Hack found and removed (1 Viewer)

[Jon]

I have discovered the cause of the forums slowing down. Someone planted a hack in part of the code when viewing a thread. I think what the hack does is drops an amazon cookie for a popular MS Access book, so that if any of you guys go to amazon to buy the book, the hacker gets a commission.

Anyway, I have removed it now and the CPU load has dropped considerably.

Does anyone know where I can report this fraud to amazon?

 

[Vassago]

You'll have no way to prove who put the hack in place. They more than likely wouldn't be able to do anything about it.

 

[pwbrown]

That's quite worrying they were able to do that and it took this long to find out. Hopefully it won't happen again because the site performance is great right now, was frustrating for two weeks with everything being so slow to load.

 

[Vassago]

With enough time and patience, anyone can do something like that to a site and bury code that would be difficult to locate. It was obviously harmless code, so not really all that worrying. If it were more serious, it probably wouldn't have taken so long to locate.

 

[Jon]

The hackers hide the code. There was a directory called smilie.gif, which in a url actually looks like a gif file. But no, it was a directory.

Since it has their amazon associates program ID, amazon should withhold their money for fraud.

 

[boblarson]

The hackers hide the code. There was a directory called smilie.gif, which in a url actually looks like a gif file. But no, it was a directory.

Since it has their amazon associates program ID, amazon should withhold their money for fraud.

I'd report it and let them decide whether they want to do anything. I wouldn't assume anything (neither that they would do something nor that they wouldn't).

 

[Vassago]

I can hide some code for someone else's book on Amazon and use their id. It doesn't mean they had anything to do with it.

I know it's far-fetched, but hackers are known trolls. They will do stuff like that to people they don't know just because they can. This person might be innocent.

 

[boblarson]

I can hide some code for someone else's book on Amazon and use their id. It doesn't mean they had anything to do with it.

I know it's far-fetched, but hackers are known trolls. They will do stuff like that to people they don't know just because they can. This person might be innocent.

And that is for Amazon to decide. There may be a pattern building and they may be able to get to the root of the problem. But if they never hear about it, they will most definitely not figure it out. The thing is, it would be the RARE occurance for someone to go through the trouble of inserting code to a site in order to garner SOMEONE ELSE money (unless they were hired by said person). So I say report it and let them sort it out.

 

[Vassago]

Not as rare as you think lol, trust me.

 

[boblarson]

Not as rare as you think lol, trust me.

Sounds like you have a guilty conscience. LOL

Oh well, I still stand by the statement to let the Amazon guys figure it out. It still does not make a hill of beans difference here as to who did it and why. It happened and should be reported. Speculating that it was somone playing tricks with no stake in the financial aspect is all fine and dandy but let THEM figure that out. Assuming that it was just someone messing around is like seeing someone suspiciously looking into cars and such and not reporting it. Sure, it may have been nothing but if it was it could help catch a thief and even stop some crime from happening. But just ignoring it has the risk that there was something criminal going on.

 

[RainLover]

Are we sure the problem is solved?

It is now 12:00 AM and I have been trying to open the site for the last hour.

Most of the time the home page would not open.

When it did the speed was that of a snail.

Maybe the problem is fixed and this is something new, I don't know. Hope Jon can work it out.

 

[RainLover]

Just a little bit more information for Jon.

I have to copy and past my reply to a Word Doc for fear of loosing the original as it tries to upload.

 

[pwbrown]

Are we sure the problem is solved?

It is now 12:00 AM and I have been trying to open the site for the last hour.

Most of the time the home page would not open.

When it did the speed was that of a snail.

Maybe the problem is fixed and this is something new, I don't know. Hope Jon can work it out.

The site has been great for me all day, you sure the problem wasn't at your end?

 

[Vassago]

No problems here either.

 

[NBVC]

No problem today for me either....

 

[RainLover]

The site has been great for me all day, you sure the problem wasn't at your end?

I checked all that I could at my end. I can't of course test the ISP.

Things are running fine at the moment so I will repost if it happens again.

 

[ChrisO]

It might help if people could say when the slowdown occurs.

If you log out there is a current time at the bottom of the screen. When logged out that time is server time and it could help to see if the site is under maintenance or being backed up.

Chris.

 

[Pat Hartman]

Even though the hack has been removed, I would report the incident to Amazon. Even though the hack didn't do any "damage" to this site it may have damaged Amazon by stealing money from them so it wasn't a victimless crime.

 

[Jon]

It did do damage. It cost me 3 weeks work and over 100 support messages to my host. It also slowed the site down, which hit internet traffic and ad revenues.

 

[Jon]

To give you guys an idea of what threats this site faces, I have had 24 people trying to log into the WordPress section of the site in less than 3 days. Just in the last 4 hours, there have been 33 ip addresses blocked due to repeated attempts to find pages that don't exist i.e. they are probing for vulnerabilities. Maybe about 150 different ip's who have tried pages that don't exist (again, probing).

Lots of people want to bring this site down or exploit it in some way!