AFCA Forums Home
Home Search search Menu menu Not logged in - Login | Register

 Moderated by: Steve Cunningham, Stan Adams, Rod Rogers
New Topic Reply Printer Friendly
Current Website Issues  Rate Topic 
AuthorPost
 Posted: Thu Sep 3rd, 2020 03:19 pm
  PMQuoteReply
1st Post
Jamie Horner
Administrator
 

Joined: Tue Sep 10th, 2019
Location: Iowa USA
Status: 
Offline
Hello everyone,
It seems we have an intruder of sorts in a portion of our Website.

There have been reports of malicious (and sometimes embarrassing) pop-ups being loaded when clicking on links in our current forum area. We are looking onto what to do about it, but in the meantime you may want to clear your browser cache, restart your Web browser and enable a pop-up blocker until we can get this figured out.

Sorry for the inconvenience, but this was not something that happened because anything on the site was changed. Unfortunately, it seems to be something that is becoming more common as site hacking becomes more sophisticated.

Back To Top PMQuoteReply  

 Posted: Thu Sep 3rd, 2020 03:57 pm
  PMQuoteReply
2nd Post
Tom Newcity
AFCA Member


Joined: Sun Nov 27th, 2005
Location: Fort Smith
Status: 
Offline
It has happened to me several times.  I installed a new security system hoping to stop it.  Will let you know if the intrusion reoccurs. 

Back To Top PMQuoteReply

 Posted: Thu Sep 3rd, 2020 06:03 pm
  PMQuoteReply
3rd Post
John Fengel
AFCA Member


Joined: Mon Nov 14th, 2005
Location: Temple, Texas USA
Status: 
Offline
I've not had this happen to me. One thing I have noticed is the site has a warning that has "Not Secure" on the AFCA Address Bar. It only indicates the site is Not Secure, it DOES NOT say the site is DANGEROUS as described below. I might also add that when I did the Drop Down it has 2 Cookies Stored. One was for the AFCA, the other was for Twitter. Not sure why I have one for Twitter because I don't have an account with them so I just Blocked it.

If I drop down the Notice it says.....




Last edited on Thu Sep 3rd, 2020 06:15 pm by John Fengel

Back To Top PMQuoteReply  

 Posted: Thu Sep 3rd, 2020 07:34 pm
  PMQuoteReply
4th Post
Tom Newcity
AFCA Member


Joined: Sun Nov 27th, 2005
Location: Fort Smith
Status: 
Offline
Hey John,
What I got was a full page of porn in action with links to click on.  I X'ed out and it was gone.  Happened 3 times at different times.  

Back To Top PMQuoteReply

 Posted: Thu Sep 3rd, 2020 08:05 pm
  PMQuoteReply
5th Post
Jamie Horner
Administrator
 

Joined: Tue Sep 10th, 2019
Location: Iowa USA
Status: 
Offline
One of our Twitter Links does happen to be one of the links that I have identified as not being secure, but it's one of many unfortunately.

Back To Top PMQuoteReply  

 Posted: Fri Sep 4th, 2020 07:54 pm
  PMQuoteReply
6th Post
Jeff Whitfield
AFCA Member


Joined: Fri Apr 9th, 2010
Location: USA
Status: 
Offline
This is what I got today when I logged in:

Attached Image (viewed 440 times):

Screenshot_20200904-155132.png

Last edited on Fri Sep 4th, 2020 07:55 pm by Jeff Whitfield

Back To Top PMQuoteReply

 Posted: Fri Sep 4th, 2020 07:58 pm
  PMQuoteReply
7th Post
Jeff Whitfield
AFCA Member


Joined: Fri Apr 9th, 2010
Location: USA
Status: 
Offline
However, I only received when pop-up ads came through. If I block pop-ups, I have trouble surfing the forums. I click on one of the three forums and nothing happens while I'm blocking ads. Only when I accept ads am I easily allowed to surf forums.

