Red
- DT Pro Member: -
28 Jun 2012, 16:45
The fact that a known exploited site that is reportedly attempting to spread malware is left running and publicly accessible while, and I quote, "iMav is evaluating where to go from here," does not inspire confidence.
I'd like to know what the rationale is for having the site up still.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 16:49
Well, ask the moderators there, not here.
Rknize and Mkawa appear to have scurried off.
-
thegunner100
- Posts: 123
- Joined: 31 Jul 2011, 02:07
- Location: NYC, USA
- Main keyboard: "Sakura" Realforce 87u 55g
- Main mouse: Logitech G5(v2)
- Favorite switch: Topre 45/55g
- DT Pro Member: -
28 Jun 2012, 16:50
ripster wrote:People that worry more about all their Geekhack keyboard pics being lost than their penises being infected have their priorities ALL WRONG!
IPad through a proxy here. Last thing I want to do is give my IP address to some dude named ROOTWORM.
But I'll save you the trouble. Only clueless Asians seem to be posting at Geekhack today.
Hey, I'm not THAT clueless!
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 16:57
Rofl.
This btw means all my Lego and Meme pics are hosed? Oh well, no loss, I have backup copies.
mkawa
MODERATOR TEAM
punch me if you need to
Join Date
Oct 2010
Location
SoCal
Posts
2,331
the forum database is intact modulo whatever they are trying to inject in it right now, but we lost a very very large number of attachments (nearly all of them) in the initial attack yesterday. don't expect for much additional media to come back.
i expect that the way things will stabilize is that a) we will have a lot of new software, but not a lot of a lot of old content b) the same fantastic geekhack community
i believe that with b, we can minimize the downsides of a, so i want to thank everyone for being understanding during this trying period for all of us, and if you think you can help, now might be the time to consider what you can bring to the table.
Oh wait, does he mean iMav is finally putting up Mediawiki and hosing my VbVaultWiki wikis?
ABOUT TIME!
They are getting out of date.
-
longweight
- key-bored
- Posts: 288
- Joined: 12 Jan 2012, 11:22
- Location: London, UK
- DT Pro Member: -
28 Jun 2012, 17:43
Ergh.
I started to be redirected but I don't think that I have an infection, scanned with Kaseya, Malwarebytes and MSE is running a scan at the moment.
They need to change the domain name imo and seriously think about getting more money into the site.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 17:52
GeekWhack.
And the problem always has been that iMav does NOT run it professionally for the money as far as I can tell. Frankly, sometimes I wonder WHAT his goal is. A bit of Vigilink revenues, free bandwidth, frankenstein hardware, and donations doesn't seem to be doing the job.
He SHOULD assign a moderator to do Vbulletin updates.
Duh.
Last edited by
ripster on 28 Jun 2012, 17:54, edited 4 times in total.
-
TexasFlood
- Posts: 393
- Joined: 29 May 2012, 23:28
- Main keyboard: Rosewill RK-9000 original cherry blue
- Main mouse: Microsoft trackball
- Favorite switch: cherry blue
- DT Pro Member: -
28 Jun 2012, 17:52
longweight, the info I looked up so far point to, although this malware is labeled as "trojans", that they are not permanent or doing any real damage to web clients hitting the geekhack index. I see no damage or persistent infections on my PC. Looks like the index has been hot wired in some way to prevent the redirect as of now. Guess that could change as this thing has managed to come back at least a couple of times already, but fixed for NOW.
-
ripster
- Posts: 3809
- Joined: 09 Feb 2011, 07:04
- Location: Ugly American
- Main keyboard: As Long As It is Helvetica
- Main mouse: Mickey
- Favorite switch: Wanna Switch? Well, I Certainly Did!
- DT Pro Member: -
28 Jun 2012, 17:55
TexasFlood, I like your cheery optimism. My computer sure got hosed last time.
-
7bit
- Posts: 11435
- Joined: 01 Feb 2011, 00:37
- Location: Berlin, DE
- Main keyboard: Tipro / IBM 3270 emulator
- Main mouse: Logitech granite for SGI
- Favorite switch: MX Lock
- DT Pro Member: 0001
28 Jun 2012, 18:01
off wrote:Quite plausible; but that would indicate iMav and his hosting service really lack common sense, after all this time even.
...
Even if GeekHack is hacked because of the name and even if iMav is incapable to switch over to something more modern, there still is the question why there are no proper backups, so the loss after a rollback would be minimal.
Also: I'm so lucky I never found out how GeekHack wikis worked.