Welcome, Guest. Please login or register.
March 26, 2017, 03:53:20 PM

Login with username, password and session length

Search:     Advanced search
Donate! | Subscribe! | Shop: Amazon

***DONATION DRIVE 2 HAS BEGUN:
CLICK HERE TO BURN MONEY***
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  General Discussion  |  Topic: Our WP sites including f13.net main page have been hacked 0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: Our WP sites including f13.net main page have been hacked  (Read 341 times)
Kail
Terracotta Army
Posts: 2733


on: February 14, 2017, 11:23:33 AM

Is anyone else seeing a hidden link for "casino strategies" on the F13 front page, or am I sporting some weird virus?

Edit by Trippy: moved to own topic
« Last Edit: February 16, 2017, 02:16:07 PM by Trippy »
Sky
Terracotta Army
Posts: 28836

I love my TV an' hug my TV an' call it 'George'.


WWW
Reply #1 on: February 14, 2017, 12:16:50 PM

What's a front page?

Trippy
Administrator
Posts: 20209


Reply #2 on: February 14, 2017, 12:35:06 PM

Is anyone else seeing a hidden link for "casino strategies" on the F13 front page, or am I sporting some weird virus?
I see it in the source through Firefox. We've probably been hacked awesome, for real

I won't be able to easily work on it until I get home.
Yegolev
Moderator
Posts: 23209

2/10 WOULD NOT INGEST


WWW
Reply #3 on: February 15, 2017, 01:39:12 PM

Joke's on the hacker, no one reads the front page.

Why am I homeless?  Why do all you motherfuckers need homes is the real question.
They called it The Prayer, its answer was law
Mommy come back 'cause the water's all gone
Trippy
Administrator
Posts: 20209


Reply #4 on: February 15, 2017, 02:17:44 PM

It's a honey pot awesome, for real
Trippy
Administrator
Posts: 20209


Reply #5 on: February 15, 2017, 11:16:41 PM

Is anyone else seeing a hidden link for "casino strategies" on the F13 front page, or am I sporting some weird virus?
I see it in the source through Firefox. We've probably been hacked awesome, for real

I won't be able to easily work on it until I get home.
Offending block of code removed. Don't know yet how it got there (so it may come back).
jth
Terracotta Army
Posts: 187


Reply #6 on: February 16, 2017, 03:43:49 AM


Offending block of code removed. Don't know yet how it got there (so it may come back).


Looks like it did, and not so hidden this time.
Mandella
Terracotta Army
Posts: 353


Reply #7 on: February 16, 2017, 08:47:53 AM

Time to change the password? Remember to use numbers and a special character!

 why so serious?

But seriously, I tend to surf in past the front page, should I be worried about anything?

I also run browsers protected by noscript and have only clicked on the forum link in forever.
Trippy
Administrator
Posts: 20209


Reply #8 on: February 16, 2017, 02:11:04 PM

Offending block of code removed. Don't know yet how it got there (so it may come back).
Looks like it did, and not so hidden this time.
Well WP had a huge hole in class-phpmailer.php which was made public in December last year which might be the way they are getting through.

Removed that file and one of the injected malware files that likely came through that exploit, removed the offending link (again), and am continuing to scan for other bad stuff.
Trippy
Administrator
Posts: 20209


Reply #9 on: February 16, 2017, 02:13:31 PM

But seriously, I tend to surf in past the front page, should I be worried about anything?

I also run browsers protected by noscript and have only clicked on the forum link in forever.
As long as you didn't click the link you should be fine.
HaemishM
Staff Emeritus
Posts: 37176

Prevent all damage that would be dealt to you and other troops you control.


WWW
Reply #10 on: February 16, 2017, 02:29:22 PM

The exploit only really allowed hackers to make new posts on the Wordpress site. It's more of a defacement kind of thing as opposed to a crack the user database thing.

JRave
Terracotta Army
Posts: 44


Reply #11 on: February 16, 2017, 06:21:17 PM

Is the double navbar something you caused or is the site still being screwed with?
Sky
Terracotta Army
Posts: 28836

I love my TV an' hug my TV an' call it 'George'.


WWW
Reply #12 on: February 16, 2017, 09:39:21 PM

Well WP had a huge hole in class-phpmailer.php which was made public in December last year which might be the way they are getting through.

Removed that file and one of the injected malware files that likely came through that exploit, removed the offending link (again), and am continuing to scan for other bad stuff.

Godaddy (I know, shut up) just nuked a ton of shit from an old, unupdated test site I had hanging around. I ran the WP updater after getting the notification, but they seem to be on the ball about making sure that gets dealt with, whether you like it or not.

Trippy
Administrator
Posts: 20209


Reply #13 on: February 16, 2017, 10:36:40 PM

We use GoDaddy too but that's cause schild used to work there and we've too lazy to move off of them, though we did explore that option the last time around.
Ironwood
Terracotta Army
Posts: 25852


Reply #14 on: February 17, 2017, 02:22:46 AM

Why am I now getting fucking e-mails from Russian Bots purporting to be from f13 ?

I think the PM system got a dick in it now.

"Mr Soft Owl has Seen Some Shit." - Sun Tzu
Pages: [1] Go Up Print 
f13.net  |  f13.net General Forums  |  General Discussion  |  Topic: Our WP sites including f13.net main page have been hacked  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC