Page 1 of 4 1234 LastLast
Results 1 to 20 of 61
  1. #1
    marvel's Avatar
    marvel is offline Public Member
    Join Date
    October 2009
    Posts
    152
    Thanks
    51
    Thanked 99 Times in 64 Posts

    Exclamation GPWA is hacked!!!

    Hello all, GPWA,

    your Forum is hacked.....

    go to google and search gpwa.... you get this



    Klick on Forum.... and you get this....



    is only on the first load of your forum, after this it will set a cookie to your pc and all is fine. The second vbull forum i saw is hacked with the same tool.
    Last edited by marvel; 19 January 2015 at 3:03 pm. Reason: GPWA
    marvel
    ___________________________________________

  2. The Following 5 Users Say Thank You to marvel For This Useful Post:

    Anthony (19 January 2015), dfiocch (20 January 2015), MichaelCorfman (25 January 2015), Roulette Zeitung (19 January 2015), Zuga (19 January 2015)

  3. #2
    Roulette Zeitung's Avatar
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,444
    Blog Entries
    5
    Thanks
    6,004
    Thanked 6,896 Times in 2,999 Posts

    Default

    Good job!
    A very smart hack.

    Best possible solution: Disabling register_globals and or initializing $vbseo_crules, $seo_replace_inurls at the start of vbseo.php.

    Leopold

  4. The Following 4 Users Say Thank You to Roulette Zeitung For This Useful Post:

    -Shay- (19 January 2015), Anthony (19 January 2015), coreen.starpartner (20 January 2015), sweetbet (25 January 2015)

  5. #3
    Anthony's Avatar
    Anthony is offline Affiliate Services/Moderator
    Join Date
    June 2003
    Location
    In the City
    Posts
    6,762
    Blog Entries
    66
    Thanks
    1,911
    Thanked 3,092 Times in 1,655 Posts

    Default

    Thanks for the post! I will have our IT department look into it.
    I am here to help if you have any issues with an affiliate program.
    Become involved in GPWA to truly make the association your own:
    Apply for Private Membership | Apply for the GPWA Seal | Partner with a GPWA Sponsor | Volunteer as a Moderator


  6. The Following User Says Thank You to Anthony For This Useful Post:

    Roulette Zeitung (20 January 2015)

  7. #4
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    944
    Thanks
    110
    Thanked 557 Times in 328 Posts

    Default

    I had this, was a VBSEO exploit...
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  8. #5
    dfiocch's Avatar
    dfiocch is offline Private Member
    Join Date
    September 2006
    Posts
    878
    Thanks
    789
    Thanked 567 Times in 350 Posts

    Default

    Quote Originally Posted by Roulette Zeitung View Post
    Good job!
    A very smart hack.

    Best possible solution: Disabling register_globals and or initializing $vbseo_crules, $seo_replace_inurls at the start of vbseo.php.

    Leopold
    Just disabling register_globals should fix this hack. No hardcoding required.

  9. The Following 2 Users Say Thank You to dfiocch For This Useful Post:

    coreen.starpartner (20 January 2015), Roulette Zeitung (20 January 2015)

  10. #6
    coreen.starpartner is offline Sponsor Affiliate Program
    Join Date
    August 2014
    Location
    South Africa
    Posts
    109
    Thanks
    45
    Thanked 39 Times in 28 Posts

    Default

    So much hacking these days...

    Better be super careful these days.

  11. The Following 2 Users Say Thank You to coreen.starpartner For This Useful Post:

    -Shay- (20 January 2015), Roulette Zeitung (20 January 2015)

  12. #7
    Roulette Zeitung's Avatar
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,444
    Blog Entries
    5
    Thanks
    6,004
    Thanked 6,896 Times in 2,999 Posts

    Default

    Quote Originally Posted by Anthony View Post
    Thanks for the post! I will have our IT department look into it.
    Good Afternoon,

    5 days later and nothing happened.
    IT department: "Please do not disturb"

    For your information: GPWA threads in Google search engine results are also affected!

    So don't be surprised, if the hit counter is going down.

    For example enter in your Google search box

    gpwa fernanda liar

    and click on the (GPWA) result(s).

    You will be redirected away from GPWA if you don't have the GPWA cookie for that thread.

    Leopold

  13. #8
    -Shay- is offline Public Member
    Join Date
    November 2012
    Posts
    3,042
    Thanks
    12,142
    Thanked 3,151 Times in 1,687 Posts

    Default

    Quote Originally Posted by Roulette Zeitung View Post
    Good Afternoon,

    5 days later and nothing happened.
    IT department: "Please do not disturb"

    For your information: GPWA threads in Google search engine results are also affected!

    So don't be surprised, if the hit counter is going down.

    For example enter in your Google search box

    gpwa fernanda liar

    and click on the (GPWA) result(s).

    You will be redirected away from GPWA if you don't have the GPWA cookie for that thread.

    Leopold

    Very interesting

  14. #9
    Pmig is offline Private Member
    Join Date
    August 2012
    Posts
    176
    Thanks
    43
    Thanked 77 Times in 54 Posts

    Default

    Anthony,

    You deal here with a lot of personal data, so this issue is very serious! Is not only a matter of "IT department look into it".

    A Public anouncement should be made with the results of the forensic analysis.

    What is the extension of the hack? What data was exploited? What is the attack vector? Why members are not informed right away about the data breach as soon you have aknowlege? (at least on January 19th).

    Thanks for undestanding.

  15. The Following 2 Users Say Thank You to Pmig For This Useful Post:

    -Shay- (25 January 2015), Roulette Zeitung (30 January 2015)

  16. #10
    misanthrope's Avatar
    misanthrope is offline Public Member
    Join Date
    January 2015
    Posts
    31
    Thanks
    12
    Thanked 24 Times in 15 Posts

    Default

    Avast antivirus already blocks gpwa




    Deletion link for this image
    http://imgur.com/delete/FzlMMXQDqy6RRZh

  17. #11
    sweetbet's Avatar
    sweetbet is offline Private Member
    Join Date
    November 2012
    Posts
    2,722
    Blog Entries
    5
    Thanks
    850
    Thanked 1,524 Times in 1,051 Posts

    Default

    Should I be scanning my computer for any suspicious files?
    Sweet Bet - Reviews of reputable online casinos, poker sites, sportsbooks & bingo halls
    USA Online Casinos | Canadian Online Casinos | Bitcoin Casinos | Live Dealer Casinos | Free Spin Casinos | US Online Casinos | Just HODL Crypto

  18. #12
    Roulette Zeitung's Avatar
    Roulette Zeitung is offline Public Member
    Join Date
    July 2012
    Location
    Germany
    Posts
    4,444
    Blog Entries
    5
    Thanks
    6,004
    Thanked 6,896 Times in 2,999 Posts

    Default

    "Should I be scanning my computer for any suspicious files?"

    There is no need for it. The hack is a redirector.
    The target is not your computer. As long as you don't click anything on the filestore website, you can sleep well.

    Leopold

  19. The Following User Says Thank You to Roulette Zeitung For This Useful Post:

    sweetbet (25 January 2015)

  20. #13
    Mario The Gambler's Avatar
    Mario The Gambler is offline Public Member
    Join Date
    March 2011
    Posts
    155
    Thanks
    110
    Thanked 80 Times in 58 Posts

    Default

    The problem continues today.
    " Money won is twice as sweet as money earned"
    Eddie Felson in the movie The Color of Money

  21. #14
    marvel's Avatar
    marvel is offline Public Member
    Join Date
    October 2009
    Posts
    152
    Thanks
    51
    Thanked 99 Times in 64 Posts

    Default

    I 'm really disappointed about that a forum like this after 6 days not in a position to fix the hack. it takes only 3 minutes to resolve this problem.
    marvel
    ___________________________________________

  22. #15
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    3,989
    Thanks
    800
    Thanked 4,863 Times in 1,604 Posts

    Default

    Quote Originally Posted by Roulette Zeitung View Post
    Good job!
    A very smart hack.

    Best possible solution: Disabling register_globals and or initializing $vbseo_crules, $seo_replace_inurls at the start of vbseo.php.

    Leopold
    The hack is actually quite insidious, and we have been urgently investigating it since it was reported. As a note, we did have register_globals disabled, so that was not the attack vector.

    The hack employed a number of obfuscation techniques, including only being in force when the visit to the GPWA website originated from a search engine. And using domains to attempt hide that there was any hack at all, such as fetching javascript code from the domain google-analvtics.com rather than google-analytics.com (v in the domain name rather than y).

    We still have not fully gotten to the bottom of how the site was hacked, but we do know complete details of the payload that is being served. In the meantime we are going to migrate the GPWA website to a more newly built web server that is configured so it is more invulnerable to attack. That migration is currently planned to take place tomorrow (Monday) morning starting at 8am eastern time.

    Michael
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot

    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  23. The Following 2 Users Say Thank You to MichaelCorfman For This Useful Post:

    Pmig (26 January 2015), TheGooner (25 January 2015)

  24. #16
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    3,989
    Thanks
    800
    Thanked 4,863 Times in 1,604 Posts

    Default

    I have now made a post regarding the GPWA website migration planned for tomorrow (Monday) morning.

    You can see it here:

    New GPWA database and forum servers being deployed.

    Michael
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot

    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  25. The Following User Says Thank You to MichaelCorfman For This Useful Post:

    Pmig (26 January 2015)

  26. #17
    MichaelCorfman's Avatar
    MichaelCorfman is offline GPWA Executive Director
    Join Date
    June 2004
    Location
    Newton, MA
    Posts
    3,989
    Thanks
    800
    Thanked 4,863 Times in 1,604 Posts

    Default

    The migration to new servers has now been completed. So hopefully we are cured now and have no more virus.

    Michael
    GPWA Executive Director, Casino City CEO, Friend to the Village Idiot

    Resources for Affiliates: iGamingDirectory.com, iGamingAffiliatePrograms.com, GamingMeets.com

  27. The Following User Says Thank You to MichaelCorfman For This Useful Post:

    coreen.starpartner (26 January 2015)

  28. #18
    coreen.starpartner is offline Sponsor Affiliate Program
    Join Date
    August 2014
    Location
    South Africa
    Posts
    109
    Thanks
    45
    Thanked 39 Times in 28 Posts

    Default

    Quote Originally Posted by MichaelCorfman View Post
    The migration to new servers has now been completed. So hopefully we are cured now and have no more virus.

    Michael
    Thanks Michael. Hope to see you again at LAC.

  29. #19
    marvel's Avatar
    marvel is offline Public Member
    Join Date
    October 2009
    Posts
    152
    Thanks
    51
    Thanked 99 Times in 64 Posts

    Default

    So hopefully we are cured now and have no more virus.
    Virus is still there!!
    marvel
    ___________________________________________

  30. #20
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,316
    Thanks
    1,542
    Thanked 7,145 Times in 4,544 Posts

    Default

    misanthrope,

    I too run avast and usually browse the gpwa with Firefox but I have NOT seen any warnings from avast.

    It could be warnings from other pages that take a while to load if you have other tabs open.

    If at any time you have a way you can recreate this, let me know so I may investigate further.

    Rick


    Edited to add: I too was able to recreate the above by following the link in from a google search so I will make Anthony and Michael aware right away so Alan can look into it.

Page 1 of 4 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •