[X] My Assistant

[Tyranisaur]

While I was using my phone to read this thread I clicked the Bugs and Errors link at the bottom of the page to move back out of the thread, instead of going there, I was redirected to this adultfinder page. I think this is weird if the redirects are related to ads, because there are no ads on the forums.

[bloodbeard]

I posted the problem on a Web Dev subreddit and received a reply with information that could be relevant. Here is a link to the reddit thread:

http://www.reddit.com/r/HTML/comments/2aud..._randomly_what/

User Just_Another_Thought replied and said the server could be compromised. He also linked to an article about Linux/Cdorked malware that sounds very close to the problem we're experiencing. You can read more about it here:

http://www.welivesecurity.com/2013/05/07/l...-also-affected/


Hopefully this helps.

[Bobby Singer]

I posted the problem on a Web Dev subreddit and received a reply with information that could be relevant. Here is a link to the reddit thread:

http://www.reddit.com/r/HTML/comments/2aud..._randomly_what/

User Just_Another_Thought replied and said the server could be compromised. He also linked to an article about Linux/Cdorked malware that sounds very close to the problem we're experiencing. You can read more about it here:

http://www.welivesecurity.com/2013/05/07/l...-also-affected/


Hopefully this helps.

It did not know this was such a big thing. I tought somebody just broke into the servers. But these attacks started in december 2012. I hope these attacks could be stopped. I've been redirected 4 times so far...

My little brother had the same problem with this site calles wattpad. The attacks somehow stopped on wattpad.

EDIT: I'm also experiencing many 504 server time-out error, does that have to do anything with this?

This post has been edited by Ruurd: Jul 16 2014, 06:37 AM

[Margo]

Not sure if we are supposed to keep reporting these things, but after the first occurrance, I was (almost, managed to click the back button in time :P) redirected again when on my phone, trying to get from the mobile site to the main site, and just now, when clicking the explore page. Via another redirecting site, I was sent to marthajanice.us (which is appropriately named 'Warning! Explicit material'), and from there, I was automatically redirected to justhookup.com (where I even got a pop-up to confirm that yes, I did really want to leave that site)

[SilverLugia456]

I just wanted to post saying that a few minutes ago I was clicking on the exploration tab on GPXplus to check something and I was redirected to a adultcontent site, this is the second time in the past day or so I have been redirected to a outside site. (the first time it was clicking a gpxplus link and I was redirected to facebook game)

I have ran scans and everything seems to be normal, I use Chrome, and my extensions are only a few one being webroot security and the other the gpxplus extension.

If it happens again I'll try to get a screenshot to send to the admins, I didn't this most recent time because when a redirect happens like it did I want to leave the site as soon as possible.

[Zerxer]

Hi all,

We're definitely aware now that there is an issue, one which I am able to reproduce on my own.

Thanks for everyone trying to help, but at this point, we don't really need to keep posting the links or screenshots. The redditor that bloodbeard quoted is correct that our server is likely a victim of Cdorked, and we are working on steps to resolve the issue as soon as possible. This is one clever backdoor.

I will let you know of any updates when they're available.

[StukAktuZ]

It happened to my BFF Vithrawiel and to myself as well, redirecting to the traffspot website, then to adult ones.
First time yesterday, and then some minutes ago.
I managed to keep the url of two of them, one being the adultfrienfinder some people claim to have stumbled upon, and another one with a more complex url, seemingly originating from Cyprus (atasehirescortbayani), dripping in malware.
Be very careful. I can provide the complete urls to the admins.

[EDIT] I don't know if it is related, but I can't get on gpxplus at the minute I'm posting this message. I only get a "Fatal error: Class 'Memcached' not found in /home/gtsplus/public_html/gpxplus/includes/memcached.php on line 12".

This post has been edited by StukAktuZ: Jul 16 2014, 09:34 AM

[TemptingTomorrow]

OH, thank you so much. My parents are giving me crap thinking I actually GO to this website. ;-; Some people shouldn't be seeing that yet. Thank you for making this thread... ;-;

[Vulpix D]

I dont know if it helps, but im having these same Problems on Safari too.

I was worried my computer caught a Virus.

Any one know if these Adult sites are Giving Computer Viruses?

[Zerxer]

Vulpix D, that is unclear, however Safari and Chrome are generally safe browsers, and if you're on a Mac, you have even less to worry about.

@ Everyone: We've taken some steps now, please let us know if you are redirected again after this post. Thanks.

[Rapps]

I'm still getting redirected to adult friend finder it just happened about five minutes ago.

[Zerxer]

I've also been able to reproduce it again now too, back to the drawing board!

[Burichu]

I've been getting a redirect to http://yi9qa3nlq1gj0i6vt9bs69i514753df9516...o.uk/index2.php

Not sure what it is, since it never actually loads, but randomly when I try to refresh my party it redirects to this site.
I use Firefox.

[Zerxer]

We've come up with a clever bandaid solution that should prevent these redirects from happening. While this doesn't remove the infection from our server, it should protect our users from being taken away from the website.

Again, please let us know if you happen to get redirected again after this post.


Note that when the redirect would have happened, certain site features may not work for you, as one or more JavaScript files wouldn't have loaded properly. If you experience any weirdness, just refresh the page, and it should be OK.

[Yamper]

We've come up with a clever bandaid solution that should prevent these redirects from happening. While this doesn't remove the infection from our server, it should protect our users from being taken away from the website.

Again, please let us know if you happen to get redirected again after this post.


Note that when the redirect would have happened, certain site features may not work for you, as one or more JavaScript files wouldn't have loaded properly. If you experience any weirdness, just refresh the page, and it should be OK.

I've tried refreshing quite a few times, even closed and re-opened chrome and I still can't send anything to the VS Seeker. Normally wouldn't be an issue but the next step of my exploration requires its usage.

I assume it'll take a little longer than ~10 minutes for it to be back to normal?

e: I've tried force refreshing too

This post has been edited by Samoo: Jul 16 2014, 12:29 PM

[Zerxer]

Samoo, try now. Had to tweak my bandaid a bit.

[Yamper]

Samoo, try now. Had to tweak my bandaid a bit.

Yup, all sorted now. Thank you :)

[AdmiralPerry]

My concern is is that the site is no longer safe to visit. While I know nothing about coding, a 'bandaid' will only go so far in helping to heal a wound. Honestly, I'd rather know if the infection was completely removed, rather than just 'patched' over.

[Zerxer]

My concern is is that the site is no longer safe to visit. While I know nothing about coding, a 'bandaid' will only go so far in helping to heal a wound. Honestly, I'd rather know if the infection was completely removed, rather than just 'patched' over.

We're still drafting out a plan to fully remove the infection, likely a system rebuild. However, the only thing this infection does is inject a javascript file that redirects the user through an ad website. The patch we came up with will prevent this redirect from happening, because it prevents the external javascript file from even being loaded.

So while our system itself is still infected, our end-users are safe. We will let everyone know when we begin work on rebuilding and/or migrating the system, to fully rid ourselves of this backdoor.

[Amberfunk]

I've been getting redirected to justhookup and some other sites for the past few days on mobile. Haven't had a problem with the regular site on my laptop.