Jump to content
NHL'94 Forums

Forum redirects to porn?


Recommended Posts

Weird question, but has anyone else been redirected to adult friend finder when trying to get to the forums using a google search? I've noticed that I get redirected a few times, so this seems to be fairly common. Also, I've had this happen on two separate computers, and my tablet, so this might be something other than my computer having picked up a nasty somewhere.

Link to comment
Share on other sites

It's a known issue....Chaos has been diligently fighting this, but the virus keeps coming back.

It's probably important to keep the forum software version up-to-date... thought I could be wrong... but it's probably a known security hole in the software, that has been patched in newer versions.

The version of this forum is 3.4.2, which was released January 23, 2013.. 3.4.7 is out, and is the end of the line.

"Version 3.4.7, yet another maintenance release, was released on October 16, 2014. This is the final release of the 3.x.x product line."

Maybe the reason we haven't updated,t hough is "With the release of IP.Board 4.0, IPS has decided to no longer honor the perpetual lifetime licenses they have sold earlier."

http://en.wikipedia.org/wiki/Invision_Power_Board#Version_3.x.x

Link to comment
Share on other sites

It's probably important to keep the forum software version up-to-date... thought I could be wrong... but it's probably a known security hole in the software, that has been patched in newer versions.

The version of this forum is 3.4.2, which was released January 23, 2013.. 3.4.7 is out, and is the end of the line.

"Version 3.4.7, yet another maintenance release, was released on October 16, 2014. This is the final release of the 3.x.x product line."

Maybe the reason we haven't updated,t hough is "With the release of IP.Board 4.0, IPS has decided to no longer honor the perpetual lifetime licenses they have sold earlier."

http://en.wikipedia.org/wiki/Invision_Power_Board#Version_3.x.x

The forum was updated to 3.4.7 a few months ago. Still didn't fix the problem. I know what file is getting changed, it's just when I replace it, it will work OK for a day or so, then the file gets modified again. Still haven't found the source of the problem, just have been replacing the file every few days. Haven't done it in a week, sorry should be OK now.

Link to comment
Share on other sites

hahahhaha

Link to comment
Share on other sites

The forum was updated to 3.4.7 a few months ago. Still didn't fix the problem. I know what file is getting changed, it's just when I replace it, it will work OK for a day or so, then the file gets modified again. Still haven't found the source of the problem, just have been replacing the file every few days. Haven't done it in a week, sorry should be OK now.

Whoops not sure how I saw 3.4.2.

A couple ideas....

A) What if we reset everyone's passwords, including (especially) mod passwords?

This page suggests the exploit could be applied with an admin password or other exploit

http://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html

B ) This exploit page says they infect IP.Board via the share link functionality. So try disabling the share buttons (do people even use those?)

http://www.exploit-db.com/exploits/34551/

C) Set up a timed process (aka chron job?) to rewrite the hacked files every night

Link to comment
Share on other sites

Yep I was planning on setting up a cron job. I think they already have a back door into the server, probably a file that checks and rewrites when needed. I just haven't found it yet, and haven't found a resolution online yet. I've tried changing file permissions and the file was still modified, so I'll probably just set up a cron job for now. Much easier

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...