Forums hacked?

L'irlandais

, Promises to Referee in France
#1
I have been redirected to a malware site when attempting to log in on RRF.
For a while I thought my laptop was infected, However it appears that is probably not the case.
Anybody else been have trouble?

Lots of advice available online, on the vbulletin website for example
...fs72 malware supposedly only executes when someone comes from a search engine ... it may have infected your datastore cache. ....Check all of your plugins and hooks and I recommend overwriting all vbulletin files with fresh files downloaded from vbulletin.com.
Thanks.
 
Last edited by a moderator:

Ian_Cook

<img src="http://www.rugbyrefs.com/flags/newzealan
#3
No trouble here.

I have checked the both the site Login and Homepage for incursions and have found nothing

Sounds to me like malware has hijacked your browser. Try accessing from a different computer and/or using a different browser.

UPDATE

There is a problem when you try to log in from a link provided by Google. If you open a Google page, type in "rugbyrefs.com" and click search, the first result has a warning that "The site has been hacked"

I'll try to contact Robbie as I think he is the only Admin who can fix this


UPDATE 2

When you try to log in you get redirected to a malware page "fs72". This only happens of you are LOGGED OUT when clicking on the Google search result. If you are permanently LOGGED IN, you don't get redirected and you go straight to the forum without any problem.

IMPORTANT

Anyone who has ended up being redirected to the fs72 website should take the following steps ASAP.

1. Update your Adobe Flash Player to the latest version.

2. Delete your internet cache and your browser history.
 
Last edited by a moderator:

L'irlandais

, Promises to Referee in France
#4
Cheers Ian,
I only realized when I started using my mini iPad to login. It seems the redirect is only when I use google to find the website. On my PC I didn't notice it.
I will do as you suggest for flash player and browser history.

[strikethrough]What's internet cache and how do I delete it?[/strikethough].
Strike that, i found how to clear the cache under settings.
 
Last edited:

L'irlandais

, Promises to Referee in France
#5
found how to do strike out What's internet cache and how do I delete it?
Presumably the would be hacker could see forum activity?
Definition of a hacker: Billy no mates who can write a bit of code, sad individuals who give little thought to the inconvenience they cause others. Remember this hacker matey one day soon the anonymity will be gone, and we will be able to knock on your front door for a face to face. You may yet live to regret your foolishness, thinking you could hide behind IP addresses.
 
Last edited:

crossref

<img src="http://www.rugbyrefs.com/flags/england.p
#6
if anyone has encountered this sounds like they have revealed their rugbyrefs.com username and password.

no big deal -- unless you use the same username and password on other sites...
 

Ian_Cook

<img src="http://www.rugbyrefs.com/flags/newzealan
#7
Robbie has fixed the problem with vBulletin and has applied to Google for a change in status

if anyone has encountered this sounds like they have revealed their rugbyrefs.com username and password.

no big deal -- unless you use the same username and password on other sites...
No. There have been no passwords compromised. The redirect happens before the login attempt. This redirect malware (DDS Redirect) is designed to drive business to the perpetrator's file hosting service.

Usernames can't be compromised since on this site, your login name is also your public username, anyone can see your username

If you are worried about you password security, just change it

Settings > My Account > Edit Email & Password
 

didds

, Resident Club Coach
#11
whois lookup

doesn't show any identification details.

its registered via a company in arizona, but TBH that means nothing.

Its Ip is 66.199.231.59, which appears to be located in Bleford, New Jersey. That may not be definitive either, but merely a front end/reverse proxy arrangement intended to obfuscate.

didds
 
Last edited by a moderator:

Balones

<img src="http://www.rugbyrefs.com/flags/england.p
#14
Some of my links are now going to FS72. Particularly historic links to other threads.
 
Last edited by a moderator:

L'irlandais

, Promises to Referee in France
#17
Robbie has fixed the problem with vBulletin and has applied to Google for a change in status...
Ian,
Can somebody inform Robbie's mate, that the quick fix worked for a short time only, but now we are in need of a lasting solution. Which presumably, takes a bit longer to implement.
 

Ian_Cook

<img src="http://www.rugbyrefs.com/flags/newzealan
#18
Tell me what happens with the following

1. When you physically type "www.rugbyrefs.com" into the address bar of your browser and hit ENTER.

2. When you click on this link - http://www.rugbyrefs.com

3. When you click on this link - https://www.google.co.nz/url?sa=t&r...pFHdspWWT1MgLUFEQ&sig2=QnkFLxvcWRAHIK8p_5CgbA

4. When you type "rugbyrefs" into a Google search and click on he top result (see attached file)



If any of the above takes you to the "FS72" redirect page, clear your cookies and your cache from your browser history, restart tour browser and try again.

Tell me what the circumstances are that lead you to the redirect page.
 
Last edited by a moderator: