Forums hacked?

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
I have been redirected to a malware site when attempting to log in on RRF.
For a while I thought my laptop was infected, However it appears that is probably not the case.
Anybody else been have trouble?

Lots of advice available online, on the vbulletin website for example
...fs72 malware supposedly only executes when someone comes from a search engine ... it may have infected your datastore cache. ....Check all of your plugins and hooks and I recommend overwriting all vbulletin files with fresh files downloaded from vbulletin.com.
Thanks.
 
Last edited by a moderator:

Ian_Cook


Referees in New Zealand
Staff member
Joined
Jul 12, 2005
Messages
13,680
Post Likes
1,760
Current Referee grade:
Level 2
No trouble here.

I have checked the both the site Login and Homepage for incursions and have found nothing

Sounds to me like malware has hijacked your browser. Try accessing from a different computer and/or using a different browser.

UPDATE

There is a problem when you try to log in from a link provided by Google. If you open a Google page, type in "rugbyrefs.com" and click search, the first result has a warning that "The site has been hacked"

I'll try to contact Robbie as I think he is the only Admin who can fix this


UPDATE 2

When you try to log in you get redirected to a malware page "fs72". This only happens of you are LOGGED OUT when clicking on the Google search result. If you are permanently LOGGED IN, you don't get redirected and you go straight to the forum without any problem.

IMPORTANT

Anyone who has ended up being redirected to the fs72 website should take the following steps ASAP.

1. Update your Adobe Flash Player to the latest version.

2. Delete your internet cache and your browser history.
 
Last edited by a moderator:

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
Cheers Ian,
I only realized when I started using my mini iPad to login. It seems the redirect is only when I use google to find the website. On my PC I didn't notice it.
I will do as you suggest for flash player and browser history.

[strikethrough]What's internet cache and how do I delete it?[/strikethough].
Strike that, i found how to clear the cache under settings.
 
Last edited:

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
found how to do strike out What's internet cache and how do I delete it?
Presumably the would be hacker could see forum activity?
Definition of a hacker: Billy no mates who can write a bit of code, sad individuals who give little thought to the inconvenience they cause others. Remember this hacker matey one day soon the anonymity will be gone, and we will be able to knock on your front door for a face to face. You may yet live to regret your foolishness, thinking you could hide behind IP addresses.
 
Last edited:

crossref


Referees in England
Joined
Sep 14, 2009
Messages
21,805
Post Likes
3,145
if anyone has encountered this sounds like they have revealed their rugbyrefs.com username and password.

no big deal -- unless you use the same username and password on other sites...
 

Ian_Cook


Referees in New Zealand
Staff member
Joined
Jul 12, 2005
Messages
13,680
Post Likes
1,760
Current Referee grade:
Level 2
Robbie has fixed the problem with vBulletin and has applied to Google for a change in status

if anyone has encountered this sounds like they have revealed their rugbyrefs.com username and password.

no big deal -- unless you use the same username and password on other sites...

No. There have been no passwords compromised. The redirect happens before the login attempt. This redirect malware (DDS Redirect) is designed to drive business to the perpetrator's file hosting service.

Usernames can't be compromised since on this site, your login name is also your public username, anyone can see your username

If you are worried about you password security, just change it

Settings > My Account > Edit Email & Password
 

Ian_Cook


Referees in New Zealand
Staff member
Joined
Jul 12, 2005
Messages
13,680
Post Likes
1,760
Current Referee grade:
Level 2
Last edited by a moderator:

OB..


Referees in England
Staff member
Joined
Oct 7, 2004
Messages
22,981
Post Likes
1,838
Thanks for all that,Ian.
 

didds

Resident Club Coach
Joined
Jan 27, 2004
Messages
12,032
Post Likes
1,775
whois lookup

doesn't show any identification details.

its registered via a company in arizona, but TBH that means nothing.

Its Ip is 66.199.231.59, which appears to be located in Bleford, New Jersey. That may not be definitive either, but merely a front end/reverse proxy arrangement intended to obfuscate.

didds
 
Last edited by a moderator:

leaguerefaus


Referees in Australia
Joined
Jul 27, 2013
Messages
1,009
Post Likes
248
Current Referee grade:
Level 2
If Russia all of a sudden start taking Rugby seriously, I have a good idea who might be behind this...
 

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
So was the forum going down today related to this hack in any way?
 

Balones

Referee Advisor / Assessor
Joined
Oct 24, 2006
Messages
1,410
Post Likes
461
Some of my links are now going to FS72. Particularly historic links to other threads.
 
Last edited by a moderator:

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
vbulletin problem has been around for a while now. Admin are aware.
 
Last edited by a moderator:

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
:sad: Sorry to be the bearer of bad news, only FS72 redirect is redirecting again.
 
Last edited by a moderator:

L'irlandais

, Promises to Referee in France
Joined
May 11, 2010
Messages
4,724
Post Likes
325
Robbie has fixed the problem with vBulletin and has applied to Google for a change in status...
Ian,
Can somebody inform Robbie's mate, that the quick fix worked for a short time only, but now we are in need of a lasting solution. Which presumably, takes a bit longer to implement.
 

Ian_Cook


Referees in New Zealand
Staff member
Joined
Jul 12, 2005
Messages
13,680
Post Likes
1,760
Current Referee grade:
Level 2
Tell me what happens with the following

1. When you physically type "www.rugbyrefs.com" into the address bar of your browser and hit ENTER.

2. When you click on this link - http://www.rugbyrefs.com

3. When you click on this link - https://www.google.co.nz/url?sa=t&r...pFHdspWWT1MgLUFEQ&sig2=QnkFLxvcWRAHIK8p_5CgbA

4. When you type "rugbyrefs" into a Google search and click on he top result (see attached file)

Hacked.png


If any of the above takes you to the "FS72" redirect page, clear your cookies and your cache from your browser history, restart tour browser and try again.

Tell me what the circumstances are that lead you to the redirect page.
 
Last edited by a moderator:
Top