|
| |||||||
| Fred's House of Pancakes This is a discussion on PriusOnline Hacked!! within the Fred's House of Pancakes forums, part of the PriusChat Forums category; PriusOnline's home page has been hacked, it redirects now to some .tk site. Looks like it's also trying to download ... |
| |
 |
| | LinkBack | Thread Tools |
03-05-2005, 06:20 PM
| #1 |
| Senior Member Join Date: Jul 2004 Location: Houston Texas
Posts: 108
My Car: Package: Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 |  PriusOnline Hacked!! PriusOnline's home page has been hacked, it redirects now to some .tk site. Looks like it's also trying to download a worm, my firewall caught it. I also got this interesting email from "admin@priusonline.com" The following is an email sent to you by an administrator of "PriusOnline.com". If this message is spam, contains abusive or other comments you find offensive please contact the webmaster of the board at the following address: admin@priusonline.com Include this full email (particularly the headers). Message sent to you follows: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Visite our new website!!! www.e-corporation.tk |
|       |
| Sponsored Links |
| |
|
03-05-2005, 06:33 PM
| #4 |
| Senior Member Join Date: Jul 2004 Location: Houston Texas
Posts: 108
My Car: Package: Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 | Re: PriusOnline Hacked!! I did some more digging.... The hack redirects you to a forwarder: http://usuarios.lycos.es/mulesoftxxx/1.html It looks like it got into the SQL - there's been a virus out that attacks boards running MySQL - looks like it got PriusOnline. On my board, I've had to apply two vBulletin patches to protect it. Sure hope it hasn't trashed all the data in his DB. |
|
| |
|
03-05-2005, 06:41 PM
| #6 |
| Senior Member Join Date: May 2004 Location: Silicon Valley
Posts: 155
My Car: 2004 Prius Package: N/A Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 | Here are the email headers in case that's of any use. Presumably they got access to the list of email addresses of users. You should probably delete any email with the subject "We Have New Website!!!!!!" or anything from admin@priusonline.com Received: from dynamocomputers.com ([69.64.32.45]) by sccrmxc13.comcast.net (sccrmxc13) with SMTP id <20050305225756s13008a4qpe>; Sat, 5 Mar 2005 22:57:56 +0000 X-Originating-IP: [69.64.32.45] Received: (qmail 28191 invoked from network); 5 Mar 2005 22:53:36 -0000 Received: from gmga.net (HELO mail.priusonline.com) (69.64.32.45) by endwellumc.us with SMTP; 5 Mar 2005 22:53:31 -0000 Subject: We Have New Website!!!!! To: admin@priusonline.com Reply-to: admin@priusonline.com From: admin@priusonline.com Return-Path: admin@priusonline.com Message-ID: <6d5ad13cb450ffc88fa2e676eda1cdb7@www.priusonline. com> MIME-Version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 8bit Date: Sat, 5 Mar 2005 17:53:11 -0500 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: PHP X-MimeOLE: Produced By phpBB2 X-AntiAbuse: Board servername - www.priusonline.com X-AntiAbuse: User_id - 2 X-AntiAbuse: Username - jeff X-AntiAbuse: User IP - 62.57.182.184 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on dynamocomputers.com X-Spam-Level: * X-Spam-Status: No, hits=1.1 required=5.0 tests=AWL,MISSING_OUTLOOK_NAME, NO_REAL_NAME,PLING_PLING autolearn=no version=2.63
__________________ Mike Brosnan Silver 2004 #9 +EV +AutoNavLockDefeat +AutoPhoneLockDefeat -Beeps +UnlockAllDoors |
|
| |
|
03-05-2005, 06:46 PM
| #7 |
| Progressive Member  Join Date: May 2004 Location: Southern California
Posts: 4,335
My Car: 2005 Prius Package: #6 Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 | Re: PriusOnline Hacked!! With two firewalls, one in the router and ZoneAlarm, and real time virus protection, I allowed the redirected site to load. It is a sexually explicit porn site. Just to be on the safe side, I am updating my virus definitions and running a scan. |
|
| |
|
03-05-2005, 07:14 PM
| #8 |
| Senior Member Join Date: May 2004 Location: Silicon Valley
Posts: 155
My Car: 2004 Prius Package: N/A Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 | If you've visited the redirected site you might want to delete the cookie it leaves behind and the .js, .gif, .jpg files from http://naonak.defacers.com.mx it leaves behind in your Temporary Internet Files directory. The cookie just contains: phpbb2mysql_data a%3A0%3A%7B%7D www.priusonline.com/ 1024 3844875008 29769902 1826853808 29696477 * |
|
| |
|
03-05-2005, 07:25 PM
| #9 |
| Progressive Member Join Date: May 2004 Location: Southern California
Posts: 4,335
My Car: 2005 Prius Package: #6 Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 | Re: PriusOnline Hacked!! I have my Internet Options set to delete the temp files when I close the browser. I looked for such a cookie, but found none. Thanks |
|
| |
|
03-05-2005, 10:02 PM
| #10 |
| Join Date: Jul 2004 Location: Midwest
Posts: 15
My Car: Package: Nominated 0 Times in 0 Posts TOTM Awards: 0 Friends: 0 | Re: PriusOnline Hacked!! Or you can just get a Mac and download your e-mail and visit your web sites with impunity.... I got the offending e-mail too and got redirected to the spanish porn site... bummer for PriusOnline.... I guess I'll be getting more spam soon. |
|
| |
|
| Bookmarks |
| Thread Tools | |
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| PriusOnline down? | efusco | Fred's House of Pancakes | 1 | 08-10-2007 10:12 AM |
| PriusOnline | Charles Suitt | Prius Main Forum | 1 | 11-22-2006 01:48 PM |
| PriusOnline on the rocks | richard schumacher | Prius Main Forum | 14 | 02-03-2006 09:03 AM |
| Did anyone see this on PriusOnline? | hdrygas | WA - Washington State | 1 | 01-14-2006 04:47 PM |
| PriusOnline up | DanMan32 | Prius Main Forum | 7 | 12-31-2004 01:40 PM |
