next »

[arynearson]

Here's what I see when I try to get to the classifieds.

(Would have done a PM, but not sure who would handle something like this...)

[Graham Martin]

Maybe some of the "Possible sporadic oddness through the end of August" as shown at the top of the forum, whilst Richard fixes it up a bit?

[tbone62]

Thanks for the alert!  I check the Classifieds daily, but likely would not have noticed this until much later today.  Another member also sent a PM, which is what initially alerted me.

Unfortunately, there's not much Brian or I can do about this.  RLB will need to fix it since he manages the website as a whole, including things like antivirus protection.  We'll try to contact him as soon as possible.  Hopefully it will be fixed as part of his upgrades he announced earlier.

Alea

[Euphanasia]

I don't get hackers.

"Hey, what did you do today?"
"Dude, I spent all day looking for pages without adequate security, and I found one!"
"Cool. Was it a major retailer?"
"No, it was a classified ads page for trombones."
"So you now OWN a classified ads page for trombone."
"Uh. . .yeah. . ."

 

[BGuttman]

Actually, it's more like:

"Dude, what did you do today?"
"I wrote a 'bot that searches for unguarded Web sites and trashes them."
"Cool.  How did it go?"
"I managed to pwn 23,000 of them"
"Awesome!"

[bbocaner]

It's "fixed" now, but it looks like one of the PHP libraries was comprimised and the site tried to infect my computer when I visited it. PLEASE take it down until this is fixed, otherwise you are subjecting all the users to possible infection.

[blast]

Richard has been contacted.

Chris Stearn

[Euphanasia]

I tried to post an ad, and the same thing happened. My firewall caught a virus being installed. Is Richard the only one who can disable the classifieds?

[BGuttman]

I tried to post an ad, and the same thing happened. My firewall caught a virus being installed. Is Richard the only one who can disable the classifieds?

I'm afraid so.  Brian has been searching around to see what he can do and it's not much.

[trombone addict]

Yea, my anti virus software has been notifing me that whenever I go to the classifieds section, it blocks a back door trojan.

Dang trumpet players and their abundance of free time. 

Kidding kidding.....

[datguy]

I see that posts have been made by sellers today. I assumed (wrongly) that this meant the threat was gone. The threat is real and there presently as of this posting.

I use Security Essentials and it identifies the threat as:   
Backdoor:PHP/C99shell.U

This is a nasty bugger.

If anybody has viewed a classified listing and has not received an alert...
Scrub your system immediately. You should consider your system infected and you are compromised.

[ParLawGod]

My AVG has gone off twice (yesterday and today) about a thread when I visit TTF Classifieds...definitely staying clear of that area for the next few days.

[trombaribone]

While we're on the topic of intruders, did anyone happen to catch the ads that were posted for certain things of a sexual nature on the classifieds? I couldn't believe my eyeballs . Not on this forum. No!

[trombone addict]

While we're on the topic of intruders, did anyone happen to catch the ads that were posted for certain things of a sexual nature on the classifieds? I couldn't believe my eyeballs . Not on this forum. No!

Yea, the ones a few weeks back? I laughed for like two seconds because it was the only non trombone related items on that list. Then I got annoyed by it and was posting on a thread relating to the removal of these vulgar ads. Luckily, problem has been solved. Now, we need to get that virus off the dang classifieds. I miss being able to drool at my computer over nice horns

[actikid]

it looks like one of the PHP libraries was compromised and the site tried to infect my computer

Which was the point of the attack.  The point was not to pwn a trombone site.

Today's hackers are rather purposeful, for the most part.

But it wasn't the most clever thing to announce himself.  He would have better odds of catching zombies if he had not altered the visible HTML.

[Tobbe]

My Avast alerts as it's in the banners...

Why not "just" block the code that palce the banners on the page?
I should be easy!


Hopefully no one will get infected...

[Matt K]

My Avast alerts as it's in the banners...

Why not "just" block the code that palce the banners on the page?
I should be easy!


Hopefully no one will get infected...

https://addons.mozilla.org/en-US/firefox/addon/noscript/
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
https://addons.mozilla.org/en-US/firefox/addon/flashblock/

[ParLawGod]

TTF Staff: Would you be able to close the classifieds until this gets fixed (temporarily redirect classifieds.tromboneforum.org to this thread perhaps)? That is literally a one-minute job for whoever has the username/password. Most of the membership is probably not informed that the classifieds have been hacked, and they risk getting their computer infected. If not, what is TTF doing to protect the members?

[BGuttman]

Jeremiah:

Brian Wibecan is the only one of us with any access to the Classifieds.  He has been trying to disconnect the Classified link, but has not reported any success.

Richard Byrd is the Site Owner and is the only person with full access.  He has been hovering in the background, probably due to other constraints.  We have made him aware of the problem (as best we can) but we can do no more.

You might want to send him an e-mail (address is in his profile) and express your concerns.

Believe me, if we could have fixed this it would be done by now.