NEW GAME R/H SIDE - DONT OPEN - Altea Ego
This site appears to be hacked. There is a link on the R/H side for downloading the new need for speed game - Dont go there - it appears to be a keystroke logging program.
------------------------------
TourVanMan TM < Ex RF >
NEW GAME R/H SIDE - DONT OPEN - FotheringtonThomas
I hope you have reported this possible hack!
NEW GAME R/H SIDE - DONT OPEN - Altea Ego
to the mods

------------------------------
TourVanMan TM < Ex RF >
NEW GAME R/H SIDE - DONT OPEN - FotheringtonThomas
Sorry, not trying to have a go - I have however on some forums seen ppl report stuff to the masses and not to someone who can actually *do* something!
NEW GAME R/H SIDE - DONT OPEN - Altea Ego
Actually I suspect that someone who has edit and update rights to the r/h panel has a trojan , as it apears the problem file has been emailed or FTP'd there. Possibly HJ himself.
------------------------------
TourVanMan TM < Ex RF >
NEW GAME R/H SIDE - DONT OPEN - Baskerville
Actually I suspect that someone who has edit and update rights
to the r/h panel has a trojan , as it apears
the problem file has been emailed or FTP'd there. Possibly
HJ himself.


It seems to me that this site works pretty much the same way (for the end user) as popular blogging software such as Wordpress. The News panel over on the right is essentially reporting the content of a page elsewhere, a bit like an RSS feed. If the hacker had a password/username combination with sufficient privileges it wouldn't even require FTP or email to create the page of links. The offending file of course is hosted elsewhere.
NEW GAME R/H SIDE - DONT OPEN - Baskerville
The News panel over on the right is essentially
reporting the content of a page elsewhere


...on this site. Take a look at "View More News" to see the page itself.
NEW GAME R/H SIDE - DONT OPEN - NARU
Does anyone have any recommendations on a scanner to be sure I haven't picked it up?

I have ZoneAlarm and AVG installed. AVG reckons that shell32.dll, kernel32.dll, user32.dll and ntoskrnl.exe have been updated, but I think (hope) that was just the recent Windows XP update.
NEW GAME R/H SIDE - DONT OPEN - Altea Ego
Its unlikely you have picked it up, its been archived with a .rar file, you have to actually do things manually to get it unpacked .

Note form Mods to say the sys admin (stephen koo) is trying to get rid of the "pesky thing"
------------------------------
TourVanMan TM < Ex RF >
NEW GAME R/H SIDE - DONT OPEN - Pezzer
When I opened up this site a little earlier - it behaved very strangely (as did the BBC Sport page afterwards). It took a long time to open and looked like it was flicking through lots of things before eventually opening. I didnt click on the links to the right . Should i be worried ?

P
NEW GAME R/H SIDE - DONT OPEN - Altea Ego
No the site itslef is clean - just dont go to the link.
------------------------------
TourVanMan TM < Ex RF >
NEW GAME R/H SIDE - DONT OPEN - Pezzer
TVM............. tvm !
NEW GAME R/H SIDE - DONT OPEN - David Horn
I thought that link looked dodgy. ;-)

Mind you, the fact that the web address contains the word "victimes" gives a pretty good idea what's inside.
NEW GAME R/H SIDE - DONT OPEN - Sprice
Noticed this morning that the drop down box top left (the one with discussion, technical, archive options etc) had a games section, but its gone now!
NEW GAME R/H SIDE - DONT OPEN - Dynamic Dave
As per TVM's message

DON'T CLICK ON OR OPEN ANYTHING ON THE RH SIDE OF THE PAGE THAT HAS THE WORDS "GAME" OR "GAMES" IN THE TITLE - OR ANYTHING ELSE THAT LOOKS SUSPICIOUS COME TO THAT

This problem has been reported to HJ and Khoo systems. Unfortunately I only have access to the forum admin side of the site, not the front page admin part, so I am unable to action it directly.

DD.
NEW GAME R/H SIDE - DONT OPEN - Cliff Pope
Noticed this morning that the drop down box top left (the
one with discussion, technical, archive options etc) had a games section,
but its gone now!


I noticed that. I thought it was just a sign of the times, like wall to wall music or ipods.
NEW GAME R/H SIDE - DONT OPEN - jc2
A link someone put in last week had a "spy site" tucked away in it.
NEW GAME R/H SIDE - DONT OPEN - Dynamic Dave
jc2,

Can you remember which thread the link was posted in?

Prob best to email it to me rather than draw further attention to it.

Cheers, DD.
NEW GAME R/H SIDE - DONT OPEN - Armitage Shanks {p}
I am not a 'gamer' but I'd tend to be suspicious of a game dated Fri 16 Nov 2007!
NEW GAME R/H SIDE - DONT OPEN - jc2
I can't remember or find it but it started "tiny.url" but I know that it is not a lot of help but my anti-spy programme threw it up straightaway.
NEW GAME R/H SIDE - DONT OPEN - cheddar
>>Actually I suspect that someone who has edit and update rights to the r/h panel has a trojan , as it apears the problem file has been emailed or FTP'd there. Possibly HJ himself.>>

If so how did the Games link appear in the drop box earlier (since removed)? This would surely have been deliberate as opposed to a rogue news story.

I innocently clicked on the games link in the drop box earlier today and it brought up an unpopulated forum.
NEW GAME R/H SIDE - DONT OPEN - Baskerville
If so how did the Games link appear in the drop
box earlier (since removed)? This would surely have been deliberate as
opposed to a rogue news story.


The HJ site is delivered using a Content Management System (CMS) similar to Joomla (www.joomla.org/), but apparently custom made by Khoosys. Somebody has an admin password which enables them to change menus, add pages etc. Obviously to be convincing the changes need to be minimal so the menu item was pulled, probably when they realised it created a new forum. The added news page showed up automatically in the news feed on the right. CMS web applications are a very easy way of creating a large, complex, very impressive website in a matter of a few clicks (then hours and hours of tweaking...).
NEW GAME R/H SIDE - DONT OPEN - cheddar
>> If so how did the Games link appear in the
drop
>> box earlier (since removed)? This would surely have been deliberate
as
>> opposed to a rogue news story.
The HJ site is delivered using a Content Management System (CMS)
similar to Joomla (www.joomla.org/), but apparently custom made by Khoosys. Somebody
has an admin password which enables them to change menus, add
pages etc. Obviously to be convincing the changes need to be
minimal so the menu item was pulled, probably when they realised
it created a new forum. The added news page showed up
automatically in the news feed on the right. CMS web applications
are a very easy way of creating a large, complex, very
impressive website in a matter of a few clicks (then hours
and hours of tweaking...).


Exactly, so more deliberate than a trojan accidentally uploaded by HJ or one of the mods, unless someone attacked all Khoosys systems (which could explain the generic title) this site must have been manually hacked.
NEW GAME R/H SIDE - DONT OPEN - Baskerville
Exactly, so more deliberate than a trojan accidentally uploaded by HJ
or one of the mods, unless someone attacked all Khoosys systems
(which could explain the generic title) this site must have been
manually hacked.


Indeed, but the passwords/usernames could have been recovered by a trojan installing a keylogger on one of the admin machines. I agree though that someone probably sat down, logged in and did this. At a guess they also created new admin-level accounts. If you didn't care to look the main site the links lead to (not the folder where the keylogger resides) seems to include a whole raft of pre-built malware of all kinds ready for download and deployment.

I hope we find out what happened.