Remove Advertisements

I don't want to screw a russian chick today

Invisusira's playground

Moderators: Aergis, Invisusira

I don't want to screw a russian chick today

Postby Snake-Aes » Thu Sep 23, 2010 1:52 pm

Care to explain why failsafedesign.com was redirecting to http://russiangirs2.tkforum/index.php ?
Image
I am not allowed to seduce the abyssal's lunar mate.
User avatar
Snake-Aes
Maintankadonor
 
Posts: 15538
Joined: Thu Nov 01, 2007 3:15 am
Location: Thorns

Re: I don't want to screw a russian chick today

Postby Minnerva » Thu Sep 23, 2010 1:54 pm

Snake-Aes wrote:Care to explain why failsafedesign.com was redirecting to http://russiangirs2.tkforum/index.php ?


not sure i started getting that same page, it started about the same time facebook went down.
Minnerva
 
Posts: 1738
Joined: Sun Jun 22, 2008 5:22 pm

Re: I don't want to screw a russian chick today

Postby Mcduffie » Thu Sep 23, 2010 1:55 pm

Yeah, seemed weird that the AF was blocking me all of a sudden.

Then I saw the URL, and was like "wut? MT got hacked?"
User avatar
Mcduffie
 
Posts: 454
Joined: Thu Jan 07, 2010 12:42 am

Re: I don't want to screw a russian chick today

Postby Chicken » Thu Sep 23, 2010 1:58 pm

I was wondering the same thing for a bit there.
Image
User avatar
Chicken
 
Posts: 1597
Joined: Fri Jun 26, 2009 2:19 pm

Re: I don't want to screw a russian chick today

Postby Sabindeus » Thu Sep 23, 2010 2:02 pm

Mcduffie wrote:Yeah, seemed weird that the AF was blocking me all of a sudden.

Then I saw the URL, and was like "wut? MT got hacked?"


Yeah. I have no idea HOW, I've been scouring logs for a while now to no avail and I really need to get back to work. :/
Image
Turn In, an NPC interaction automator - http://wow.curse.com/downloads/wow-addo ... rn-in.aspx
User avatar
Sabindeus
Moderator
 
Posts: 10472
Joined: Mon May 14, 2007 9:24 am

Re: I don't want to screw a russian chick today

Postby Minnerva » Thu Sep 23, 2010 2:06 pm

well i guess we know what the administrators were watching when the server got messed up. lol
Minnerva
 
Posts: 1738
Joined: Sun Jun 22, 2008 5:22 pm

Re: I don't want to screw a russian chick today

Postby Sabindeus » Thu Sep 23, 2010 2:21 pm

We do? What was I watching?
Image
Turn In, an NPC interaction automator - http://wow.curse.com/downloads/wow-addo ... rn-in.aspx
User avatar
Sabindeus
Moderator
 
Posts: 10472
Joined: Mon May 14, 2007 9:24 am

Re: I don't want to screw a russian chick today

Postby Arnock » Thu Sep 23, 2010 2:24 pm

It was wierd the way it was handled to, looked like they just replaced the text "maintankadin.failsafedesign.com" with whatever the website's homepage's url was. Leaving the post ID and whatnot from maintankadin on the tail end of it.
Image
Courage not of this earth in your eyes
Faith from far beyond lies deep inside
User avatar
Arnock
 
Posts: 3666
Joined: Tue Apr 08, 2008 6:36 pm
Location: Everywhere and nowhere

Re: I don't want to screw a russian chick today

Postby Chicken » Thu Sep 23, 2010 2:27 pm

Kinda reminded me of a similar issue another website I regularly visit had a few years ago. Their website had it for a while that about half the time you visited it you'd end up at the homepage of a tattoo parlor instead. It was an issue with the DNS in their case though, and they had to contact their hosting to get it sorted out.

That was kind of different from this though, as the URL in the address bar didn't change, just the website it ended up going to.
Image
User avatar
Chicken
 
Posts: 1597
Joined: Fri Jun 26, 2009 2:19 pm

Re: I don't want to screw a russian chick today

Postby Snake-Aes » Thu Sep 23, 2010 2:34 pm

Chicken wrote:That was kind of different from this though, as the URL in the address bar didn't change, just the website it ended up going to.

On the contrary, the url did change. It kept replacing www.failsafedesign.com/maintankadin and maintankadin.failsafedesign.com to russgirs2~
Image
I am not allowed to seduce the abyssal's lunar mate.
User avatar
Snake-Aes
Maintankadonor
 
Posts: 15538
Joined: Thu Nov 01, 2007 3:15 am
Location: Thorns

Re: I don't want to screw a russian chick today

Postby Arnock » Thu Sep 23, 2010 2:35 pm

Snake-Aes wrote:
Chicken wrote:That was kind of different from this though, as the URL in the address bar didn't change, just the website it ended up going to.

On the contrary, the url did change. It kept replacing http://www.failsafedesign.com/maintankadin and maintankadin.failsafedesign.com to russgirs2~



I think he meant that the URL didn't change for the other website.
Image
Courage not of this earth in your eyes
Faith from far beyond lies deep inside
User avatar
Arnock
 
Posts: 3666
Joined: Tue Apr 08, 2008 6:36 pm
Location: Everywhere and nowhere

Re: I don't want to screw a russian chick today

Postby Sabindeus » Thu Sep 23, 2010 2:39 pm

They managed to edit our .htaccess file and add a Rewrite rule replacing start to / with the russia thing, which is why it failed on longer paths.

Checked wtmp and the auth log and couldn't find any trespass... tried to do some grepping through the webserver access log to see if there was some sort of exploit at work, but I couldn't find anything... this server gets so much traffic that it's a big pain in the ass to try and find stuff like that if you don't know what you're looking for.

If anyone has any idea how this happened let me know... possible vectors would include joomla and phpbb
Image
Turn In, an NPC interaction automator - http://wow.curse.com/downloads/wow-addo ... rn-in.aspx
User avatar
Sabindeus
Moderator
 
Posts: 10472
Joined: Mon May 14, 2007 9:24 am

Re: I don't want to screw a russian chick today

Postby Minnerva » Thu Sep 23, 2010 2:42 pm

Sabindeus wrote:We do? What was I watching?

you take comments too serious, that is why I try stick to joking with the other administrators
Minnerva
 
Posts: 1738
Joined: Sun Jun 22, 2008 5:22 pm

Re: I don't want to screw a russian chick today

Postby Invisusira » Thu Sep 23, 2010 2:43 pm

Sabindeus wrote:If anyone has any idea how this happened let me know... possible vectors would include joomla and phpbb

I'll create a GUI interface using visual basic
see if I can track an IP address
User avatar
Invisusira
Moderator
 
Posts: 9021
Joined: Sat Oct 06, 2007 6:23 pm
Location: alt-tabbed

Re: I don't want to screw a russian chick today

Postby Fridmarr » Thu Sep 23, 2010 2:44 pm

hahahaha
Fridmarr
Global Mod
 
Posts: 9666
Joined: Sun Apr 08, 2007 1:03 am

Next

Return to Arkham Asylum

Who is online

Users browsing this forum: Bing [Bot] and 1 guest

cron

Remove Advertisements

Who is online

In total there are 2 users online :: 1 registered, 0 hidden and 1 guest (based on users active over the past 5 minutes)
Most users ever online was 380 on Tue Oct 14, 2008 6:28 pm

Users browsing this forum: Bing [Bot] and 1 guest
?php } else { ?