Forum was hacked

[Chris Perkins]

This morning (1 am UK time...I wasn't up!) I had an email from a user telling me that his antivirus software was reporting that the Predecimal.com forum was a malware threat! I checked and to me the forum was entirely text based and looked odd. Upon clicking on the text-topics I also had warnings about malware being detected (but blocked, so posing no risk).

I asked my hosts and they confirmed that it did indeed look odd and that it had most likely been hacked somehow. So, what you're looking at now is a restored version of yesterday morning's forum directory! This means that anything posted in the last 24hrs (roughly) would have been lost, unfortunately.

I have reported it to Invision, the forum software producer, but as it's weekend I'm not really expecting a lightening response. I've kept a copy of the hacked directory, so hopefully they can tell me what went wrong. I was running the newest version of the software. I'll leave it to run for the time being, but if members notice any strange goings-on, please email me and I'll have to take it offline and get the hole plugged up once and for all!

[Chris Perkins]

A wee update:

The forum software people have suggested I change the main admin password and the FTP access password as there are no known vulnerabilities with the version of the software I am using. They also suggested that maybe my host server (in Essex) has vulnerabilities.

Passwords have been/are being changed and everything is being checked....

[RLC35]

Chris,

My security program (McAfee) says the Forum is infected with Malware!

BC

[Geordie582]

Chris,

My security program (McAfee) says the Forum is infected with Malware!

BC

I did notice strange presentation when I opened the site and tried to log on to tell you - but - my user name and password were rejected!! I assumed, as I don't usually log on (being a hammered nut,I only log on when there is something interesting to me),that it was my computer! so spent quite a long time 'troubleshooting'! Luckily I gave up and decided to leave it until tomorrow. Thank goodness. Hadn't seen that "text only" presentation before.

Edited August 21, 2010 by Geordie582

[HistoricCoinage]

Unfortunately, my browser is still reporting malware and advising me to avoid predecimal entirely.

[Chris Perkins]

I believe the incident has caused me (or at least the forum directory) to be blacklisted! There are no threats now but clearly browsers remember it and I expect google is also blacklisting this area. It makes me look bad doesn't it! I hope they realise very quickly that all is well.

[davidrj]

I believe the incident has caused me (or at least the forum directory) to be blacklisted! There are no threats now but clearly browsers remember it and I expect google is also blacklisting this area. It makes me look bad doesn't it! I hope they realise very quickly that all is well.

I've had to remove overwrite the security settings on Firefox to get in tonight, think I may install Google Chrome and see what happens

David

[Peckris]

Everything looks normal, and fine, to me. But then I use a Mac

[davidrj]

I believe the incident has caused me (or at least the forum directory) to be blacklisted! There are no threats now but clearly browsers remember it and I expect google is also blacklisting this area. It makes me look bad doesn't it! I hope they realise very quickly that all is well.

Chris, I think you may need to contact these folk Badware

David

[HistoricCoinage]

...think I may install Google Chrome and see what happens

David

Don't bother, it's the same on Chrome.

Either way, I'm still going to come and visit this forum, so it's not a major hurdle.

Clive.

[scott]

odd, i got on fine read a few threads on chrome and up comes the message... getting annoying

[Chris Perkins]

I re-submitted the site to google today. Hopefully it'll get the all clear.

[RLC35]

Chris, It must be fixed. The red Warning screen doesn't come on any more. BTW...I am on Google Chrome.

[HistoricCoinage]

Chris, It must be fixed. The red Warning screen doesn't come on any more. BTW...I am on Google Chrome.

What Bob said.

[Fubar]

One of the reasons for this hacking may be an email harvesting operation.

Is anyone else suddenly getting more than the usual crop of dubious emails?

Edited August 23, 2010 by Fubar

[Chris Perkins]

Yes, I re-sumbitted the website to google and it now has the all clear and is no longer blacklisted.

I obviously don't know what the purpose of the redirects to malware sites were, but hopefully everyone here has good anti virus/malware protection (essential these days). It may also be a good idea for members to run a full scan on their PCs. I haven't noticed anymore spam than usual, but for extra security it may be an idea if users could ensure that their forum user name and/or email address and password are not the same as used for online banking, ebay, or other more sensitive areas!

I've changed the website FTP password and the forum admin password. And in the next few days, will be updating the forum software to the latest version.

[Bob Tanner]

Chris,

Now you've updated the IPB software to the latest version, you might find MyBB is also worth considering once your head has stopped spinning. MyBB is relatively easy to migrate to from IPB, its popularity is increasing daily and it's free. Just a thought.

And for the benefit of those who didn't see the now-vanished topic that was posted on the afternoon of the 20th, once again here's the winning Euromillions numbers which will be drawn on Friday evening: 5; 27; 31; 40; 42; *1; *6

Hope this helps.

[Peckris]

Chris, It must be fixed. The red Warning screen doesn't come on any more. BTW...I am on Google Chrome.

What red warning screen???

[RLC35]

The all red warning screen is an alert from the McAfee security system in my system!

[Peckris]

The all red warning screen is an alert from the McAfee security system in my system!

Extraordinary lengths you people go to! I simply click the thumbnail for this forum in my Speed Dial, and I'm there. No warning screens, no login, just the good old familiar forum in all its glory.

The only time it failed was on the anniversary of my joining when it suddenly demanded a login. (Perhaps after one year that's what it does?) Of course, by then I'd forgotten all my login details, it wouldn't accept 'Peckris' as my username (apparently our username and display names are different, just to be awkward). So I had - just that once - to jump through a few hoops to get back in.