Archived

This topic is now archived and is closed to further replies.

Website Issues / Technical Difficulties

44 posts in this topic

I spun up a locked down instance of Firefox (i.e., no javascript and all of the knobs turned to "no" ... and a few other tricks ... easier than messing with curl) and ran over to the googles and looked up this link shortener / re-director scum site you fellows cited. EVERYTHING I found points NOT to the notion that isrtv.com has been "hacked". Rather, there are CLEAR indications that YOU (i.e., those that are experiencing the redirection) have been hacked (which I frankly find far more plausible in the first place).

 

If anyone is still experiencing the redirection condition(s) noted above... please answer the following questions:

 

1) What browser were you using when it happened (i.e., Firefox, Chrome, IE, Safari, Opera, don't know, etc.)?

2) What OS was that browser running atop (iOS, Android, OS X, Windows, etc.)?

3) If not an iOS device (for #2), what permissions does the user account (that you signed in as) have (please don't say admin or root unless you know what the numbers 6 4 0 mean)?

 

Then, if you can muster the following...

 

Disable JavaScript in that same browser on that same machine and try to repeat the condition. Still active?

I'm not hacked. I experienced this issue about 1-2 weeks ago, but now I'm not. I think it was an issue with the site, and now I think that the issue is fixed.

Share this post


Link to post
Share on other sites

I spun up a locked down instance of Firefox (i.e., no javascript and all of the knobs turned to "no" ... and a few other tricks ... easier than messing with curl) and ran over to the googles and looked up this link shortener / re-director scum site you fellows cited. EVERYTHING I found points NOT to the notion that isrtv.com has been "hacked". Rather, there are CLEAR indications that YOU (i.e., those that are experiencing the redirection) have been hacked (which I frankly find far more plausible in the first place).

 

If anyone is still experiencing the redirection condition(s) noted above... please answer the following questions:

 

1) What browser were you using when it happened (i.e., Firefox, Chrome, IE, Safari, Opera, don't know, etc.)?

2) What OS was that browser running atop (iOS, Android, OS X, Windows, etc.)?

3) If not an iOS device (for #2), what permissions does the user account (that you signed in as) have (please don't say admin or root unless you know what the numbers 6 4 0 mean)?

 

Then, if you can muster the following...

 

Disable JavaScript in that same browser on that same machine and try to repeat the condition. Still active?

 

It was actually a known malware / virus hack to the forum software that needed to be cleaned up. http://peter.upfold.org.uk/blog/2013/01/15/cleaning-up-the-ip-board-url4short-mess/

Share this post


Link to post
Share on other sites

Yep.....it's now stopped doing it on my iPad!! I googled Inside Sim Racing....clicked on the forum link from the search results....this is when it redirected me to 'URL4SHORT' hack.....but this time.....straight to the forum no messing!!! :)

Share this post


Link to post
Share on other sites

It was actually a known malware / virus hack to the forum software that needed to be cleaned up. http://peter.upfold.org.uk/blog/2013/01/15/cleaning-up-the-ip-board-url4short-mess/

Interesting. Not a good thing that the board allows one to acquire a foothold (anyone coming in via http) whereby they can install or alter existing) .php files. Those should be locked (and not writable).

 

The bad bit is that once they gained a foothold and altered that php and got to a point where their php was executing (which it clearly was). Then they were technically free to alter all manner of things on your web site (again because the site is allowing php material to create/alter other resources (.php, .js, .css, etc.).

 

I have a (family of) site(s) but the index.php files are hard locked (nothing can alter them, not the phpfpm service, nothing ... aside from someone who has a unix shell with root creds). ...and all of the class files they refer to live outside the served directory tree (so they aren't accessible via a web url, only from within php ... and *those* files are read only too). The .js, .css and other publicly visible support materials are all served by nginx (which resides on a completely separate box) and are also read only materials.

 

Surprised (and yet not surprised) that a bbs product would open the door to self/runtime modification (not a good idea).

 

Thanks for the "triage" link, Darin. It was an interesting read.

Share this post


Link to post
Share on other sites

Interesting. Not a good thing that the board allows one to acquire a foothold (anyone coming in via http) whereby they can install or alter existing) .php files. Those should be locked (and not writable).

 

The bad bit is that once they gained a foothold and altered that php and got to a point where their php was executing (which it clearly was). Then they were technically free to alter all manner of things on your web site (again because the site is allowing php material to create/alter other resources (.php, .js, .css, etc.).

