Planted Tank Hacked - Page 2
Planted Tank Forums
Your Tanks Image Hosting *Tank Tracker * Plant Profiles Fish Profiles Planted Tank Guide Photo Gallery Articles

Go Back   The Planted Tank Forum > The Planted Tank Information > Important Update/Announcements


Reply
 
Thread Tools Display Modes
Old 09-11-2010, 03:16 PM   #16
Khandurian
Planted Tank Obsessed
 
PTrader: (5/100%)
Join Date: Oct 2006
Location: Cocoa Beach, FL!
Posts: 375
Default

I think you may want to still check your code. When I got the email I thought it suspicious. So I just deleted it. Came to the site here manually, and the main forum page started making my antivirus go nuts.

Just wanted to give you a heads up.
__________________
I woke up one morning and realized my living room turned into a fish store!!! HELP!!!!
Khandurian is offline   Reply With Quote
Sponsored Links
Advertisement
 
Old 09-11-2010, 03:20 PM   #17
EricSilver
Planted Tank Obsessed
 
PTrader: (0/0%)
Join Date: Feb 2004
Location: Fairfax, VA
Posts: 439
Default

Quote:
Originally Posted by KyleT View Post

and as far as I know, it did not install anything malicious on any computers.
Yes it did -- when I got here my browser (Safari) flashed a message that the site contained malware.
__________________
Tank: 40 Gallon Breeder w/Eco Complete ||
Aquasun 156W Quad 5000K || SunSun 302 Canister Filter (Sunsun Pimp #77) || Pressurized CO2 || Dual Current Gamma 15W UV Sterilizers || Hydor Inline Heater
EricSilver is offline   Reply With Quote
Old 09-11-2010, 03:27 PM   #18
Sinopa
Newbie
 
PTrader: (0/0%)
Join Date: Mar 2010
Location: Pomona, CA
Posts: 1
Default

What if we haven't logged on in a while? Are we good?
Sinopa is offline   Reply With Quote
Old 09-11-2010, 03:51 PM   #19
KyleT
Planted Tank VIP
 
KyleT's Avatar
 
PTrader: (5/100%)
Join Date: Jul 2002
Location: Austin, Texas
Posts: 13,533
Default

I am 99% sure that we got rid of the hack. Of course there is a slight chance that we missed something.

I believe that the users who are still experiencing a problem likely have a cached version of the forum or a specific page from the forum in their browsers. In order to remove these cached versions here are instructions:

http://www.aboutcookies.org/Default.aspx?page=2
__________________
Please Send all Support Requests to forumadmin
Bit Of Nothing - Personal Blog
KyleT is offline   Reply With Quote
Old 09-11-2010, 03:51 PM   #20
KyleT
Planted Tank VIP
 
KyleT's Avatar
 
PTrader: (5/100%)
Join Date: Jul 2002
Location: Austin, Texas
Posts: 13,533
Default

Quote:
Originally Posted by Sinopa View Post
What if we haven't logged on in a while? Are we good?
More than likely yes.
__________________
Please Send all Support Requests to forumadmin
Bit Of Nothing - Personal Blog
KyleT is offline   Reply With Quote
Old 09-11-2010, 03:55 PM   #21
KyleT
Planted Tank VIP
 
KyleT's Avatar
 
PTrader: (5/100%)
Join Date: Jul 2002
Location: Austin, Texas
Posts: 13,533
Default

Thanks for the heads up. I'm more than open to advice. If you want to send me a link please do, that way i can atleast check to ensure that isn't what this is.

I think it is just a coincidence that it happened on or near 9/11.

The exploit that i linked to was discovered a couple of days ago, and the symptoms of the hack were identical to the ones described there. I was able to locate the injected code and verified that it does not exist anymore after updating.

- Kyle



Quote:
Originally Posted by dzydvl View Post
Kyle, I'm an IT security admin by trait. Approximately 4 years ago there was a 9-11 hack done. The way it worked was to plant it on servers, and it would randomly (9-11 on random years) activate. I'm sure you are already aware of this, so I do apologize if this is repeated information. The initial hack was more of a worm, not really not meant to do damage. Unfortunately like all hacks, variants were written. I will try and dig up the security info I had on it. Again, I don't mean to intrude, just want to share what I know, I apologize if I crossed a line. I know some forums to get touchy when members try and offer information. This does not seem like one of those places, which is why I wanted to send a message.

sent from my phone, because I can't get the internet out in the boonies.
__________________
Please Send all Support Requests to forumadmin
Bit Of Nothing - Personal Blog
KyleT is offline   Reply With Quote
Old 09-11-2010, 03:57 PM   #22
Da Plant Man
Nerd Alert.
 
Da Plant Man's Avatar
 
PTrader: (74/100%)
Join Date: Apr 2010
Location: NW Montana
Posts: 5,703
Default

I just got on and google chrome marked this site saying it had "Malicious software" and that my computer could be at risk. If it is fixed why is chrome saying such a thing?

