Welcome, Guest. Please login or register.

Login with username, password and session length

 
Advanced search

942228 Posts in 62053 Topics- by 14985 Members - Latest Member: Marshall
Jump to:  
Pages: [1]   Go Down
Print
Author Topic: Classifieds hacked?  (Read 2758 times)
0 Members and 1 Guest are viewing this topic.
arynearson
*
Offline Offline

Location:
Joined: Mar 1, 2011
Posts: 80

View Profile
« on: Sep 04, 2011, 12:06AM »

Here's what I see when I try to get to the classifieds.

(Would have done a PM, but not sure who would handle something like this...)
Logged
Graham Martin
Purveyor of 'HOT' Jazz

*
Offline Offline

Location: Redland Bay, Queensland, AUSTRALIA
Joined: Nov 5, 2000
Posts: 10140
"Dixieland/Mainstream/Big Band"


View Profile
« Reply #1 on: Sep 04, 2011, 01:18AM »

Maybe some of the "Possible sporadic oddness through the end of August" as shown at the top of the forum, whilst Richard fixes it up a bit?

Logged

Grah

"Don't worry baby, they'll swing their arses off."

tbone62
"Chief of Stuff"

*
*
Offline Offline

Location: Alabama
Joined: Jun 28, 2003
Posts: 6215

View Profile
« Reply #2 on: Sep 04, 2011, 04:31AM »

Thanks for the alert!  I check the Classifieds daily, but likely would not have noticed this until much later today.  Another member also sent a PM, which is what initially alerted me.

Unfortunately, there's not much Brian or I can do about this.  RLB will need to fix it since he manages the website as a whole, including things like antivirus protection.  We'll try to contact him as soon as possible.  Hopefully it will be fixed as part of his upgrades he announced earlier.

Alea
Logged

-- Alea

"There are two means of refuge from the miseries of life--music and cats."  -- Albert Schweitzer

Alea iacta est...
Euphanasia

*
Offline Offline

Location: Moses Lake, WA
Joined: Jan 20, 2005
Posts: 5112

View Profile
« Reply #3 on: Sep 04, 2011, 07:29AM »

I don't get hackers.

"Hey, what did you do today?"
"Dude, I spent all day looking for pages without adequate security, and I found one!"
"Cool. Was it a major retailer?"
"No, it was a classified ads page for trombones."
"So you now OWN a classified ads page for trombone."
"Uh. . .yeah. . ."

 Don't know
Logged
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 42101
"Almost Professional"


View Profile
« Reply #4 on: Sep 04, 2011, 07:36AM »

Actually, it's more like:

"Dude, what did you do today?"
"I wrote a 'bot that searches for unguarded Web sites and trashes them."
"Cool.  How did it go?"
"I managed to pwn 23,000 of them"
"Awesome!"
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Section Ldr, Merrimack Valley Philharmonic Orch.
bbocaner
*
Offline Offline

Location: Herndon, VA
Joined: Nov 25, 2004
Posts: 752

View Profile
« Reply #5 on: Sep 04, 2011, 07:46AM »

It's "fixed" now, but it looks like one of the PHP libraries was comprimised and the site tried to infect my computer when I visited it. PLEASE take it down until this is fixed, otherwise you are subjecting all the users to possible infection.
Logged

--
Barry
blast

*
*
Offline Offline

Location: scotland
Joined: Jul 26, 2001
Posts: 5819
"Bass/Contrabass trombone, Scottish Opera."


View Profile
« Reply #6 on: Sep 04, 2011, 07:47AM »

Richard has been contacted.

Chris Stearn
Logged

Still cannot think of anything better to do.LB 116 M,M8
Euphanasia

*
Offline Offline

Location: Moses Lake, WA
Joined: Jan 20, 2005
Posts: 5112

View Profile
« Reply #7 on: Sep 04, 2011, 01:03PM »

I tried to post an ad, and the same thing happened. My firewall caught a virus being installed. Is Richard the only one who can disable the classifieds?
Logged
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 42101
"Almost Professional"


View Profile
« Reply #8 on: Sep 04, 2011, 01:06PM »

I tried to post an ad, and the same thing happened. My firewall caught a virus being installed. Is Richard the only one who can disable the classifieds?

I'm afraid so.  Brian has been searching around to see what he can do and it's not much.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Section Ldr, Merrimack Valley Philharmonic Orch.
trombone addict

*
Offline Offline

Location: Boston, MA
Joined: Nov 20, 2010
Posts: 2727
"Eat, sleep, trombone!"


View Profile
« Reply #9 on: Sep 04, 2011, 01:10PM »

Yea, my anti virus software has been notifing me that whenever I go to the classifieds section, it blocks a back door trojan.

Dang trumpet players and their abundance of free time.  Evil Evil Evil

Kidding kidding..... :D
Logged

Winner: 2014 TxState Trombone Symposium Solo Competition
Shires Tru-Bore .547- Griego 4M
Shires straight .547- Griego 4M
Rheinsound Alto- GB NY 3A

Spencer Chapman
BM Performance (In Progress)-Boston University
datguy
Alright on one side, all left on the other

*
Offline Offline

Location: Athens GA
Joined: May 21, 2008
Posts: 1487
"Curiously Intriguing"


View Profile
« Reply #10 on: Sep 05, 2011, 10:45AM »

I see that posts have been made by sellers today. I assumed (wrongly) that this meant the threat was gone. The threat is real and there presently as of this posting.

