-
Hello!
Either you have not registered on this site yet, or you are registered but have not logged in. In either case, you will not be able to use the full functionality of this site until you have registered, and then logged in after your registration has been approved.
Registration is FREE, so please register so you can participate instead of remaining a lurker....
Please be certain that the location field is correctly filled out when you register. All registrations that appear to be bogus will be rejected. Which means that if your location field does NOT match the actual location of your registration IP address, then your registration will be rejected.
Sorry about the strictness of this requirement, but it is necessary to block spammers and scammers at the door as much as possible.
Rerouted to AFF...
- Thread starter Sindrik8x
- Start date
No, and it won't be eradicated till we are on the new server. I've got the new one ordered, so it's now a matter of getting it built then moving the sites over to it.
I actually got some flak from both my programmer and the security guy about the server that my server host suggested to me. They told me it is way more than my needs and I would be better off getting a much more inexpensive server. But heck, didn't make sense to me to get a new server and not get a better one than I was already using. I'm going to be getting about twice the performance for about the same amount of money. Well, I am hiring the security guy on a monthly management service he offers. So that will raise the price about 50 percent over what I have been paying with his services added in. But lesson learned with this security stuff. I don't EVER want something like this to happen again.
hikisquid
sews all the things
Thank you for this.
I'm very happy that you are working to get it taken care of, and I really appreciate it. Considering how much of a pain it is to be redirected, I can only imagine it's exponentially worse for you.
dave partington
Crazy Dave
I hope you get a butler, maid and chauffeur with your new server. And some cookies. Good ones, not the kind I make. From someone who love you long time. Her who wield a shovel well. Thanks.
RobbiesCornField
Bring it on.
AWESOME!!!!! There should be a funding party for the new server. If everyone chips in a couple bucks, cost to you should be minimal. I'd be willing to kick in a few come pay day.
Thanks, but no, that isn't necessary. You all who are Contributor members and the members who are paying for their own personal forums here are helping out enough. I never had even a thought about getting rich off of this sort of stuff. As long as the bills get paid and Connie and I have a bit of a supplemental income where we don't have to worry about having enough money when we need to go to the grocery store, I'm OK with the way things are going.
But, again, thanks for the kind thoughts....
RobbiesCornField
Bring it on.
Fine. Then I guess I'll just have to buy a personal forum in the coming weeks to show my support.
Slinky'sMommy
New member
Rerouted to a girl taking her shirt off again
cornsnakeforsale_com
Just Another Corn Breeder
Rich: Was out of town for the past several days, so I haven't checked in til now. Yup, got me again.
Kudos on looking into it to this level and upgrading the hardware. I don't want to be a downer, but you might need to upgrade vbulletin as well, this old version has many published vulnerabilities (not that the newer versions are necessarily more secure, they just have different holes).
Upgrading vbulletin can be quite the pain in the butt too, but if you plop your current install down on a new box the problem will still exist if it's within your install. It's extremely unlikely that it's a problem down as deep as linux or apache, most likely it's vbulletin that has been hacked.
If you look at the chain of events this is what I logged just now:
Referer: http://www.cornsnakes.com/forums/showthread.php?t=133252&page=10
GET /forums/clientscript/vbulletin_global.js?v=373 HTTP/1.1
Host: www.cornsnakes.com
HTTP/1.1 302 Found
Location: http://j9v9jks7rg96aymzoce03gw.alum...yaXB0L3ZidWxsZXRpbl9nbG9iYWwuanMlM2Z2PTM3Mw==
This says, I went to the Referer url and requested /forums/clientscript/vbulletin_global.js?v=373 as my normal course of business. Somewhere in that script it told my browser to redirect (302 Found) to the Location url (which then did a couple of redirects for itself to keep track of who gets paid for sending us to the adult websites).
The Location url has the ?g= parameter passed in which if you do a base 64 decode really reads:
js=1&smcntnkw=oxqcvci&time=1310140214447349341&src=145&surl=www.cornsnakes.com&sport=80&key=9E7694A0&suri=/forums/clientscript/vbulletin_global.js%3fv=373
This one is also suspect to me: http://www.cornsnakes.com/forums/clientscript/vbulletin_menu.js?v=373
They bothered recording the script that got you there (vbulletin_global.js (v373)), so I'm looking at that as a big red flag twice now. I would check if that has been changed recently or if you might be able to roll back to an older version perhaps). I don't know what you might have changed on that to get to version 373. In the vbulletin admin area it logs admin access, so you can check if someone has been in there mucking around (I've seen them weasel their way in and give themselves admin access). You know what day it started since you have an active site and the OP was right on it.
It could be that those scripts have been tampered with, or possibly that whatever they're designed to do naturally is happening and inserting some other malicious code or similar.
Good luck, I think you're hot on their trail.
Kudos on looking into it to this level and upgrading the hardware. I don't want to be a downer, but you might need to upgrade vbulletin as well, this old version has many published vulnerabilities (not that the newer versions are necessarily more secure, they just have different holes).
