Boxerworks.com

I am putting this here as I know the most traffic comes in via this subforum. I just clicked on a subscription email to enter the board and there appears to be an issue on the server.

xomoji.in

is trying to modify the header script it would appear. I've never heard of them before and while it has been a while since I was active here, assume the board proprietors would not have a script doing such a thing, so anyone not running script blocking software would be unaware they may end up with something scripted through their browser by this agent. Since I cannot find them period in a Google search and just having an *.in tld is enough to worry me...

The domain was ONLY CREATED yesterday and resolves to DNS servers with a .tld of RU - so again I'd be pretty concerned. Anyone that can might want to ask the board proprietor(s) if they are aware this is present here or not and if it is intended...

.tld?

People are probly scratching their heads, trying to figure out what the heck you are talking about.

The board has been acting mighty strange lately. Has Boxerworks been hacked?

Sorry I'll take it in order here - I say stupid stuff occasionally (OK, quite a lot) with the assumption people all know what I am talking about... TLD stands for Top Level Domain.

*.tld = .com or .net .ru .au or.org --> It is the ending suffix after the period - these days there are many. I hate being a Google genius, as so many are today, but without looking I think a *.in tld would in fact usually be India? It is oddly registered to a place in Pennsylvania, but yet their DNS server have an .RU suffix or tld. not that unheard of to have servers running their pages without the domain servers in the same locale for reasons I will not get into here. - but .ru is Russia, so does anyone here really think folks with a business on a happy street in PA needed to find a company in Russia to resolve their DNS? I doubt it and Russia is one of the places that they do not control illegal activities on the Internet from - (that's where all the "good" pirated Software comes from now-a-days! lol)

Anyhow, I would be really worried and only am not "as" worried as I would suggest others be as I run servers all the time and have run phpBB and well my machines are and stay clean.

If anyone taking care of the site EVER logged in via ftp - all could be lost, for their username to the server and password is sent via plain text - so word to the wise, NEVER EVER connect to your webserver with ftp - always use sftp so that and everything else is encrypted. It is no harder, no slower, just safer.

Would it be helpful to anyone here that unlike myself gets to go scooting around on a "WORKING" post 1970 BMW for me to set up a page on one of my webservers detailing how to protect yourself from what is going on? As truly, right now the proverbial sh1t has really hit the fan with this stuff. iPhones currently are being exploited and all one needs is the telephone number and to send the right SMS messages to your device - only one will the owner ever know about - then the evil doers own your phone and all that is on it; think about that for a minute. Scary.

As for safety with computers, that is what I am referring to on the client side for users here. I obviously recommend EVERYONE USE AS ROBUST AS POSSIBLE ANTI-VIRUS PROTECTION THEY CAN! AND KEEP IT UPDATED - RUN REGULAR SCANS! Also if you are running Microsoft (sorry not available for Mac) Install and run Spybot S&D - by safer networkig. Never ever click anything other than something you know what it is on the www and then sometime not then - compare the address bar to what you think you are clicking and as well never ever give away sensitive ANYTHING unless you've done so AND the site is encrypted (IS https - look for the s at the end of the http!) Likely 80% or more of the viruses and other crap going around out there is a phishing scandal sadly essentially the user's fault - so train yourself to recognize them both in the email form "UPS shipment #234448" Sir, we were unable to deliver your XYZ package, please click the link to log in so we can deliver it..." Or the web pages (even common places like C-Net one of the reason I hate them is their pages are full of the same... "Warning did you know your computer is infected?" Click here to fix!" (instead, reality is you are clicking there to either guarantee infection, or just give up all of your personal data.

I could go on and on about this - there are plenty of authors out there to have covered such things. What I can tell you? In all my years running Enterprise Servers and Workstations built around servers; since the Internet became the www, I have only once used an Anti-Virus product because it was pre-installed and I had not had the time to erase everything on the machine (it was a new machine - I know what you are thinking a contradiction...) like I recommend everyone does. In that time I have had one virus. We were studying a very nasty one and after I downloaded it and went to drag it into a Virtual Machine for safety sake, I accidentally double clicked it. I only mention this considering it is a contradiction to what I have written above, for one reason - prudence and knowledge is all that are required to keep one safe. I would "maybe" use such things, but when it takes a week and a half to run a virus scan ONLY on my OS drive not to mention I cannot have a Virus Application popping up in the middle of someone's "best take" of a Segovia performance on nylon guitar and ruining it...

If I have the time, perhaps I'll make a short walk-through for Windows and Mac users on one of my webservers - it would not change the World, but perhaps it could help keep the wonderful users of Boxerworks clean... My apologies for any grammar or other classicals as I have such a migraine I am having trouble seeeig the screen at the moment - hopefully that will lesson soon!