I use Security Essentials and it identifies the threat as:   
Backdoor:PHP/C99shell.U

This is a nasty bugger.

If anybody has viewed a classified listing and has not received an alert...
Scrub your system immediately. You should consider your system infected and you are compromised.
Logged

...make me know my end and what is the measure of my days; let me know how fleeting I am!
ParLawGod
The Man Who Doesn't Need a Title
*
Offline Offline

Location: Wisconsin, United States
Joined: Feb 26, 2003
Posts: 3561

View Profile WWW
« Reply #11 on: Sep 05, 2011, 06:43PM »

My AVG has gone off twice (yesterday and today) about a thread when I visit TTF Classifieds...definitely staying clear of that area for the next few days.
Logged
trombaribone

*
Offline Offline

Location: Boston, Massachusetts
Joined: Sep 10, 2009
Posts: 178
"KH anyone?"


View Profile
« Reply #12 on: Sep 05, 2011, 07:10PM »

While we're on the topic of intruders, did anyone happen to catch the ads that were posted for certain things of a sexual nature on the classifieds? I couldn't believe my eyeballs Amazed. Not on this forum. No!
Logged
trombone addict

*
Offline Offline

Location: Boston, MA
Joined: Nov 20, 2010
Posts: 2727
"Eat, sleep, trombone!"


View Profile
« Reply #13 on: Sep 05, 2011, 07:41PM »

While we're on the topic of intruders, did anyone happen to catch the ads that were posted for certain things of a sexual nature on the classifieds? I couldn't believe my eyeballs Amazed. Not on this forum. No!

Yea, the ones a few weeks back? I laughed for like two seconds because it was the only non trombone related items on that list. Then I got annoyed by it and was posting on a thread relating to the removal of these vulgar ads. Luckily, problem has been solved. Now, we need to get that virus off the dang classifieds. I miss being able to drool at my computer over nice horns :)
Logged

Winner: 2014 TxState Trombone Symposium Solo Competition
Shires Tru-Bore .547- Griego 4M
Shires straight .547- Griego 4M
Rheinsound Alto- GB NY 3A

Spencer Chapman
BM Performance (In Progress)-Boston University
actikid
*
Offline Offline

Location: Indianapolis
Joined: Dec 30, 2001
Posts: 10562

View Profile
« Reply #14 on: Sep 05, 2011, 08:05PM »

it looks like one of the PHP libraries was compromised and the site tried to infect my computer
Which was the point of the attack.  The point was not to pwn a trombone site.

Today's hackers are rather purposeful, for the most part.

But it wasn't the most clever thing to announce himself.  He would have better odds of catching zombies if he had not altered the visible HTML.
Logged

Where was Blackwater on the morning of September 11, 2001?
Tobbe

*
Offline Offline

Location: Gävle
Joined: Mar 27, 2005
Posts: 251
"In the Swedish archipelago 2007"


View Profile WWW
« Reply #15 on: Sep 05, 2011, 11:45PM »

My Avast alerts as it's in the banners...

Why not "just" block the code that palce the banners on the page?
I should be easy!


Hopefully no one will get infected...
Logged

Torbjörn Lundberg
bass trombone
Gävle SO, Sweden
http://www.basstrombone.info
Matt K

*
Offline Offline

Location:
Joined: May 6, 2010
Posts: 3778

View Profile
« Reply #16 on: Sep 06, 2011, 05:41AM »

My Avast alerts as it's in the banners...

Why not "just" block the code that palce the banners on the page?
I should be easy!


Hopefully no one will get infected...

https://addons.mozilla.org/en-US/firefox/addon/noscript/
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/
https://addons.mozilla.org/en-US/firefox/addon/flashblock/
Logged

What's in a name? that which we call a tenor-bass posaune
By any other name would smell as sweet;
ParLawGod
The Man Who Doesn't Need a Title
*
Offline Offline

Location: Wisconsin, United States
Joined: Feb 26, 2003
Posts: 3561

View Profile WWW
« Reply #17 on: Sep 06, 2011, 06:24AM »

TTF Staff: Would you be able to close the classifieds until this gets fixed (temporarily redirect classifieds.tromboneforum.org to this thread perhaps)? That is literally a one-minute job for whoever has the username/password. Most of the membership is probably not informed that the classifieds have been hacked, and they risk getting their computer infected. If not, what is TTF doing to protect the members?
Logged
BGuttman
Mad Chemist

*
*
Offline Offline

Location: Londonderry, NH, USA
Joined: Dec 12, 2000
Posts: 42101
"Almost Professional"


View Profile
« Reply #18 on: Sep 06, 2011, 07:35AM »

Jeremiah:

Brian Wibecan is the only one of us with any access to the Classifieds.  He has been trying to disconnect the Classified link, but has not reported any success.

Richard Byrd is the Site Owner and is the only person with full access.  He has been hovering in the background, probably due to other constraints.  We have made him aware of the problem (as best we can) but we can do no more.

You might want to send him an e-mail (address is in his profile) and express your concerns.

Believe me, if we could have fixed this it would be done by now.
Logged

Bruce Guttman
Solo Trombone, Hollis Town Band
Section Ldr, Merrimack Valley Philharmonic Orch.
Pages: [1]   Go Up
Print
Jump to: