Domain forwarding issue

jbensman · March 03, 2012, 06:51:23 AM

I would suggest until this gets fixed, put some simple hrml at gpsfiledepot.com stating the site has been hacked and the problem is being worked on, then give a link to the site and let people know which browsers work.

-Oz- · March 03, 2012, 09:06:47 AM

I wonder if I could pull that off based on browser. This exploit appears to be based on php itself.

Boyd · March 03, 2012, 10:20:16 AM

Here's a wikipedia page on "SQL injection" which seems to be what is happening: http://en.wikipedia.org/wiki/SQL_injection

Also, look at this post from just a few days ago. Their site seems to be suffering from the exact same thing - also getting redirected to myustreamtv.rr.nu as we are here:

http://www.htmlforums.com/website-review/t-need-help-146029.html

Indrid Cold · March 03, 2012, 02:44:32 PM

Quote from: Boyd on March 02, 2012, 02:26:44 PM
You have a Mac, right? In Safari go Window > Activity then go to http://forums.gpsfiledepot.com/ and observe what happens. Hit refresh, and every time you do a different but similar url is embedded - here are two screenshots.

I tried that and struck out, nothing in the Activity window. Lot's of refreshing....

I'll have to take a laptop offsite to Starbucks later and mess with the settings.

GreyDude · March 03, 2012, 02:47:53 PM

Been having the same attack/redirect problem for gpsfiledepot.com for the past 3 days. I used Norton Internet Security's Safe Web facility and it returned a 'green' site access -- no problems, but when I try to access the site through IE8, I get rerouted. Using Firefox the website is accessible and have never been redirected using this browser. Norton Customer Support basically said it was an IE problem.
Within the past hour or so, I have been able to access the gpsfiledepot.com site with IE. Not sure if this is only temporary or someone has found and disabled the culprit.
Thanks for your continued support.

-Oz- · March 03, 2012, 02:55:54 PM

I believe it has been fixed. Not seeing it anymore; found a script that cleaned everything out.

Boyd · March 03, 2012, 04:14:39 PM

Quote from: Indrid Cold on March 03, 2012, 02:44:32 PMI tried that and struck out, nothing in the Activity window.

Yep, it's gone now. Nice work Dan!

Indrid Cold · March 03, 2012, 04:32:31 PM

Quote from: Boyd on March 03, 2012, 04:14:39 PM
Quote from: Indrid Cold on March 03, 2012, 02:44:32 PMI tried that and struck out, nothing in the Activity window.

Yep, it's gone now. Nice work Dan!

Turns out I had java-script off so I wasn't redirected.

jbensman · March 03, 2012, 06:05:35 PM

Yes it is now fixed. Way to go and what a jerk it was that hacked us! Any idea on how it happened?

-Oz- · March 03, 2012, 06:10:14 PM

Still working on how it happened but it was either through the forums or via the map/article writing script.

maps4gps · March 04, 2012, 08:14:44 AM

The three URLs I restricted had .de.lv extensions.

henry001 · March 05, 2012, 03:04:07 PM

I wonder if it is safe to download map files now???

Boyd · March 05, 2012, 03:37:31 PM

I don't think that was ever an issue, from what I saw. I don't believe this was a virus that could infect your own computer, it was an exploit infecting the web server that hosts gpsfiledepot. As far as I could tell, it only attempted to redirect you to a completely unrelated website (see links above) by embedding links to that site in the web page.

I don't see how that could affect a file that you download from GPSFileDepot.

henry001 · March 05, 2012, 03:52:17 PM

That is good to hear. I was afraid to open those exec files.

Boyd · March 05, 2012, 03:56:58 PM

As always, you should keep your anti virus software up to date.

GPSFileDepot Forums

News:

Domain forwarding issue

jbensman

-Oz-

Boyd

Indrid Cold

GreyDude

-Oz-

Boyd

Indrid Cold

jbensman

-Oz-

maps4gps

henry001

Boyd

henry001

Boyd