Also, thanks for the warning.
__________________

RAOK CLUB #12
Wabi-kusa Pimp #1
"99% of the time, a fish tank with plants will fail. Once you start a dedicated planted tank with fish, then you begin to succeed." - Geniusdudekiran
Da Plant Man is online now   Reply With Quote
Old 09-11-2010, 04:00 PM   #23
Bugman
Planted Tank Enthusiast
 
Bugman's Avatar
 
PTrader: (11/100%)
Join Date: Jan 2008
Location: Atlanta, Ga
Posts: 792
Default

Well if you are like me you like to use the same password for everything instead of having to remember different ones. I'm changing the password on everything that was even similar. Especially financial accounts. Taking all precautions.
Bugman is offline   Reply With Quote
Old 09-11-2010, 04:18 PM   #24
billyk
Algae Grower
 
billyk's Avatar
 
PTrader: (0/0%)
Join Date: Jan 2004
Location: Templeton, Ma
Posts: 10
Default

Bummer, sorry to hear about this. My site was hit a while back. Bugger to repair!
billyk is offline   Reply With Quote
Old 09-11-2010, 04:37 PM   #25
TheeOldMan
Algae Grower
 
TheeOldMan's Avatar
 
PTrader: (0/0%)
Join Date: Jul 2009
Location: Upstate NY
Posts: 28
Default

Thanks for heads up Kyle
i didnt use e-mail link to get here. i logged in ( using firefox ) and read about to make sure there was a problem. after reading posts i logged off and signed back in using safari and didnt get anything strange. although my Safari may need updating , but didnt experience anything strange with FireFox which is up to date.
thanks again for the heads up, password changed.
__________________
2.6g Fry ( snails + water spider )
10g Guppies
20g Guppies + Pleco (common) , Hornwort
TheeOldMan is offline   Reply With Quote
Old 09-11-2010, 04:43 PM   #26
EricSilver
Planted Tank Obsessed
 
PTrader: (0/0%)
Join Date: Feb 2004
Location: Fairfax, VA
Posts: 439
Default

I'm back and this time, no malware warning (in safari).

I also tried Internet Explorer and no issues. (Previously it closed a tab with an error message).

I also ran a virus scan and no problems.

So it looks like you are OK.
__________________
Tank: 40 Gallon Breeder w/Eco Complete ||
Aquasun 156W Quad 5000K || SunSun 302 Canister Filter (Sunsun Pimp #77) || Pressurized CO2 || Dual Current Gamma 15W UV Sterilizers || Hydor Inline Heater
EricSilver is offline   Reply With Quote
Old 09-11-2010, 04:46 PM   #27
chad320
Planted Tank VIP
 
chad320's Avatar
 
PTrader: (101/100%)
Join Date: Mar 2010
Location: Spring Valley, IL
Posts: 7,646
Default

When I got on I had a pop up from "Java" ? IDK what it was. Mcaffee came on and said it blocked malware though. I changed my password anyway and ive been running fine. Thanks Kyle!
__________________
chad320 is offline   Reply With Quote
Old 09-11-2010, 04:50 PM   #28
EricSilver
Planted Tank Obsessed
 
PTrader: (0/0%)
Join Date: Feb 2004
Location: Fairfax, VA
Posts: 439
Default

Ditto that.

When I first had the problem with IE it generated an error report identifying Java VM as the issue:

# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_03-b02 mixed mode)
__________________
Tank: 40 Gallon Breeder w/Eco Complete ||
Aquasun 156W Quad 5000K || SunSun 302 Canister Filter (Sunsun Pimp #77) || Pressurized CO2 || Dual Current Gamma 15W UV Sterilizers || Hydor Inline Heater
EricSilver is offline   Reply With Quote
Old 09-11-2010, 06:39 PM   #29
fresh.salty
Wannabe Guru
 
fresh.salty's Avatar
 
PTrader: (17/100%)
Join Date: Jul 2010
Location: SoCal
Posts: 1,944
Default

Changed the password while at my shop. Came home and logged in and of course needed to log in with the new PW. But Firefox gave me a bar across the top that said I needed to install a plug-in to view all content on the page. I ignored that message and logged in with the new PW and it "seems" fine.
fresh.salty is offline   Reply With Quote
Old 09-11-2010, 08:56 PM   #30
TheeOldMan
Algae Grower
 
TheeOldMan's Avatar
 
PTrader: (0/0%)
Join Date: Jul 2009
Location: Upstate NY
Posts: 28
Default

if it wasnt for the internet still being like the wild freakin west, think of what could get done !
i might have a problem with my Father-in-laws computer, because of recent e-mail that had malicious attachment, but one of my kids was on and checked e-mail (even though ive told them DO NOT TOUCH GRAMPAS COMPUTER ! lol
Grampa was away and guess what ? lol
__________________
2.6g Fry ( snails + water spider )
10g Guppies
20g Guppies + Pleco (common) , Hornwort
TheeOldMan is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:57 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright Planted Tank LLC 2012