• The new B5TV.COM is here. We've replaced our 16 year old software with flashy new XenForo install. Registration is open again. Password resets will work again. More info here.

I think we've been hacked again.

vacantlook

Super Moderator
A few minutes ago, when I came to the board, my browser prompted me to download some .exe file. I declined of course. At first I thought it was another website I had open in another tab, but then I noticed that those little tiny squares that appeared on the site the last time we were hacked are there again.

45711702zw9.jpg


34744474ka9.jpg


56896547qb1.jpg


70574400uh5.jpg


56644077as6.jpg
 
Last edited:
Yup, it definitely seems hacked. I just flushed my browser of all cookies and cache and all that and came back here and got not just one pop up trying to get me to install a file, but two. The one says the file it's trying to get me to download is xcodec.exe from http://great2008x.com. I could click cancel and get out of that, but there is also a second pop up that says:

The page at http://great2008x.com says: Video ActiveX Object Error. Your browser cannot play this video file. Click 'OK' to download and install missing Video ActiveX Object.

When I click Cancel on this pop up, a replacement pops up saying:

The page at http://great2008x.com says: Please install new version of Video ActiveX Object.

And it only provides an "OK" button to click now. So, I click the X on the window to try to just shut the window, and it makes the initial pop window I quoted above pop back up. It goes 'round and 'round. "It never ends," as Delenn says.
 
If you load one of the sub-forums from your history, like I did, you can get past the main page, and that seems to avoid the hack. Even so, a f***ing nuisance.

We've had a real run of this lately. Are we more vulnerable than we used to be? Have we made some enemies? Or is this just the way things go on the net these days?
 
I got around the endless pop up part of the hack by loading two windows of my browser. While the endless pop up plagued the first window, it didn't bother the second one at all. Using the Windows Task Manager, I closed the endless pop up version of my browser, since I couldn't exit the program on its own thanks to the endless pop up (though doing so strangely caused both browser windows to close). But then once I reopened my browser program, the pop up window didn't come back.
 
This looks like a virus that normally infects porn sites. Time to kill it.

The site ID is probably on a spammer's list of working websites.
 
I cleared out my cache and cookies and return to the site and the pop ups were still there for me, just a few minutes ago.
 
This looks like a virus that normally infects porn sites. Time to kill it.

The site ID is probably on a spammer's list of working websites.

There's definitely a virus involved... Norton spotted it and blocked it's access as all this started to happen last night.

I see the squares but got no executable file prompt or pop ups.
 
Yeah, it was the same hack as last time. Quite specific, they didn't have full control over the system. I thought it was fixed in a previous patch, but I guess not.
 
Judging by some of the dodgy names that are registering without posting again... I'd say it's likely we have more of the same inbound on the radar.
 
Well those are spammers, that's something else.

My scripts are catching most of them now. I have set it so banned accounts are in red. If you see a dodgy account in red there's no need to worry as they're already banned.
 
I noticed that one was checking out "callendars", a feature I was unaware of. I wonder if they aren't planting "time-bombs'?

Nasty little buggers, eh?
 
If they're red they can't do anything, so no worries.

After they misbehave, like dengakintosss currently in B5 Personnel with all that unreadable junk, or the ones you have in red (e.g. Eywcddnd, Weredasog, ZocaleHajaxi), why don't you just permanently delete 'em and ALL of their posts?
 
I do it less often than Kribu (due to her time zone being much better, or worse, depending upon if you ask her or I ;)) but they are removed.
 
I've got a friend request on here... which is a bit dodgy because I've always been a bit of a Billy No Mates. Is this a possible scam?

I don't want to be unfriendly so I'd just like to run it by someone first...is "Winged Heron" one of the dodgy accounts (they haven't made a single post), so are they redlisted?
 
Last edited:
It's hard to say. So far, not red and they have a profile pic and signatures, so that does not fit the typical profile of the spammer. Also, they are in Austria, which means it might be Chilli being silly. ;)
 
The thought had crossed my mind especially as the handle is the name of a Second Life character who has propagated themselves on Facebook, Myspace and other sites.

I do my research!;)
 
I want to thank Kribu and Markas for deleting all the spammers so promptly. I am on in the wee hours, EST, and I see that they are deleted almost as soon as they appear!

:p:p:p (to the spammers.)
 
Back
Top