Server Downtime... Hacked?

[smerc]

Hey there. Was curious where the site went for the last couple days or day.

Was there a server problem, switch, or was the site hacked to some extent?


Reason I ask. Is you now have an iframe that has a hidden link to damnxd dot org and jobless-jack dot com .

There is also another request going to c3tag dot com .


Seems like it was hacked. I also didn't check for other http requests, so there could be more than those 2+1.



EDIT: Found a few more.
mannulinux dot org
A few requests from blogger blogs/facebook that redirects to some of the sites.
and

p4r46hcyb3rn3t dot tk

Which contains a few redirects.

 

[smerc]

If anyone uses facebook and is logged in. I would log out before you enter [words=http://www.mattersofsize.com/join-now.html]MOS[/words]. Not sure if there is any likejacking going on (since you can't view .php through .html), but it's just a precaution.

Check facebook to see if there are any shady shares/likes/requests that occurred without your knowledge.

 

[Zambrodom3]

I got the same shit when I tried to log in the last 2 days. Maybe DLD should work on it- the site is becoming too big I guess and all the small mouses try to sabotage it or something... .

 

[LoveHerDeeply]

Yep, big giant target on a site With 129000 members... everyone wants traffic.

 

[smerc]

Nothing has changed, it's still there.


DLD do you have a firewall of some sort?
They have scripts that make alerts when code has been changed.

 

[DLD]

Nothing has changed, it's still there.


DLD do you have a firewall of some sort?
They have scripts that make alerts when code has been changed.

I let LIGHTNING know

 

[Super]

Mike sight is very unresponsive and slow right now, computer is working overtime to load pages...something is not right.

 

[Threak-X]

Wow !!!
Someone had the lifeline severed... a day without "Mattersofsize/forum" is like living a day without a penis.

 

[Super]

Site is running very slow/ horrible on Chrome Browser

 

[DLD]

We are working on it now my Brothers

 

[smerc]

Any updates on this? The requests(from those sites) are still being made as clear as day.


I have the ability to block them on my own computer, but I left them up just to know when they were actually taken down.
Now I'm debating on if I should block them or not, because it's been a week in they're still on the website.

I know it's labor day week and all, but this shouldn't be a difficult fix if it's just basic link insertion.

 

[xelabou]

escape key is a alternate user workaround...
for every query...

 

[redpubes]

When it rains it pours with issues on this site.

 

[Lightning]

We are trying to do what we can without going back to an earlier version of the database backup and losing some threads. It should be resolved by this weekend.

 

[MAXAMEYES]

I use google chrome and I can finally get on without being crushed by bogus crap.
Thanks to everybody who worked on fixing this.
Killing SPAM was just about impossible!

'Specially for a neanderthal like me.

 

[LoveHerDeeply]

I'm sure its not the recommended method, but I spent Hours over the last 2 days hard deleting the ad spam. Hope it helped. I'm still finding some buried within the sub forums.

I Keeelll Them!
II KEEL THEM AAAALLLLL!!!

 

[Lightning]

Hello Brothers,

The [words=http://www.mattersofsize.com/join-now.html]MoS[/words] forum will be down for about 20-30 minutes today for server updates. Please check back.

 

[Lightning]

Everything should be fixed now, if you see any issues please report in here.

 

[BornInFigi]

Thanks for the hard work lighting!

 

[Zambrodom3]

thanks for the hard work lighting!

x2!!!

 

[MAXAMEYES]

Do you use the "SPAM-O-MATIC"?
It really simplifies the process.

I'm sure its not the recommended method, but I spent Hours over the last 2 days hard deleting the ad spam. Hope it helped. I'm still finding some buried within the sub forums.

I Keeelll Them!
II KEEL THEM AAAALLLLL!!!

 

[LoveHerDeeply]

Well I was concerned about the live links lagging the site like some of our techy guts were posting in other threads... so I was clicking the boxes on the right, mod box, delete... password etc. But I can understand keeping the posts for Google ranking purposes... so ill try that button you're on about, NP.

 

[Big Al]

Penis EnlargementGym has also been getting hit with DDOS attacks and script hijacking. It was really bad a few weeks ago, and it got hit again just yesterday

 

[Big Al]

???