Upgrading vbulletin can be quite the pain in the butt too, but if you plop your current install down on a new box the problem will still exist if it's within your install. It's extremely unlikely that it's a problem down as deep as linux or apache, most likely it's vbulletin that has been hacked.
If you look at the chain of events this is what I logged just now:
Referer: http://www.cornsnakes.com/forums/showthread.php?t=133252&page=10
GET /forums/clientscript/vbulletin_global.js?v=373 HTTP/1.1
Host: www.cornsnakes.com
HTTP/1.1 302 Found
Location: http://j9v9jks7rg96aymzoce03gw.alum...yaXB0L3ZidWxsZXRpbl9nbG9iYWwuanMlM2Z2PTM3Mw==
This says, I went to the Referer url and requested /forums/clientscript/vbulletin_global.js?v=373 as my normal course of business. Somewhere in that script it told my browser to redirect (302 Found) to the Location url (which then did a couple of redirects for itself to keep track of who gets paid for sending us to the adult websites).
The Location url has the ?g= parameter passed in which if you do a base 64 decode really reads:
js=1&smcntnkw=oxqcvci&time=1310140214447349341&src=145&surl=www.cornsnakes.com&sport=80&key=9E7694A0&suri=/forums/clientscript/vbulletin_global.js%3fv=373
This one is also suspect to me: http://www.cornsnakes.com/forums/clientscript/vbulletin_menu.js?v=373
They bothered recording the script that got you there (vbulletin_global.js (v373)), so I'm looking at that as a big red flag twice now. I would check if that has been changed recently or if you might be able to roll back to an older version perhaps). I don't know what you might have changed on that to get to version 373. In the vbulletin admin area it logs admin access, so you can check if someone has been in there mucking around (I've seen them weasel their way in and give themselves admin access). You know what day it started since you have an active site and the OP was right on it.
It could be that those scripts have been tampered with, or possibly that whatever they're designed to do naturally is happening and inserting some other malicious code or similar.
Good luck, I think you're hot on their trail.
Sorry, but both my programmer and the security guy determined that the server was hacked, at least through Cpanel and many executables have been corrupted. It's actually a miracle that my sites are even running right now.
As for upgrading vBulletin, my programmer is against this. Simply because vBulletin was bought out by Internet Brands and nearly all of the programming staff there quit. Apparently the replacement programming staff is, well, let's just say weak. The bailing programmers apparently started up their own company, and are developing a message board system, and, of course, there are law suits involved between those parties. So right now, there really isn't any good option available as an upgrade, and between my programmer and the security guy I will be keeping on retainer, I am hopeful that this sort of problem won't crop up again.
Also part of the issue was that according to the security guy, the hosting company for my server did not do nearly the stuff that is basic and standard in securing a server. So that pretty much left holes in the OS that hackers were able to take advantage of. My programmer has been pretty diligent about patching this version of vBulletin when security holes are made known, and when he researched this problem, he looked VERY hard at the vBulletin code to make sure the intrusions weren't coming in that way.
So all in all, I think I'm on the best path I can take, all things considered.
But thanks for the advice and input.
As for upgrading vBulletin, my programmer is against this. Simply because vBulletin was bought out by Internet Brands and nearly all of the programming staff there quit. Apparently the replacement programming staff is, well, let's just say weak. The bailing programmers apparently started up their own company, and are developing a message board system, and, of course, there are law suits involved between those parties. So right now, there really isn't any good option available as an upgrade, and between my programmer and the security guy I will be keeping on retainer, I am hopeful that this sort of problem won't crop up again.
Also part of the issue was that according to the security guy, the hosting company for my server did not do nearly the stuff that is basic and standard in securing a server. So that pretty much left holes in the OS that hackers were able to take advantage of. My programmer has been pretty diligent about patching this version of vBulletin when security holes are made known, and when he researched this problem, he looked VERY hard at the vBulletin code to make sure the intrusions weren't coming in that way.
So all in all, I think I'm on the best path I can take, all things considered.
But thanks for the advice and input.
cornsnakeforsale_com
Just Another Corn Breeder
Well, we all hope to see it fixed soon, good luck.
Dammit....... Just got word from the server hosting guy that the server he sold me isn't actually available. Just great of him to take all this time to figure that out.................
He's offering me one with dual 5639 processors instead of the original 2620s and bumping RAM up to 24gb. Shouldn't be that much difference, but it delays getting the server built while all this is going on.
Double dammit..... Where's that Excedrin bottle?
He's offering me one with dual 5639 processors instead of the original 2620s and bumping RAM up to 24gb. Shouldn't be that much difference, but it delays getting the server built while all this is going on.
Double dammit..... Where's that Excedrin bottle?
Guruofchem
New member
As the prophet once said:
"Like kidneystones, server problems too shall pass....ARRGGGHHHHHHHHH!"
"Like kidneystones, server problems too shall pass....ARRGGGHHHHHHHHH!"
Christen
New member
As the prophet once said:
"Like kidneystones, server problems too shall pass....ARRGGGHHHHHHHHH!"
:roflmao: That is great. Cause like kidney stones it is a giant pain in the bleep.
