Other Websites opening on first entry

Hi guys,

Not sure if this is an Aus Amarok forum bug or some form of Spyware associated to every device i use. When i google Aus Amarok forum and click through from Google i get redirected to another page. Generally this is some adult dating website. If i then click back and click through the same link again I'm straight into the forum home page. Very Weird!

Not sure if anyone else is seeing it.
Cheers

Matt
«1

Comments

  • SteevoSteevo Super Moderator
    edited May 2015
    Hi [MENTION=6102]Achtungbabi[/MENTION],

    Yes this is some kind of exploit that someone managed to get onto our server. I have scoured the web looking for info on where to look to find the code and how to close the hole so it doesn't come back but I've hit a wall.

    I know how to temporarily make it stop but it keeps coming back.

    If anyone has some advice please let me know and I'll see if I can use your info to solve the issue.

    Cheers

    Steve
  • AchtungbabiAchtungbabi Member
    edited May 2015
    Thanks [MENTION=872]Steevo[/MENTION], Im happy to have my work techs look at it or provide some info - What have you tried so far.
  • SteevoSteevo Super Moderator
    edited May 2015
    Errr.. [MENTION=6102]Achtungbabi[/MENTION], well you probably won't believe it.. but...

    I actually just found the malicious code stored in the datastore table within the database.

    I took a table dump before I applied the temp fix then dumped the table again and compared the text.

    No idea how it gets in there but now that I have the code I can search for ways to prevent it coming back.

    I've converted the text to an image so it's inert and attached it if you're interested.

    Screen Shot 2015-05-09 at 12.31.17 pm.jpg
  • SteevoSteevo Super Moderator
    edited May 2015
    The malicious code has been removed.

    I have implemented one of the suggested permanent fixes.

    Lets see how it goes from here.

    Cheers

    Steve
  • JasKylzJasKylz Senior Member
    edited May 2015
    Ohh good, I thought it [MENTION=872]Steevo[/MENTION] was hinting something by sending me to AdultFriendFinder!
  • davedave Supporting Member
    edited May 2015
    JasKylz wrote: »
    Ohh good, I thought it [MENTION=872]Steevo[/MENTION] was hinting something by sending me to AdultFriendFinder!

    Well [MENTION=872]Steevo[/MENTION] did have a little enterprise going on the side until you blokes sprung him. hehehe
  • SteevoSteevo Super Moderator
    edited May 2015
    dave wrote: »
    Well [MENTION=872]Steevo[/MENTION] did have a little enterprise going on the side until you blokes sprung him. hehehe

    Dang, busted agin. ;)
  • nicknznicknz Supporting Member
    edited May 2015
    Great work [MENTION=872]Steevo[/MENTION]
  • SteevoSteevo Super Moderator
    edited May 2015
    nicknz wrote: »
    Great work [MENTION=872]Steevo[/MENTION]

    Thanks Nick.

    Time will tell if I've got it cleaned and blocked.

    Everyone is welcome to let me know via this thread if you start getting redirected to crap places when clicking on Google results that link to AusAmarok.

    Cheers

    Steve.
  • Walrus48Walrus48 Supporting Member
    edited May 2015
    JasKylz wrote: »
    Ohh good, I thought it [MENTION=872]Steevo[/MENTION] was hinting something by sending me to AdultFriendFinder!

    Hahahaha Adult Friend Finder as opposed the other Amarok owners......we are all children at heart
  • SteevoSteevo Super Moderator
    edited May 2015
    That redirect via google thing came back overnight.

    I working to track down how it gets on the server so I can prevent it.
  • davedave Supporting Member
    edited May 2015
    What's the G O here?

    054b28f806477cb7372847228737da6a.jpg

    Have Tapatalk sold out to the highest bidder?



    "You don't know what you don't know"

    Cheers dave
  • SteevoSteevo Super Moderator
    edited May 2015
    Yep.. that's tapatalk inserting ads into the feed of data coming from the web server.