 

I have a (family of) site(s) but the index.php files are hard locked (nothing can alter them, not the phpfpm service, nothing ... aside from someone who has a unix shell with root creds). ...and all of the class files they refer to live outside the served directory tree (so they aren't accessible via a web url, only from within php ... and *those* files are read only too). The .js, .css and other publicly visible support materials are all served by nginx (which resides on a completely separate box) and are also read only materials.

 

Surprised (and yet not surprised) that a bbs product would open the door to self/runtime modification (not a good idea).

 

Thanks for the "triage" link, Darin. It was an interesting read.

☝ what he said!!!!

Share this post


Link to post
Share on other sites

i thought i had a problem because there was no box to reply to this topic........then i realised that i wasnt signed in,doh!

everythings fine here...no wait,ive been hacked adn theyve added 2 seconds to all of my lap times across everything i play!!what can i do???

Share this post


Link to post
Share on other sites

i thought i had a problem because there was no box to reply to this topic........then i realised that i wasnt signed in,doh!

everythings fine here...no wait,ive been hacked adn theyve added 2 seconds to all of my lap times across everything i play!!what can i do???

You have the 'isuckatsimracing' virus mate!! :)

Share this post


Link to post
Share on other sites

Just reporting that the hack/virus thing still happens.

 

On my end It hasn't changed from when I first noticed it - I don't know - 2 weeks ago?  A month?  Not really sure to be honest.

 

When I go to the site I get the redirect, so I click back on the browser right away, then I go back to ISR and it works fine.  However, once I delete my internet's history, cache, etc.  it does the same thing, redirect, I hit back, 2nd attempt works perfect.

 

This is on 4 different PCs.  Three at my house (1 is a laptop), and a PC at a friend's place  1 PC running Win 7, two running 8.1, and the laptop may still be on 8 instead of 8.1 but I'm not sure.

 

Same experience on all of them, redirect to "bad" site - hit "back" - then ISR works fine on 2nd attempt, and I'm pretty sure it stays fine until the internet history, cache, etc. get deleted, then the problem repeats.

 

As long as that website redirect doesn't place a virus or any file or anything on our computers than I don't really care, I've gotten used to it, it takes literally only 2-3 seconds to hit "back" and then re-try, but I thought I'd just let you know anyways.

Share this post


Link to post
Share on other sites

Just reporting that the hack/virus thing still happens.

 

On my end It hasn't changed from when I first noticed it - I don't know - 2 weeks ago?  A month?  Not really sure to be honest.

 

When I go to the site I get the redirect, so I click back on the browser right away, then I go back to ISR and it works fine.  However, once I delete my internet's history, cache, etc.  it does the same thing, redirect, I hit back, 2nd attempt works perfect.

 

This is on 4 different PCs.  Three at my house (1 is a laptop), and a PC at a friend's place  1 PC running Win 7, two running 8.1, and the laptop may still be on 8 instead of 8.1 but I'm not sure.

 

Same experience on all of them, redirect to "bad" site - hit "back" - then ISR works fine on 2nd attempt, and I'm pretty sure it stays fine until the internet history, cache, etc. get deleted, then the problem repeats.

 

As long as that website redirect doesn't place a virus or any file or anything on our computers than I don't really care, I've gotten used to it, it takes literally only 2-3 seconds to hit "back" and then re-try, but I thought I'd just let you know anyways.

 

Can you guys try again.. Our web developer worked on it again today and it seems to be gone. 

Share this post


Link to post
Share on other sites

Just reporting that the hack/virus thing still happens.

 

On my end It hasn't changed from when I first noticed it - I don't know - 2 weeks ago?  A month?  Not really sure to be honest.

 

When I go to the site I get the redirect, so I click back on the browser right away, then I go back to ISR and it works fine.  However, once I delete my internet's history, cache, etc.  it does the same thing, redirect, I hit back, 2nd attempt works perfect.

 

This is on 4 different PCs.  Three at my house (1 is a laptop), and a PC at a friend's place  1 PC running Win 7, two running 8.1, and the laptop may still be on 8 instead of 8.1 but I'm not sure.

 

Same experience on all of them, redirect to "bad" site - hit "back" - then ISR works fine on 2nd attempt, and I'm pretty sure it stays fine until the internet history, cache, etc. get deleted, then the problem repeats.

 

As long as that website redirect doesn't place a virus or any file or anything on our computers than I don't really care, I've gotten used to it, it takes literally only 2-3 seconds to hit "back" and then re-try, but I thought I'd just let you know anyways.

If it's still happening (from a bbs user's perspective) make sure you aren't pulling cached material.

 

On Windows you do this (in every browser I can think of) by holding the Shift key down as you press F5 or (hold Shift while you) use the mouse to click on the refresh icon (usually a little circular arrow) usually found just to the right or left of the address bar. You can also go into Prefs et al. and delete all of the browser caches (but that may have minor/annoying impacts on your use of other web sites).