Kind regards, 73
Douglas

Yeah Douglas, we have been discussing this since 6 May on the Speakeasy. http://boxerworks.com/forum2/viewtopic.php?f=18&t=4572
5 pages worth, in fact.

I will leave the how-comes and what-we-are-going-to-do-about-its to the guys that have a clue (NOT me!).

I have YET to have an issue with my PC at home. It always remembers my login. I'm running Google Chrome.

When I look at the site at work, where I am not allowed to sign on (only lurk), it takes a long time to load (like the anti-virus/malware/firewall software is filtering it), and it has the Php (?) code at the top - until you enter a sub-forum and come back out, then the background is normal.

Doug, if you want to do anything to help the forum, you really need to contact Matt. And unfortunately the best way to do that is via Face Book...
He has a professional that handles the website, and things have been much better since she took over, but as you know there will always be new problems. That and this is just a sideline gig for her, she has a regular job.
See "Area 51" at the bottom of the list of forums for more info on her.

Hey thanks. I offered Matt my expertise several times while things were up in the air and as well when a particular female said she was backing away from the project as it was more consuming than she anticipated. I never got replies from anyone but other forum users telling me to give everyone a break as I guess both parties were haviung their troubles - I think Matt was sick and I have no clue about the woman.

I am sorry for posting here and SHOULD have looked over in the speak easy, but just by the numbers you can see where someone is likely to notice a post faster and I was and still am concerned.

The PHP errors and mess of crap running on top of the site last evening is exactly what I was talking about, but unless you have (for Chrome) Script-Not and something like ghostery installed in Chrome - if these things lurking are malicious, you may be in trouble. Chrome is as wide open as IE... Also, Mac users, remember you have just been getting lucky. If you had more than 20% of the market share, a Mac could not run online as they are WIDE OPEN to exploits. Apple is just now finding out especially due to their success with mobile devices that if you gain enough market share, you become a target and sadly from Ethernet port to kernel Mac's are like an open door, even though they ask you for permission and a password if you want to get up to go pee...

When the PHP errors came up for me, that script and some others were trying to modify header data which would be one good way to disguise your presence here. Odd it comes and goes. Considering that site was created just the other day and their DNS servers are in Russia, and you say things have been slow, if the ftp password and such has gotten leaked, we could be running on a phpforum that is not even Matt's anywhere in the World. Just stealing any data they can when they hijack the DNS. Sorry, often there are not good answers, just ways of, well hate to use these terms, "starting over" to get out of this sort of thing...

I'll only post with regard to this in the appropriate topic (sorry about that - I know better, but think everyone can understand why I put it here) and as well will try and contact Matt and see if my services can be of any use to him or his efforts to support the board...

Thank you for the reply and all I can say is try and stay safe - right now the exploits, viruses and other nasties are far beyond what I have ever seen - it truly is becoming worrisome; this year we've about tripled what we normally would see!

Thank you in advance, 73
Douglas - KD8PNH

dwire wrote:I'll only post with regard to this in the appropriate topic (sorry about that - I know better, but think everyone can understand why I put it here)

Not to worry Douglas! After all, you only have the good of the forum at heart!
If one were to be politically correct, BOTH of these threads should have gone in Area 51!


~Rob, burying his head in the sands of the Ethernet.

I sent Matt an email about this issue. The Web Mistress is looking into it. Matt will post a message to let us know what is going on soon.

Thanks Steve. If you looked at my screen clip in "Area51" the thing to remember is that all the php failures and such are not 100% likely to fail unless one is using script blocking software as an add on in their browser. It's likely that only showed up for me. Same deal as what I initially posted. I'd guess that the board's ftp username and password were obtained by a packet sniffer, or similar technology. If that is the case, one can generally enter the server via sftp - that is all you should ever use so such things cannot happen and watch the file dates, permissions etc. change from day to day, hour to hour.

Sadly, I've seen this before when my old server company had a major problem that leaked a good deal of everyone's usernames and passwords. At any rate, these things could be aggregate info grabbers - or they could be infecting anyone with junk to spread elsewhere and the only easy and safe way for me just as a user to even guess would be to install a VM and see if I can get infected to study what they are doing; so it usually is much easier to look at server records, time stamps and watch files being overwritten, which clearly has happened, or the script could not have changed to a different url...

I have just had to log on although I've ticked the box to automatically log me in. The speakeasy is sporadic in its availability. This is not normal with my interaction with the boxerworks site.