    I think there may be folks out there looking at ways to disable it by hacking the Tapatalk code on the forum servers, not 100% sure though.
  • AchtungbabiAchtungbabi Member
    edited June 2015
    HI @steveo, Just letting you know that the reason why i started the thread for has returned. Taking of to some other sites and they look to have Spam / Phising activities associated to them.

    Regards,

    Matt
  • SteevoSteevo Super Moderator
    edited June 2015
    Hi Matt,

    I hear ya.. I just can't seem to find a permanent fix for it.

    I'll have a chat with [MENTION=3]Calibrated[/MENTION] to see if we can start the planning to move to VBulletin v5.
  • ArborokArborok Supporting Member
    edited June 2015
    Just so you don't feel too alone Steevo, I had the same site pop up when clicking on another couple of sites today. Only remember one which was www.navara.asia.
    (No... I have no interest in Navara. Just doing some research.)
  • SteevoSteevo Super Moderator
    edited June 2015
    Ooh, I dunno, you could be a spy trying to cover your tracks. Hahaha

    What you're seeing is a site hack but I just can't find where the security hole is and there's not any meaningful info on the web that relates specifically to what's happening on our site.
  • harderrokharderrok Senior Member
    edited June 2015
    If it's any help I only get directed to "adult friend Finder" on my iPad and only after clearing history and clicking on ausamarok in Google search.
  • SteevoSteevo Super Moderator
    edited June 2015
    Yeah what happens is if you use google to search for anything and you click on a link to AusAmarok, your first click will redirect to somewhere else.

    If you go back to google and click the same link or others the will all work.

    I can remove the code that makes it happen but it comes back via a process I can't detect. If I can't detect it I can't permanently stop it.
  • harderrokharderrok Senior Member
    edited June 2015
    Thanks [MENTION=872]Steevo[/MENTION] you just explained that to my wife.:D I was in line for a backhander
  • SteevoSteevo Super Moderator
    edited June 2015
    I just removed the code.. but it'll be back at some point..

    Maybe you can test it out now..?
  • harderrokharderrok Senior Member
    edited June 2015
    All good now,thanks,
  • tintinztintinz Super Moderator
    edited June 2015
    [MENTION=872]Steevo[/MENTION] will get onto this issue too mate I believe they are getting back into the site via plugins and will go through each plugin to find the hook mate. I will look from my end and tell you what I find
  • ScotRokScotRok Supporting Member
    edited June 2015
    I don't seem to get this problem, I use safari and have the forum saved as a bookmark. iPad mini retina 32gb. Wifi.
  • SteevoSteevo Super Moderator
    edited June 2015
    [MENTION=3959]ScotRok[/MENTION]

    It's when you click a link from a google search that it happens.. but it only happens when the malicious code is active, in other words, on the server and right now it is not.
  • fossROKfossROK Supporting Member
    edited June 2015
    Thanks administration team and thanks on behalf of [MENTION=2917]harderrok[/MENTION] too. Fordy, you've just got to remove that shortcut off your retina screen though 😮

    Matt
  • ScotRokScotRok Supporting Member
    edited June 2015
    [MENTION=872]Steevo[/MENTION] I don't use the search, phew!
  • SkurferSkurfer Senior Member
    edited June 2015
    Haha hopefully you can get this fixed. I got an email from the work IT department about accessing pornography at work and it was listed as www.ausamarok.com.au. We dont have dedicated computers at work so if I have a look at the forum I usually just bang it into google and click the link. Woops. At least they were understanding.
  • WingnutR32WingnutR32 Senior Member
    edited July 2015
    Morning [MENTION=872]Steevo[/MENTION], I think this has unfortunately come back again. I feel for you guys having to deal with this.
  • ScotRokScotRok Supporting Member
    edited July 2015
    This happened to me when I looked up something for my sister, about her Citroen. And clicked on the link to the owners forum.
Sign In or Register to comment.