Author Topic: Has website been hacked?  (Read 20345 times)

0 Members and 1 Guest are viewing this topic.

Offline [MAF]mooman

  • Leader
  • Posts: 6,299
    • View Profile
Re: Has website been hacked?
« Reply #75 on: January 20, 2014, 07:52:23 pm »
thanks all, i've submitted another ticket to the hosting company, hopefully they'll sort it out
will read and answer your forum PMs when I'm less busy!

Offline [RSD]Seoson

Re: Has website been hacked?
« Reply #76 on: January 20, 2014, 07:56:48 pm »
O.K.

I can now proof and reproduce what is going on.

The webserver, a PHP script, a htaccess file or similiar configuration file (depends on webserver, OS and configuration) is redirecting the user using a 302 redirect to other websites.

Proof:
http://cloud.kab-s.de/public.php?service=files&t=5e6ec7531188453cfe77f89c3d72673d
In the lower right corner you can identify the answer from host "adrenalinex.co.uk" as a 302 redirect by the "Location:" tag. It's redirecting you to some strange website where traffic management is handled and the user is redirected again a few times to obfuscate what's going on. After a few seconds the user is redirected to a landing page with some randome ads or maleware.

How to reproduce (DON'T DO THAT IF YOU DON'T KNOW WHAT YOU DO):
1. Logout from this forum
2. Close any tabs in your browser that are related to AX.
3. Clear your cookies as well as your browser's cache.
4. Restart your router for a new IP (This won't work with static IPs)
5. Go to google.de (or the correspondig google website for your country)
6. Search for "adrenalin x"
7. Click on "AdrenalineX Racing - play.adrenalinex.co.uk:7777"
8. I was redirected with a chance of about 90%. (From Germany with Firefox)

It appears that you have to match certain conditions, because I was unable to reproduce this in Chrome. I've logged all the traffic using smartsniff so I'm relatively sure that this is not related to adware.

If you (Admins) are sure that this is not related to a security breach on your side, you should contact your hoster right away. If I were you I would also think about changing your hosting provider. If any assistance is required me and I think alos the rest of the RSD-Clan are willing to help you out.

Please note: I'm not a native speaker ;-)

Best regards,
Seoson
« Last Edit: January 20, 2014, 08:00:27 pm by [RSD]Seoson »

Offline [MAF]mooman

  • Leader
  • Posts: 6,299
    • View Profile
Re: Has website been hacked?
« Reply #77 on: January 20, 2014, 08:01:06 pm »
Just got this email from our host:
Quote
Hi

We have identified a security issue on our cPanel server "web1" which is causing intermittent timeout and redirection issues for some users. The best way of ensuring this is completely resolved is to reinstall the server, so that is what we are currently organising.

The maintenance will be carried out as follows:

1. A new full backup of all account data will be taken. This was started at 19:30 GMT and we expect it to finish around 21:30

2. Once the backup is complete, the server will be re-installed with CentOS Linux and cPanel. (Approx 2hrs)

3. The server will be configured/secured (Approx 30mins)

4. We will initiate restore of account data, and will monitor the progress, restoring Dedicated IP's and SSL certificates (If applicable to your account) automatically. This will likely take several hours to complete as accounts will be restored one by one.

Updates will be posted on our blog www.pcsmarthosting.net if there are any issues or delays.

We apologize for any inconvenience this may cause, however this is the best option available to us to ensure the integrity of your data, and security of the server and your websites.

Kind Regards,

The PCSmart Team
will read and answer your forum PMs when I'm less busy!

Offline [MAF]mooman

  • Leader
  • Posts: 6,299
    • View Profile
Re: Has website been hacked?
« Reply #78 on: January 20, 2014, 11:03:52 pm »
Things should be ok now. If anything weird happens again post here with details. I'm not sure how much my emails influenced our host but, in any case, thanks everyone for posting information here.
will read and answer your forum PMs when I'm less busy!

Offline [MAF]mooman

  • Leader
  • Posts: 6,299
    • View Profile
Re: Has website been hacked?
« Reply #79 on: January 20, 2014, 11:32:12 pm »
bleh or not!
Quote
Hi

Due to some issues at our datacentre we have been unable to complete the works tonight as planned.

We will be rescheduling this in due course, in the meantime we are doing what we can to keep the service as stable as possible.

Kind Regards,

The PCSmart Team
will read and answer your forum PMs when I'm less busy!

Offline [MAF]Snoopy

  • Posts: 14,540
    • View Profile
Re: Has website been hacked?
« Reply #80 on: January 20, 2014, 11:34:45 pm »
I love KingJ

KJ 2008-2014 <3

Offline RuBenXitoH

  • Posts: 140
  • Be Yourself.
    • View Profile
Re: Has website been hacked?
« Reply #81 on: January 22, 2014, 07:44:25 pm »
page is back but ''Players'' section isn't working for me..

Offline [MAF]mooman

  • Leader
  • Posts: 6,299
    • View Profile
Re: Has website been hacked?
« Reply #82 on: January 22, 2014, 07:50:13 pm »
site isn't fully restored yet, working with host to fix it
will read and answer your forum PMs when I'm less busy!

Offline [MAF]mooman

  • Leader
  • Posts: 6,299
    • View Profile
Re: Has website been hacked?
« Reply #83 on: January 23, 2014, 07:11:49 am »
everything should be ok now
will read and answer your forum PMs when I'm less busy!

Offline [LSR]Jalicno

  • Admin
  • Posts: 12,384
    • View Profile
Re: Has website been hacked?
« Reply #84 on: January 23, 2014, 08:40:24 am »
There is 2.0.7(SMF) available for few days already, i have installed this morning since my forum is completely messed up

Offline [MAF]Aj_Lajk_Bir

  • Admin
  • Posts: 5,031
    • View Profile
Re: Has website been hacked?
« Reply #85 on: February 06, 2014, 09:38:47 pm »
good i wasn't on forum while that shit