The bottom of my post under the sig is showing the following (replace { & } with < & >):

{a href="http://www.nkll.com/hpot.php?name=51099" style="display: none;"}fey{/a}

I'm seeing links to that site on some other member's sigs. It's also coming up on google: see https://www.google.com/#q=http://www.nkll.com/hpot.php?name=51099

 

[LoveHerDeeply]

???

The bottom of my post under the sig is showing the following (replace { & } with < & >):

{a href="http://www.nkll.com/hpot.php?name=51099" style="display: none;"}fey{/a}

I'm seeing links to that site on some other member's sigs. It's also coming up on google: see https://www.google.com/#q=http://www.nkll.com/hpot.php?name=51099

Is that now embedded in your sig? Goto your profile and check, delete it and report back... maybe another creative spam-hack?

 

[Big Al]

Is that now embedded in your sig? Goto your profile and check, delete it and report back... maybe another creative spam-hack?

Thanks!

It was embedded in my sig- now removed. I had to go into the [words=http://www.mattersofsize.com/join-now.html]MOS[/words] moderator site to do it, though.

Some other members are showing that URL in their sigs. The links were like mine or read "jail-brick". The text is telling, and it definitely appears malicious.

 

[smerc]

Found this in "MAXAMEYES" signature.
View attachment 27743


Seems you and Big are not the only incident. Look here: https://www.google.com/search?clien...m+nkll.com&oq=site:mattersofsize.com+nkll.com

 

[LoveHerDeeply]

About half the mods have a code string hacked into their sig. I noticed it while reading a thread in mod forum. Uht. Ohh.

 

[Dangler]

At the pegym:
Today I discovered "new applicants" who had adjusted their IP address to be that of our mail server.
Hoping to avoid being caught.
In about 2 hours, there were ~ 600 new applicants, most were stopped by a plug in used by the site.

 

[smerc]

I have signatures disabled, so not sure how long it's been like that.

Damn dangler. I haven't been in pegyms since early august.
Do you have a captcha in the signup system? Recaptcha is the better one, but I think the main forum bot(xrumer) might solve this already.

 

[Lightning]

We removed all the hacks in the mod signatures

 

[Big Al]

We removed all the hacks in the mod signatures

Some are still there in other member's sigs- see https://www.google.com/#q=mattersofsize.com+nkll

 

[LoveHerDeeply]

We removed all the hacks in the mod signatures

Thanks Lightning. Been frustrating times with all the spammers alone. Now we figure out we got hacks into our sigs that's just scary bro. Thanks for housecleaning g for us.

 

[MAXAMEYES]

Thanks for pointing that out!
I didn't even know shit like that was possible...
I HATE hackers!!

I've been offsite for awhile, now I'll keep a much closer watch on my own stuff to keep it clean too.
Looks like Lightning removed it...but if you hadn't pointed it out to me (and others, of course) I'd never think of looking at my own sig.

Damn...I feel kinda raped.
And it sucks.

Found this in "MAXAMEYES" signature.
View attachment 27743


Seems you and Big are not the only incident. Look here: https://www.google.com/search?clien...m+nkll.com&oq=site:mattersofsize.com+nkll.com

 

[MAXAMEYES]

Thanks again brother.
Cavemen like me rely on tech wizards like you to keep our heads from disappearing up our own asses.

We removed all the hacks in the mod signatures

 

[Zambrodom3]

Damn...I feel kinda raped.

That was funny to read! rofl

 

[Big Al]

Thanks for pointing that out!
I didn't even know shit like that was possible...
I HATE hackers!!

I've been offsite for awhile, now I'll keep a much closer watch on my own stuff to keep it clean too.
Looks like Lightning removed it...but if you hadn't pointed it out to me (and others, of course) I'd never think of looking at my own sig.

Damn...I feel kinda raped.
And it sucks.

What's interesting is how user-targeted this attack was.

 

[smerc]

Nobody really questions mod/admin links, so it may have went untalked about.


Here is a good talk if anyone is interested in this stuff in regards to malware/adware/trojans: http://www.youtube.com/watch?v=fSErHToV8IU (unrelated to server hacking/injections unless someone gets a backdoor to an admins pc)

 

[MAXAMEYES]

Hmmmm...time to change s'more stuff, like password.

What's interesting is how user-targeted this attack was.

 

[Big Al]

Hmmmm...time to change s'more stuff, like password.

Increasing php file security may help too.