Back To Top PMQuoteReply  

 Posted: Fri Sep 4th, 2020 08:21 pm
  PMQuoteReply
8th Post
Jeff Whitfield
AFCA Member


Joined: Fri Apr 9th, 2010
Location: USA
Status: 
Offline
When I clear my browser cache and change my password, I get pop-up requests again.

Back To Top PMQuoteReply

 Posted: Wed Sep 9th, 2020 09:43 pm
  PMQuoteReply
9th Post
Thomas Peters
AFCA Member
 

Joined: Mon Nov 16th, 2009
Location:  
Status: 
Offline
Twice today.

When will it ever end?

Back To Top PMQuoteReply  

 Posted: Thu Sep 10th, 2020 04:03 am
  PMQuoteReply
10th Post
Alex Rushing
AFCA Member


Joined: Thu Dec 14th, 2006
Location: Montgomery, Alabama USA
Status: 
Offline
The host server likely has an embedded malware that infects PHPBB(forum) BBSs.The site host needs to run a deep scan for this embedded malware. Site admins won't be able to do much until this sneaky line of code is found and eliminated.
I know it to be one of those types of host infections, as I cannot tap any of the four sub forums on my android phone. I have to hold and "open in new tab" to view. So the nasty lines of code are embedded somewhere in the redirection protocols. They work intermittently as to keep sites from reinstalling the PHP software and using a backup of the BBS database.

I ran and hosted forums from my house around 2003-2008. During which time I had to deal with "hacking"(actually called "cracking") on a weekly basis. PHP software is prone to this, as bots constantly seek data that can be infiltrated. In this case the PHPBB style software itself. The host usually handles these style bot scans with firewalls, but since site cracking is a big money endeavor, the malicious software advances faster than the benign software.

Last edited on Thu Sep 10th, 2020 04:03 am by Alex Rushing

Back To Top PMQuoteReply

 Posted: Thu Sep 10th, 2020 11:39 am
  PMQuoteReply
11th Post
Jamie Horner
Administrator
 

Joined: Tue Sep 10th, 2019
Location: Iowa USA
Status: 
Offline
Thank you Alex, that all makes complete sense as the malware only seems to be affecting the forum part of the site and not our main site and does not seem to be anything that I can just "find and remove" from the code.
I will post again once we think we can get this resolved.

Thanks for your patience everyone. I know this has been uncomfortable for some.

Back To Top PMQuoteReply  

 Posted: Thu Sep 10th, 2020 11:54 am
  PMQuoteReply
12th Post
Jamie Horner
Administrator
 

Joined: Tue Sep 10th, 2019
Location: Iowa USA
Status: 
Offline
If anyone wants to kind of see what might be going on with the forum, do a Google search of AFCAforum.com and you can find a couple postings about people bragging about hacking/cracking our forum.

afcaforum.com - HackNoticeapp.hacknotice.com
The HackNotice security research team discovered a data leak file associated with this domain. According to the hacker, this demesne was allegedly hacked.


This second one is the one I found about them bragging about hacking/cracking our forum:


afcaforum.com 7,8K E : P HASHED - Cracked.tocracked.to
afcaforum.com 7,8K E : P HASHED - posted in Other leaks: Hidden Content.

Back To Top PMQuoteReply

 Posted: Sat Sep 12th, 2020 03:36 am
  PMQuoteReply
13th Post
Steven P Dempsey
AFCA Member


Joined: Tue May 15th, 2012
Location: Clarksville, Virginia USA
Status: 
Offline
still getting porn/ pop up ads, etc - - just from this site

Back To Top PMQuoteReply  

 Posted: Sat Sep 12th, 2020 10:57 pm
  PMQuoteReply
14th Post
Steven P Dempsey
AFCA Member


Joined: Tue May 15th, 2012
Location: Clarksville, Virginia USA
Status: 
Offline
just got a porn advert

Back To Top PMQuoteReply

 Posted: Sun Sep 13th, 2020 02:16 am
  PMQuoteReply
15th Post
Don Tener
AFCA Member


Joined: Fri Dec 21st, 2012
Location: Saint Petersburg FL, Florida USA
Status: 
Online
I am getting popups but not porn. I am getting crazy advertisements

Back To Top PMQuoteReply  

 Posted: Tue Sep 15th, 2020 10:34 pm
  PMQuoteReply
16th Post
Thomas Peters
AFCA Member
 

Joined: Mon Nov 16th, 2009
Location:  
Status: 
Offline
Still happening!

