Off Road Forums On Planet4x4 banner

1 - 7 of 7 Posts

·
Going Postal
Joined
·
4,026 Posts
Discussion Starter · #1 ·
As most of you painfully might remember, this site was attacked by a few different versions of hackers and spammers over the last month. It seems to be finnally gone now with some changes to the code but for how long? :roll:

Anyway, here is what happended:

Phase One was automatic registering of bogus users that would fill out the WWW area of the profile to porn sites or whatever. This is done as the search engines will raise your level with more links pointing to your site. The accounts were never activated and it was annoying. I thought about adding a visual confirmation to registration but there are now ways around it. What I ended up doing was to change the registration page to not include the WWW area. The automatic registration is a direct query to the server done by a web bot. The site now checks the registration for www data, and if its there, the IP is banned automatically. A human cannot do this as they use the registration page to register. This worked great and I still get about 10 to 15 a day according to the server logs.

Phase Two was spamming the "Top 10 Refferres" box on the main page. This box listed the top 10 websites that people clicked through to get to here. This was discovered by the spammers who then set up bots to link here spoofing more porn web sites. Then search engine bots would see the link and record it. This was a little rediculous as I was getting about 700 hundered hits a day from them. They were also going through proxie so I could not just ban the IP. I ended up just dropping that whole thing. The server logs showed that it went on for about 4 more days and then suddenly cut off. Looks like somebody noticed.

Phase Three was a combination of attacking the Host and this website directly. This was the most creative and the most destructive. The host finnally got ride of the server infection but this and hundereds of other web sites were also taken down. They all use the same forum software also. I finnaly found the virus code that had been injected and I removed it. The security hole was discovered and also patched at the same time. Its been a few weeks and its been quite here. It has not been quite on other sites but they have not fixed their code yet.

So who did it?

Well the name of the virus that everybody got is called "Exploit-MhtRedir.gen"

It was promoted by a company called "http://selltraffic.biz. ". If you go there, they claim that they can raise your website traffic. This is no doubt how they do it. They are located in Ireland.

The actual Coding directs to an IP address in Ampsterdam that is owned by a company called netcasthost.com which inturn is owned by a company in Australia.

SellTraffic.biz is registered to:



Henrich Taeger is probably the culprit. He lives in Glenview, Ireland.

This might not be over. As you can see there are people that do nothing but look for ways to screw up websites with spam. Its an industry.

You might have noticed me logged on for hours at a time but nothing going on. I'm actually hacking the site myself and changing the code to make things run smoother. This place also gets probed and scanned by script kiddies all the time. Its unbelievable. I keep an eye on what they try so I can make sure that I am protected. It will never be really secure untill I can build my own box and serve it myself. But untill traffic gets higher, its not worth it. Yet. I'll just keep doing my best to keep the place running. :beer:



Planet | 4X4 | Forum
 

·
Registered
Joined
·
530 Posts
preciate the frustration,long hours,countless cold beers and effort you put in to keep this place up an running!!!!! :beer: :beer: :beer: :beer:
 

·
Going Postal
Joined
·
4,026 Posts
Discussion Starter · #5 ·
There isnt much I can do about it really.

Im going to call their listed phone number
Code:
HA!  :rotfl: 

I bet its already been done.  :thumb:


Planet | 4X4 | Forum
 

·
Registered
Joined
·
97 Posts
Ummm....this virus, "Exploit-MhtRedir.gen"....how does it enter the individual users computer?? How impacting was/is the virus?? Cures??

This is the very first thread I read on the site, and I'm already scared/apprehensive. Am I in trouble now?????? :banghead:
 

·
Going Postal
Joined
·
4,026 Posts
Discussion Starter · #7 ·
Its fixed on this site for now.

I'm still getting hit now and then though. :roll:

Just run spybot and adaware. Do a search for them as they are freeware.



Planet | 4X4 | Forum
 
1 - 7 of 7 Posts
Top