Forum Hacked?

Attempts to access the forum were being diverted to a web page that never seemed to load on a hacked Turkish music site.

hxxp://www[dot]canlimuzik[dot]org/msn[dot]html

Was the forum itself hacked?

This was just before the English forum disappeared to be replaced by the Czech one.

Was the page above an exploit?

Nothing seemed to load on Ubuntu.

Where’s the rest of your post? :wink:

Sorry. Hit the wrong key somewhere. :-[

I’d just like to hear your comment on the appearance of the forum.

This was the message on canlimusic.org:

sitemiz bir hacker tarafýndan saldýrýya ugramýstýr.onlemler alýnana kadar kapalý kalacaktýr.

Our site has been attacked by a hacker. It will remain closed until measures have been taken.

http://forum.avast.com/index.php?topic=34038.0
I'd just like to hear your comment on the appearance of the forum.

My experience was that the forum address was being diverted to the site above for several minutes, before the Czech forum came up in it’s place. My guess is the English forum got hacked and hastily taken off line.

No page seemed to load from the divert address. It was impossible to scan with Link Scanner, and I couldn’t view the source.

I wonder what was going on? ???

I did a nice scan of my pc with superantispyware shortly after i released something “odd” was happening and even decided to temp enable NoScript xD

–lee

Yes, I noticed that thread, but nobody had mentioned the forum being diverted to a suspicious page.

A possible forum hack seemed to be worse that a bit of Czech appearing on the forum, and worth it’s own thread (and a dramatic headline!).

The divert site was malicious:

Okay I changed the name of my origonal post. I wasn’t redirected to any other place than the czech forum, so I must have been after you. If I would have, I would have mentioned it.

I wonder if the name has to be used to prevent the redirect?

Looks like forum visitors were exposed to an exploit, unfortunately one that avast! doesn’t catch.

It a VBS exploit, which means that anyone with an out of date version of MS IE who happened to visit at that time has probably got pwned.

No idea what’s causing the residual bit of Czech. Alwial staff will have to confirm what went on.

Yes… Google stopped the hijacking…
I’ve tested Firefox and IE, Vista and Kubuntu…

K9 would block it as being Spyware/Malware Source and Pornography…
Again layered defense protect us when avast seems to fail…

anyone with an out of date version of MS IE who happened to visit at that time has probably got [i]pwned[/i].

Imba firefox!

Anyway, glad to see most people didn’t get hit by the exploits end intention, but anyone who did visit here and wasn’t patched will prob be back with hijackthis/combofix logs soon ::slight_smile:

Again layered defense protect us when avast seems to fail...

Avast not officially a spyware scanner till 4.8 right? xD

–lee

To the ones that defend LinkScanner and says that Grisoft was far behind avast using LinkScanner technology… :stuck_out_tongue:

:-\

Dr. Web got it while LinkScanner didn’t find anything ::slight_smile:

Confirmed hack.

Somebody’s boasting about it already:

what site is that frank?

–lee

Shame!
Forums security comprised (again) >:( >:(