GWPA is hacked!!!

[Progger]

8 days later...and the bug/hack/exploit is not fixed....whats up ?

[misanthrope]

misanthrope,

I too run avast and usually browse the gpwa with Firefox but I have NOT seen any warnings from avast.

It could be warnings from other pages that take a while to load if you have other tabs open.

If at any time you have a way you can recreate this, let me know so I may investigate further.

Rick


Edited to add: I too was able to recreate the above by following the link in from a google search so I will make Anthony and Michael aware right away so Alan can look into it.

Thanks. Yes, I also got this message when I visited gpwa via google. I tried again today and it seems to be fixed

[Mario The Gambler]

8 days later...and the bug/hack/exploit is not fixed....whats up ?

It seems OK now.

[Progger]

not really..i see this hosting page 3-4 times....

[MichaelCorfman]

We were able to reproduce the issue yesterday, and made corrections that we believed resolved the issue.

Based on reports after the time we believed we resolved the issue, we have also tried to see if we can reproduce any issue at the present time, but have not succeeded in doing so. We have also carefully reviewed all of the information we could find on the web reporting this type of vulnerability, and have applied all fixes we are aware of to our server.

So, it is very important that if any symptoms are currently being observed that we be told exactly what steps will reproduce the situation. From past experience, we also know it can be important to know time-of-day and the IP address from which symptoms are observed. We have found that hacks sometimes limit time-of-day and IP addresses to which the hack is visible to increase the difficulty of diagnosing the issue. We've also seen hacks that store IP addresses remotely, rather than using cookies, to determine when a hack will exhibit symptoms to further obfuscate matters.

Michael

[Scampi]

Seeing this when I open two tabs. The pages still load.

[MichaelCorfman]

Seeing this when I open two tabs. The pages still load.

I have referred this to the development team to investigate. My guess is that this symptom is perhaps a server migration issue, although certainly we will work to get to the bottom of it no matter what the issue.

Michael

[GCG]

Seeing this when I open two tabs. The pages still load.

same here

and some viewing certain threads IE just crashes without any warning.

something is not right.

[-Shay-]

I do not get it when I load a single page from the "Search Results" provided by clicking the new posts. Nor do I get it when I load 3 or 4 new posts, which is what I thought was the cause.

The pop-up error seemingly displays before the "Quick Reply" box is able to load. Thus, if I have a single thread open and fully loaded, I do not get the pop-up. I'll close all GPWA windows out and see if the error box comes up or not.

Addition: That reproduced the error. The buttons in the text box did not load, then the error popped up, you press OK and the box fully loads...

[agentlotto]

Another example that you should always be wide awake. Thanks to Marvel!

[MichaelCorfman]

The development team was able to reproduce the error reported above by Gambling Joe, GCG, and Shay. They determined that it was caused by a configuration setting on the new web server. They have now adjusted that configuration setting and are no longer able to reproduce the error. So my guess that it was a server migration issue appears to have been correct.

Separately, a big thanks to Marvel and those who helped with the hack.

Again, please let us know if you observe any anomalies from this point forward in the operation of the site on the new server.

Michael

[universal4]

I have not been able to reproduce the error either although I have not tried in opera yet, but will test for it later and report back to Michael if I see the error.

Rick
Universal4

[marvel]

Separately, a big thanks to Marvel and those who helped with the hack.

This business is strange enough, so we must keep all together. nice to see fixed the bug and hack.

[universal4]

I have also additionally tested using both new posts and today's posts and not getting any errors.

Additionally I specifically left a few unread posts and performed the Mark all posts as read function and that worked fine using firefox. (This was an issue with some of the previous migrations,b ut not this time)

Rick
Universal4

[Sherlock]

The redirect from google is still there. Just got this landing page: http://adultfriendfinder.com/go/page...lpo_redirect=1

while googling my old (unanswered) thread where I was looking for contact at sportsbet.com.au

[marvel]

The redirect from google is still there. Just got this landing page:

yes it is, in the moment i got the same with google search.

[Sherlock]

still there..

[MichaelCorfman]

Just a quick note to say that we do understand that their remains a hack in place that redirects some traffic when Google is the referrer. Our technical staff has traced back a good number of the details regarding what is happening, but before we remove the hack we want to make sure we have a full and in-depth understanding of all aspects of what is happening to make sure the whole thing is removed.

If anyone observes any type of hacked activity other that redirects when Google was the referrer, please let us know.

Otherwise we will post when we believe we have fully resolved redirection hack, together with further details. But, at the moment, our belief is that the only negative side effect of the hack is the redirection seen by those referred to the site through Google.

I will be leaving the office in a little while, since I have a flight to catch to London to attend LAC and ICE later this evening, so there may be some delays in my making further posts on the matter.

Michael

[Sherlock]

Your observing is correct. It is only when G is ref and nothing else. This way they redirect the pages even to parking because defacto it is search engine traffic, which is allowed (analogy with verified casinos, we should all shout Google is the thief, because Google ad feed is often on the other side of the hack, not just at the beginning).

However idk why it takes so long. When my vbulletin was hacked through same way it took my guys 1-2 hours max to locate and remove the code with help of vbulletin forum. It is not a rocket science.

[MichaelCorfman]

However idk why it takes so long. When my vbulletin was hacked through same way it took my guys 1-2 hours max to locate and remove the code with help of vbulletin forum. It is not a rocket science.

Our site was not hacked in the trivial ways reported on the web. If it were as simple as that it would have been fixed long ago. Like you say, in 1-2 hours max.

Michael