Back To Top PMQuoteReply

 Posted: Wed Sep 16th, 2020 06:31 pm
  PMQuoteReply
17th Post
William Dunlap
AFCA Member


Joined: Fri Jan 31st, 2014
Location: Kula, Maui, Hawaii USA
Status: 
Offline
I just got a red screen "warning" Deceptive website! May be a scam, etc, etc.
I quickly closed the page.
Next time I logged on, it wasn't there.

Back To Top PMQuoteReply  

 Posted: Thu Sep 17th, 2020 06:29 am
  PMQuoteReply
18th Post
Alex Rushing
AFCA Member


Joined: Thu Dec 14th, 2006
Location: Montgomery, Alabama USA
Status: 
Offline
The issue has now expanded beyond section selection. Now a direct click on the site domain leads to a spam site 1/3 times on my end. The type of scam sites that you cannot "go back" from. I don't leave them open long enough to see what it goes to, but the original worm is infiltrating more code on the site.

Back To Top PMQuoteReply

 Posted: Thu Sep 17th, 2020 04:24 pm
  PMQuoteReply
19th Post
Dave McManaman
AFCA Member


Joined: Sat Apr 22nd, 2017
Location: Lincoln, Nebraska USA
Status: 
Offline
Thanks for the info Alex.  As someone not very well educated about computers, etc, but with basic virus protection software etc, what if anything should the members be doing beyond closing out the pop up links?  Is there a risk associated to members if they do not click on anything other than to close the screen?  Just want to make sure that there's no infiltration so to speak on to my computer by virtue of me visiting the AFCA website.  If i have to forego visiting until it's fixed, then i'll simply look to the facebook page.  Much appreciated anyone's suggestions in this regard.

Back To Top PMQuoteReply  

 Posted: Thu Sep 17th, 2020 05:25 pm
  PMQuoteReply
20th Post
Steven P Dempsey
AFCA Member


Joined: Tue May 15th, 2012
Location: Clarksville, Virginia USA
Status: 
Offline
I have pop up blocker, spam blocker, anti-virus & they are still getting through

Back To Top PMQuoteReply

 Posted: Thu Sep 17th, 2020 05:54 pm
  PMQuoteReply
21st Post
Alex Rushing
AFCA Member


Joined: Thu Dec 14th, 2006
Location: Montgomery, Alabama USA
Status: 
Offline
Dave McManaman wrote: Thanks for the info Alex.  As someone not very well educated about computers, etc, but with basic virus protection software etc, what if anything should the members be doing beyond closing out the pop up links?  Is there a risk associated to members if they do not click on anything other than to close the screen?  Just want to make sure that there's no infiltration so to speak on to my computer by virtue of me visiting the AFCA website.  If i have to forego visiting until it's fixed, then i'll simply look to the facebook page.  Much appreciated anyone's suggestions in this regard.A good anti virus is great! A pop-up blocker, possibly available from your AV provider is another good thing.Most of all, and this is the tough part; you may want to change your password if it is the same as anything else you use on the internet, such as email/facebook.

Once the worm penetrates the member directive, it may start attempting password cracking. We'll know if it happens, because you'll see members possibly posting pornography.

I'm quite saddened this is happening. Hopefully something can be done soon. But, from what the admin wrote, we are a target now for site cracking. :(

Back To Top PMQuoteReply  

 Posted: Thu Sep 17th, 2020 06:34 pm
  PMQuoteReply
22nd Post
William Dunlap
AFCA Member


Joined: Fri Jan 31st, 2014
Location: Kula, Maui, Hawaii USA
Status: 
Offline
My virus protection program just caught this threat on this site. If you can't read it, it says this site is infected with URL:Blacklist. Hope this helps.

