Jump to content

Have we been hacked?


Recommended Posts

I get the following message each time I click a link here:

Reported Attack Page!

This web page at toyotamotorhome.org has been reported as an attack page and has been blocked based on your security preferences.

Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

Link to comment
Share on other sites

I don't know, google sent me an email this morning at 5:21 am, I will be investigating.

Dear site owner or webmaster of toyotamotorhome.org,We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below are some example URLs on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

http://toyotamotorhome .org/forums/

http://toyotamotorhome .org/forums/index.php?showtopic=169

http://toyotamotorhome .org/forums/index.php?showtopic=463

Here is a link to a sample warning page:

http://www.google.co...ome.org/forums/

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised

2) the site doesn't monitor for malicious user-contributed content

3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:

http://www.stopbadwa...g/home/security

Once you've secured your site, you can request that the warning be removed by visiting

http://www.google.co...py?answer=45432

and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,

Google Search Quality Team

Note: if you have an account in Google's Webmaster Tools, you can verify the authenticity of this message by logging into https://www.google.c...ls/siteoverview and going to the Message Center, where a warning will appear shortly.

Link to comment
Share on other sites

I'm shocked. Got no warning or have seen anything malicious. Hope you find the source Greg.

Linda S

You shouldn't be shocked, this has happened before this past January.

You would not know if you clicked on a malicious link, they are being so cleverly disguised these days. One click and you've just uploaded and installed malware on your computer.

You'd be lucky if it was just a bot. Not so lucky if you get a key stroke logger buried in your boot up sequence. You would have to re-install your OS to clean it up. Virus detection software is useless against a Russian key stroke logger.

Some malicious hackers have a back door into this version of IPBoard software. (they may even be at the GoDaddy level) It seems they can come and go at will.

Time for an upgrade, Mr Administrator.

Link to comment
Share on other sites

Time for an upgrade, Mr Administrator.

Yes I agree

In the next couple of days I hope to come up to the latest version. IPS said the hacker got in through the admin control panel but they don't know how. Code had been added to a template.

Link to comment
Share on other sites

Yes I agree

In the next couple of days I hope to come up to the latest version. IPS said the hacker got in through the admin control panel but they don't know how. Code had been added to a template.

are you in big lagoon right now or is that a trip you went on?

Link to comment
Share on other sites

ya its like 40 miles from me. It is very awesome. You would be amazed at how deserted humboldt lagoons park is right now I just drove through it on the freeway. Not even 1 rv or car on a beautiful sunny day at dry lagoon on the ocean.

Link to comment
Share on other sites

Greetings,

This is my first post here, sadly not motorhome related. We recently purchased a toyota motorhome (1987 Escaper), I have been doing a lot of google searches. The searches often show a result from these forums BUT nearly always get redirected to a URL that is not this site (the redirect URL ends in .info; I am not going to post the redirect URL for safety). I have since stopped clicking any google returned search result and manually copy + paste the genuine URL as listed into the browser to get to the relevant page. I also simply bookmarked this site and access it directly rather than google it.

There is definitely a problem here and it is fairly sophisticated - seemingly embedded into google search results but showing a clean toyotamotorhome.org link location in the status bar. Regular users of the forum/site would notice nothing, since they aren't clicking in via search strings. I browse the web from linux for safety, and each time I encountered the attack site, I was able to disable javascript and close the browser with no worries of an infection.

Unfortunately, I can offer no suggestions on how to fix this but wish you luck. This is an extremely informative community!

--Sam

Link to comment
Share on other sites

Samatman

Greetings,

This is my first post here, sadly not motorhome related.

I'm not seeing that , but I think I have my machine locked down ok and have Java and Javascript turned off.

vanman

Link to comment
Share on other sites

Samatman - I did a couple searches and didn't see anything unusual, can you give me a search term to use that shows the bad results. This might be helpful is determining how that item got into the forums.

John Mc

88 Dolphin 4 Auto

Link to comment
Share on other sites

I have had what he is talking about happen to me too. Not from this site but when you do a google search for toyota motorhome stuff google comes up with some that look like links to this site. When you click on it you get a virus site trying to download to your computer. My security has always stopped it but I never thought the attackers came from this site. I thought google was giving me some bad stuff. I'm thinking that must have been the problem.

Linda S

Samatman - I did a couple searches and didn't see anything unusual, can you give me a search term to use that shows the bad results. This might be helpful is determining how that item got into the forums.

John Mc

88 Dolphin 4 Auto

Link to comment
Share on other sites

Sorry for the delayed response. We have 8 days to go before we leave on a 10k mile trip from philly to LA (and back) and we are still working to get all the basic systems operational. Water pump is sucking air - looking for leaks between pump and tank. Hot water is not getting water - found bypass valves! Replaced leaking toilet and sink faucet. This has just been a wild ride. I'm going to post pics of the new generator rack we had welded on where the rear (rotted) bumper used to be. We're very new at this and it is daunting at times.

I'll try to post one of the suspect searches ASAP (if they are still happening). But not tomorrow: Happy Memorial Day to all!

Link to comment
Share on other sites

Google has given us a good health report. Invision Power Services went into the system and found that some code had been added to a template and removed it. We then asked google for a review and they gave us a green light. We also now upgraded to the latest version of the software. If anyone is still having redirect problems please post back here with your results.

Greg

Link to comment
Share on other sites

I do belive the viruses were only downloaded from bad google links. Not directly from this site. I have run all my security programs and no virus. I also read almost all posts here and open most links.

Linda S

No problem to report here. However, does anyone happen to know what, if anything, we're looking for if something nasty has landed in our computer as the result of the 'hack'?

Link to comment
Share on other sites

Looks good, I see FB "Like" etc. Now just need to get my grandson to show me how to work all the bells and whistles. :-)

Link to comment
Share on other sites

HI all just back today from a fabulas first boondock camp five days in our new 87 dolphion now i se e people have worked very hard hear to keep us safe thank you very much. I cant vote says used all votes today I HAVE NEVER VOTED TODAY AT ALL

Link to comment
Share on other sites

I did some of the same searches that were previously returning misdirected URLs and all now worked as they should - taking me right to the forums here. Thanks for cleaning out the malicious code!

Link to comment
Share on other sites

  • 4 weeks later...

In the past on other sites I've encountered both the search engine redirection virus as well as the fake virus checker virus.

I believe they come in on the advertisement blocks.

The quickest fix is if you notice the web checker virus starting is to unplug the computer immediately to stop the installation.

If it gets in the free malwarebytes program can get the Virus checker virus out. It has not worked for me on the Search tool virus.

What has worked well on both viruses is to simply start windows in protected mode. Ask windows to revert back to an earlier version, like a few days before the virus showed up.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...