Skeletor Posted March 13, 2015 Report Share Posted March 13, 2015 Weird question, but has anyone else been redirected to adult friend finder when trying to get to the forums using a google search? I've noticed that I get redirected a few times, so this seems to be fairly common. Also, I've had this happen on two separate computers, and my tablet, so this might be something other than my computer having picked up a nasty somewhere. Quote Link to comment Share on other sites More sharing options...
kingraph Posted March 13, 2015 Report Share Posted March 13, 2015 It's a known issue....Chaos has been diligently fighting this, but the virus keeps coming back. Quote Link to comment Share on other sites More sharing options...
Skeletor Posted March 14, 2015 Author Report Share Posted March 14, 2015 It's a known issue....Chaos has been diligently fighting this, but the virus keeps coming back. Thanks, just wanted to make sure that my machine didn't pick up a nasty. Quote Link to comment Share on other sites More sharing options...
smozoma Posted March 14, 2015 Report Share Posted March 14, 2015 It's a known issue....Chaos has been diligently fighting this, but the virus keeps coming back. It's probably important to keep the forum software version up-to-date... thought I could be wrong... but it's probably a known security hole in the software, that has been patched in newer versions. The version of this forum is 3.4.2, which was released January 23, 2013.. 3.4.7 is out, and is the end of the line. "Version 3.4.7, yet another maintenance release, was released on October 16, 2014. This is the final release of the 3.x.x product line." Maybe the reason we haven't updated,t hough is "With the release of IP.Board 4.0, IPS has decided to no longer honor the perpetual lifetime licenses they have sold earlier." http://en.wikipedia.org/wiki/Invision_Power_Board#Version_3.x.x Quote Link to comment Share on other sites More sharing options...
chaos Posted March 14, 2015 Report Share Posted March 14, 2015 It's probably important to keep the forum software version up-to-date... thought I could be wrong... but it's probably a known security hole in the software, that has been patched in newer versions. The version of this forum is 3.4.2, which was released January 23, 2013.. 3.4.7 is out, and is the end of the line. "Version 3.4.7, yet another maintenance release, was released on October 16, 2014. This is the final release of the 3.x.x product line." Maybe the reason we haven't updated,t hough is "With the release of IP.Board 4.0, IPS has decided to no longer honor the perpetual lifetime licenses they have sold earlier." http://en.wikipedia.org/wiki/Invision_Power_Board#Version_3.x.x The forum was updated to 3.4.7 a few months ago. Still didn't fix the problem. I know what file is getting changed, it's just when I replace it, it will work OK for a day or so, then the file gets modified again. Still haven't found the source of the problem, just have been replacing the file every few days. Haven't done it in a week, sorry should be OK now. Quote Link to comment Share on other sites More sharing options...
halfMANhalfDONUT Posted March 14, 2015 Report Share Posted March 14, 2015 That's weird, all of my porn is redirecting to the forum!!! Quote Link to comment Share on other sites More sharing options...
Freydey Posted March 14, 2015 Report Share Posted March 14, 2015 hahahhaha Quote Link to comment Share on other sites More sharing options...
Skeletor Posted March 14, 2015 Author Report Share Posted March 14, 2015 That's weird, all of my porn is redirecting to the forum!!! NHL94 is my porn... Quote Link to comment Share on other sites More sharing options...
smozoma Posted March 14, 2015 Report Share Posted March 14, 2015 The forum was updated to 3.4.7 a few months ago. Still didn't fix the problem. I know what file is getting changed, it's just when I replace it, it will work OK for a day or so, then the file gets modified again. Still haven't found the source of the problem, just have been replacing the file every few days. Haven't done it in a week, sorry should be OK now. Whoops not sure how I saw 3.4.2. A couple ideas.... A) What if we reset everyone's passwords, including (especially) mod passwords? This page suggests the exploit could be applied with an admin password or other exploit http://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html B ) This exploit page says they infect IP.Board via the share link functionality. So try disabling the share buttons (do people even use those?) http://www.exploit-db.com/exploits/34551/ C) Set up a timed process (aka chron job?) to rewrite the hacked files every night Quote Link to comment Share on other sites More sharing options...
chaos Posted March 15, 2015 Report Share Posted March 15, 2015 Yep I was planning on setting up a cron job. I think they already have a back door into the server, probably a file that checks and rewrites when needed. I just haven't found it yet, and haven't found a resolution online yet. I've tried changing file permissions and the file was still modified, so I'll probably just set up a cron job for now. Much easier Quote Link to comment Share on other sites More sharing options...
HABS Posted March 15, 2015 Report Share Posted March 15, 2015 That's weird, all of my porn is redirecting to the forum!!! lmao Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.