• Welcome to the new NAXJA Forum! If your password does not work, please use "Forgot your password?" link on the log-in page. Please feel free to reach out to [email protected] if we can provide any assistance.

Cherokee Forum got Hacked... I'm Pissed!

xj_mike

xj_mike

NAXJA Forum User
Location
San Diego, CA
So I load up my browser this morning with all the different forums I am on. Next thing I know my antivirus and anti-malware alerts start going off big time. It's blocking and deleting files. Start doing some checking on what site got hacked and it looks like it's Cherokee Forum.com. I am so f'n pissed right now. 8 hours of work and I still haven't gotten it removed completely.

It managed to get by, by dropping in as a RootKit and then placing Trojans. RootKits are a major PITA to remove, if you can at all.

Sad part is, I take care of our department's Antivirus/Malware products so I am not a newbie to safe web useage or virus protection. Heck, I actually saved Volksrodders.com, when I found it had been hacked a couple years back and alerted to site Admin. I sent a message to CF but haven't heard anything.

Just a warning to all, don't visit Cherokee Forum.com unless you like to rebuild your box.

Just in case someone pipes in and say something like "don't use IE, blah, blah, blah" I wasn't using IE front end GUI and the browser I use has better protection then IE. I had a user last week get hit from an infected web site (that was hacked) and it came through specifically via Firefox. No browser is immune.

Just wanted to vent!!!!
 
I use CF.com all the time, been on there a few times today too.. my kaspersky has not seen a thing, all systems seem to be running 100% normal.

Hrmmm
 
Maybe they were able to fix the issue... it seems to be of late there has been a rash of hackings going on... There are a few sites that I frequent that have been hacked within the last couple of days... Not like there is anythign to gain from it, other than being able to say you did it... people that do stupid s**t like that piss me off... why waste your time messing up someting as little as a forum..... heck if you are going to waste the time to hack something make it something worth while like Microsofts main server, or something dumb and useful like that.... I used to mess around a little bit with changing people's sites up and stuff like that and that was as far into hacking that I ever got, but never crashed the site, or dropped a virus in....
 
I had used their contact page to send them a message at 7am this morning. Maybe they were able to take care of it but I never heard anything back.

I tested the site later in the morning with my virtual browser (IE8 in this case) and minute I hit it, it started trying to download files. Other sites I tested did not do this so I narrowed it to CF.
 
Thanks for the heads up. I'll keep my eyes open.
 
Stop downloading porn :D
 
Yes I had adware shut down Firefox when I went there a couple days ago.
 
Just an update. Got a reply from the site admin and it looks like the site itself is fine BUT what we suspect is that the virus was dropped in from a banner ad. These don't reside on the host server so they are not scanned.

This should be a concern everyone as so many sites have these hot linked banner ads. Personally I would rather see any banner ads hosted on the hosted web site, so those files will have the same protection that the rest of the site might have. Anything that gets hot linked out and hence, not scanned via the hosting sites software, is just waiting to become an new source to infect machines.

I appologize to Cherokee Forum, as it was not directly their fault. It just happened to be the site I hit that had an infected banner ad.
 
xj_mike said:
I would rather see any banner ads hosted on the hosted web site, so those files will have the same protection that the rest of the site might have. Anything that gets hot linked out and hence, not scanned via the hosting sites software, is just waiting to become an new source to infect machines.
Click to expand...

They do this so they can see how many times there banner was displayed a stat they cant see if the site hosts it
 
MpSlayer said:
They do this so they can see how many times there banner was displayed a stat they cant see if the site hosts it
Click to expand...

And hence the problem. Why should their stats be more important then safe Internet usage?

To combat this, I have now chnaged browsers and am running one that blocks banner ads. Should minimize this from happening again.
 
MpSlayer said:
They do this so they can see how many times there banner was displayed a stat they cant see if the site hosts it
Click to expand...
Errrrm.... well.... sorta.

One way to count banner ad displays is to scrape the logs for that particular image. This doesn't count when an ad is displayed behind a caching proxy.

A better way (and I'd have to investigate this site's software) would be to count when the ad is embedded in the page display.

Mike, re: stats vs. safe usage. Gotta remember, it's all about da money. If it weren't for revenue, nobody would be displaying ads at all. I'm not agreeing with it, or criticizing it, but that's the way it is.
 
Which is why I run FireFox with both NoScript and AdBlockPlus.

Sorry to our (and other) sponsors that put up "clean" banners for sites to use, but there's enough trash getting piggybacked out there that it's just not worth the risk. So, I don't take it.

Any site that has sponsors should have a consolidated listing of those sponsors, and that's a resource I can always use to sift through them when I'm looking for something. I understand that puts the onus on me to look through them, but I don't mind - it's a responsibility I accept for exercising the authority to protect my system from unknown threats. I can handle that (and I have no trouble browsing sites of sponsors and such when I'm looking for something anyhow.)

Easy. I hate to do it - because it blows display numbers all to Hell - but until something can happen to clean things up, it's something I'm just going to have to do.
 
xj_mike said:
So I load up my browser this morning with all the different forums I am on. Next thing I know my antivirus and anti-malware alerts start going off big time. It's blocking and deleting files. Start doing some checking on what site got hacked and it looks like it's Cherokee Forum.com. I am so f'n pissed right now. 8 hours of work and I still haven't gotten it removed completely.

It managed to get by, by dropping in as a RootKit and then placing Trojans. RootKits are a major PITA to remove, if you can at all.

Sad part is, I take care of our department's Antivirus/Malware products so I am not a newbie to safe web useage or virus protection. Heck, I actually saved Volksrodders.com, when I found it had been hacked a couple years back and alerted to site Admin. I sent a message to CF but haven't heard anything.

Just a warning to all, don't visit Cherokee Forum.com unless you like to rebuild your box.

Just in case someone pipes in and say something like "don't use IE, blah, blah, blah" I wasn't using IE front end GUI and the browser I use has better protection then IE. I had a user last week get hit from an infected web site (that was hacked) and it came through specifically via Firefox. No browser is immune.

Just wanted to vent!!!!
Click to expand...

This is why I use a Mac. :lecture:
 
You must log in or register to reply here.

Similar threads

CherBear
Computer Help, Stumped
Replies
11
Views
1K
CherBear
CherBear
S
1996 Jeep Cherokee transmission problem
Replies
1
Views
6K
MAY POP
M
K
LS1 Cherokee
2
Replies
27
Views
12K
KJurasek
K
Mtb Jak
Feeler- Wrecked 2000 Cherokee Sport
2
Replies
38
Views
7K
MrClean
M
Back
Top