This site appears to be hacked. There is a link on the R/H side for downloading the new need for speed game - Dont go there - it appears to be a keystroke logging program.
------------------------------
TourVanMan TM < Ex RF >
|
I hope you have reported this possible hack!
|
to the mods
------------------------------
TourVanMan TM < Ex RF >
|
Sorry, not trying to have a go - I have however on some forums seen ppl report stuff to the masses and not to someone who can actually *do* something!
|
Actually I suspect that someone who has edit and update rights to the r/h panel has a trojan , as it apears the problem file has been emailed or FTP'd there. Possibly HJ himself.
------------------------------
TourVanMan TM < Ex RF >
|
Actually I suspect that someone who has edit and update rights to the r/h panel has a trojan , as it apears the problem file has been emailed or FTP'd there. Possibly HJ himself.
It seems to me that this site works pretty much the same way (for the end user) as popular blogging software such as Wordpress. The News panel over on the right is essentially reporting the content of a page elsewhere, a bit like an RSS feed. If the hacker had a password/username combination with sufficient privileges it wouldn't even require FTP or email to create the page of links. The offending file of course is hosted elsewhere.
|
The News panel over on the right is essentially reporting the content of a page elsewhere
...on this site. Take a look at "View More News" to see the page itself.
|
|
|
Does anyone have any recommendations on a scanner to be sure I haven't picked it up?
I have ZoneAlarm and AVG installed. AVG reckons that shell32.dll, kernel32.dll, user32.dll and ntoskrnl.exe have been updated, but I think (hope) that was just the recent Windows XP update.
|
Its unlikely you have picked it up, its been archived with a .rar file, you have to actually do things manually to get it unpacked .
Note form Mods to say the sys admin (stephen koo) is trying to get rid of the "pesky thing"
------------------------------
TourVanMan TM < Ex RF >
|
|
|
|
|
When I opened up this site a little earlier - it behaved very strangely (as did the BBC Sport page afterwards). It took a long time to open and looked like it was flicking through lots of things before eventually opening. I didnt click on the links to the right . Should i be worried ?
P
|
No the site itslef is clean - just dont go to the link.
------------------------------
TourVanMan TM < Ex RF >
|
|
I thought that link looked dodgy. ;-)
Mind you, the fact that the web address contains the word "victimes" gives a pretty good idea what's inside.
|
Noticed this morning that the drop down box top left (the one with discussion, technical, archive options etc) had a games section, but its gone now!
|
As per TVM's message
DON'T CLICK ON OR OPEN ANYTHING ON THE RH SIDE OF THE PAGE THAT HAS THE WORDS "GAME" OR "GAMES" IN THE TITLE - OR ANYTHING ELSE THAT LOOKS SUSPICIOUS COME TO THAT
This problem has been reported to HJ and Khoo systems. Unfortunately I only have access to the forum admin side of the site, not the front page admin part, so I am unable to action it directly.
DD.
|
|
Noticed this morning that the drop down box top left (the one with discussion, technical, archive options etc) had a games section, but its gone now!
I noticed that. I thought it was just a sign of the times, like wall to wall music or ipods.
|
A link someone put in last week had a "spy site" tucked away in it.
|
jc2,
Can you remember which thread the link was posted in?
Prob best to email it to me rather than draw further attention to it.
Cheers, DD.
|
I am not a 'gamer' but I'd tend to be suspicious of a game dated Fri 16 Nov 2007!
|
|
I can't remember or find it but it started "tiny.url" but I know that it is not a lot of help but my anti-spy programme threw it up straightaway.
|
>>Actually I suspect that someone who has edit and update rights to the r/h panel has a trojan , as it apears the problem file has been emailed or FTP'd there. Possibly HJ himself.>>
If so how did the Games link appear in the drop box earlier (since removed)? This would surely have been deliberate as opposed to a rogue news story.
I innocently clicked on the games link in the drop box earlier today and it brought up an unpopulated forum.
|
If so how did the Games link appear in the drop box earlier (since removed)? This would surely have been deliberate as opposed to a rogue news story.
The HJ site is delivered using a Content Management System (CMS) similar to Joomla (www.joomla.org/), but apparently custom made by Khoosys. Somebody has an admin password which enables them to change menus, add pages etc. Obviously to be convincing the changes need to be minimal so the menu item was pulled, probably when they realised it created a new forum. The added news page showed up automatically in the news feed on the right. CMS web applications are a very easy way of creating a large, complex, very impressive website in a matter of a few clicks (then hours and hours of tweaking...).
|
>> If so how did the Games link appear in the drop >> box earlier (since removed)? This would surely have been deliberate as >> opposed to a rogue news story. The HJ site is delivered using a Content Management System (CMS) similar to Joomla (www.joomla.org/), but apparently custom made by Khoosys. Somebody has an admin password which enables them to change menus, add pages etc. Obviously to be convincing the changes need to be minimal so the menu item was pulled, probably when they realised it created a new forum. The added news page showed up automatically in the news feed on the right. CMS web applications are a very easy way of creating a large, complex, very impressive website in a matter of a few clicks (then hours and hours of tweaking...).
Exactly, so more deliberate than a trojan accidentally uploaded by HJ or one of the mods, unless someone attacked all Khoosys systems (which could explain the generic title) this site must have been manually hacked.
|
Exactly, so more deliberate than a trojan accidentally uploaded by HJ or one of the mods, unless someone attacked all Khoosys systems (which could explain the generic title) this site must have been manually hacked.
Indeed, but the passwords/usernames could have been recovered by a trojan installing a keylogger on one of the admin machines. I agree though that someone probably sat down, logged in and did this. At a guess they also created new admin-level accounts. If you didn't care to look the main site the links lead to (not the folder where the keylogger resides) seems to include a whole raft of pre-built malware of all kinds ready for download and deployment.
I hope we find out what happened.
|
|
|
|
|
|
|