 

Since this thing is JavaScript (and PHP) based one may need to turn JavaScript off int he browser before clearing caches to really kill it.

 

On OS X in Safari flushing the browser cache is a PITA (for a "normal" human). You have to do this...

 

1) Open Preferences;

2) Select the Advanced tab;

3) In the Advanced tab (near the bottom in my version of Safari) you should see a checkbox that let's you show the Develop menu. Check it (ON);

4) Exit Preferences;

 

Now you should see a Develop menu (too)...

 

5) Select the Clear caches menu item;

6) Refresh the (web) page.

 

In iOS you have to "Clear History and Website Data" in the Safari Settings panel (in Settings). It's kind of draconian but I guess that's the price one pays for keeping things "different".

 

@Darin,

 

You may want to take the effort to purposely reduce any HTTP cache instructions (header and meta) across the entire board. ...or at least for those items that the hack seemed to alter (a skin image if I recall). It won't help people that have already picked up broken material with long cache times but it will help keep new people from encountering the problem (and clear things up faster once you know your server is free of infection). ...and if it travels via JavaScript (which technically it must) then it will help keep you from becoming re-infected as you work through this.

 

You might also chown and chmod any file that you've found to be altered and lock it so the web server (and php, etc.) can only read the file(s), not write them. If they are files that don't change anyway that's good policy from the get go. The web server can only do what it's user credentials allow.

Share this post


Link to post
Share on other sites

I am getting random words in the threads here highlighted red, and if I click them it takes me to amazon related searches, when I hover the mouse over it says "link added by Viglink" is this something on my end, or isrtv end?

 

Edit: I just checked several other forums I frequent and no sign of the viglink crap, telling me it is something on here.

Share this post


Link to post
Share on other sites

I am getting random words in the threads here highlighted red, and if I click them it takes me to amazon related searches, when I hover the mouse over it says "link added by Viglink" is this something on my end, or isrtv end?

 

Edit: I just checked several other forums I frequent and no sign of the viglink crap, telling me it is something on here.

 

It something I'm trying as a form of advertisement. Sorry guys, I have to do something to fund the site. Do you have a specific spot you saw it ?

Share this post


Link to post
Share on other sites

It something I'm trying as a form of advertisement. Sorry guys, I have to do something to fund the site. Do you have a specific spot you saw it ?

You go Darin. Make money. I buy from amazon all the time and would like to know of a nice, const location somewhere around these parts where I can:

 

1) click through to amazon;

2) add whatever I wanted to add (or otherwise use my amazon account as I normally would);

3) do my thing (paying amazon and such);

4) Darin gets a little "ka-ching".

 

Tell me were. Better yet. Stuff a link to that location IN the response to this.

Share this post


Link to post
Share on other sites

It something I'm trying as a form of advertisement. Sorry guys, I have to do something to fund the site. Do you have a specific spot you saw it ?

That is fine, just wanted to make sure you hadn't suffered a ad/malware attack etc.. As long as I know it is legit, all good.

Share this post


Link to post
Share on other sites

[a class=vglnk" title="Link added by VigLink" href="http://www.amazon.com/" rel="nofollow][span]amazon[/span][/a]

 

Cool. That's a reasonable way to do it, Darin!

 

It's just swapping in simple anchors that take me to amazon (presumably that's enough to trigger your normal affiliate kick back). No one is feeling the need to inspect my undies and take pictures of and fondle what's inside nor sell those pictures and stories to other wierdos (aka. advertising "provider" entities) that want to feed on the whole freak show that is what modern advertisers seem to think is "normal and acceptable" these days.

 

Advertising, as such, is fine. Advertisers crossing the line into (a virtual class of, yes...) freaky perverts is what's wrong with advertising. The "we can't make (!enough!) money without being perverts" excuse is just that. ...an excuse.

Share this post


Link to post
Share on other sites

You go Darin. Make money. I buy from amazon all the time and would like to know of a nice, const location somewhere around these parts where I can:

 

1) click through to amazon;

2) add whatever I wanted to add (or otherwise use my amazon account as I normally would);

3) do my thing (paying amazon and such);

4) Darin gets a little "ka-ching".

 

Tell me were. Better yet. Stuff a link to that location IN the response to this.

 

Appreciate it bud !  If you click on any Amazon banner at the site, it's through my affiliate. Here's a direct link though for a T300 

 

Purchase a Thrustmaster T300 RS here: http://amzn.to/1wmByWK

Share this post


Link to post
Share on other sites