Back To Top PMQuoteReply

 Posted: Thu Sep 17th, 2020 07:47 pm
  PMQuoteReply
23rd Post
Alex Rushing
AFCA Member


Joined: Thu Dec 14th, 2006
Location: Montgomery, Alabama USA
Status: 
Offline
Bingo William! Thanks!
Blacklist infection information

This will also start limiting the amount of time this site shows up on google/yahoo/bing. 

There is a distinct possibility the vulnerability started in the antiquated theme for the forum, or even the PHP BB type used to start with.

Back To Top PMQuoteReply  

 Posted: Thu Sep 17th, 2020 08:45 pm
  PMQuoteReply
24th Post
George Durbin
AFCA Member


Joined: Fri Nov 2nd, 2012
Location:  
Status: 
Offline
Got my 1st pop up! Said I was the 5 billionth poster! I reentered our site and it went away... i will screenshot it if it happens again...

Geo...

Back To Top PMQuoteReply

 Posted: Thu Sep 17th, 2020 09:45 pm
  PMQuoteReply
25th Post
Alex Rushing
AFCA Member


Joined: Thu Dec 14th, 2006
Location: Montgomery, Alabama USA
Status: 
Offline
George Durbin wrote: Got my 1st pop up! Said I was the 5 billionth poster! I reentered our site and it went away... i will screenshot it if it happens again...

Geo...
Win the fan AND five billionth poster? Need to play some blackjack. :imao

Back To Top PMQuoteReply  

 Posted: Thu Sep 17th, 2020 09:51 pm
  PMQuoteReply
26th Post
Dave McManaman
AFCA Member


Joined: Sat Apr 22nd, 2017
Location: Lincoln, Nebraska USA
Status: 
Offline
Jamie Horner wrote: Hello everyone,
It seems we have an intruder of sorts in a portion of our Website.

There have been reports of malicious (and sometimes embarrassing) pop-ups being loaded when clicking on links in our current forum area. We are looking onto what to do about it, but in the meantime you may want to clear your browser cache, restart your Web browser and enable a pop-up blocker until we can get this figured out.

Sorry for the inconvenience, but this was not something that happened because anything on the site was changed. Unfortunately, it seems to be something that is becoming more common as site hacking becomes more sophisticated.


Any update on where the site stands as far as trying to put an end to the pop-ups?  I can only speak for myself but I think an update would be very much appreciated.  Thanks for your work on this and, just as importantly, keeping us informed.

Back To Top PMQuoteReply

 Posted: Sun Sep 20th, 2020 03:48 pm
  PMQuoteReply
27th Post
Tom Newcity
AFCA Member


Joined: Sun Nov 27th, 2005
Location: Fort Smith
Status: 
Offline
Has anyone had any problems uploading images to NEW POSTS?  Been trying to do a new post for a recently acquired Emerson 5110 Trojan.  Didn't have this problem before I updated my security with McAfee.  

Last edited on Sun Sep 20th, 2020 03:49 pm by Tom Newcity

Back To Top PMQuoteReply  

 Posted: Mon Sep 21st, 2020 01:51 pm
  PMQuoteReply
28th Post
Thomas Peters
AFCA Member
 

Joined: Mon Nov 16th, 2009
Location:  
Status: 
Offline
It appears we are still a long way from being cured.
This morning, I got a redirect when I tried to enter the forums.

Back To Top PMQuoteReply

Current time is 03:45 am  
AFCA Forums > Antique Fan Collectors Association > Pre-1950 (Antique) > Current Website Issues Top



Beige Theme By: Di @ UltraBB
UltraBB 1.17 Copyright © 2007-2008 Data 1 Systems
Page processed in 0.3789 seconds (51% database + 49% PHP). 32 queries executed.