url2SHORT.INFO

[baiyoke]

Hi webbie.

On many occasions in the past two months, on many different computers, when entering through goggle (searching "deeperblue.com"), I get instantly redirected to "url2SHORT.INFO", a webpage that I cannot close, unless I use ctrl+alt+delete and end all open windows.

It ONLY happens when I want to visit deeperblue.com. Sometimes it happens, sometimes it doesn't...

On a few (2 or 3) occasions it has happended after I entered the site, but was moving around, perhaps doing login (not sure).

Any idea what's going on???

Thanx

 

[trux]

I think the vBSEO module of the DB forum has a vulnerability that can be exploited in this way. I found some related info here: Security issue - vBulletin SEO Forums

Needs to be fixed anyway, but I wonder why you access the forum through Google. Simply bookmark it, and you can access it quickly without having to go through Google.

 

[rovanpera]

I get directed to the same site occasionally when I try to access a forum post from the google RSS reader...

 

[baiyoke]

Needs to be fixed anyway, but I wonder why you access the forum through Google. Simply bookmark it, and you can access it quickly without having to go through Google.

Yeah I can do that... And I kind of wondered the same thing myself... Really had to think there... ... well, it's because I'm used to using the drop-down adress-bar as my shortcut/"bookmark", but other people sometimes using my computer keep messing up the history because of "privacy"/deleted history/whatever... that deletes some (but not all) of the adresses... ... So I just got a (bad) habbit of using google quickly whenever it's not in the adress-bar, because google is my startpage... And because I'm new to this site, and could not remember if it was deeperdiving, deeperblue, deepersomething in the beginning, so I always googled (it a bit too many times ha ha...).

I've bookmarked it now, but if using a different computer it shows up again... Allthough I could just type the adress in directly instead I guess...

I'll deal with it from here, but I'm also thinking about people trying to visit deeperblue.com for the first time, and never coming back because of that...

 

[Stephan Whelan]

I haven't been able to replicate the issue. Can someone post the EXACT steps they take to reproduce this.

 

[Stephan Whelan]

Nevermind - was able to replicate. Am working on trying to secure against this.

 

[Stephan Whelan]

I believe this has been patched now. If anyone sees any suspicious activity around this sort of thing please let me know ASAP.

 

[Simos]

Was it XSS?

 

[trux]

Cross site scripting - a method hackers use for example for hijacking visitors to their websites or to run code on a their servers while visitor loads a legit page: Cross-site scripting - Wikipedia, the free encyclopedia

 

[Stephan Whelan]

Ivo - I think the question was if it was due to XSS rather than asking what XSS is

There was a vulnerability in one of the plugins that we run on this forum so i've taken steps to get that patched, add tracking and security aspects for the vector and will keep an eye on it.

 

[trux]

oops, sorry, looked too fast

 

[Simos]

Yes I didn't manage to see it before Stephan patched it so was just curious to find out if the exploit was due to XSS

 

[Stephan Whelan]

Simos - I'll send you details privately


Sent from my iPhone using Tapatalk

 

[Simos]

Simos - I'll send you details privately


Sent from my iPhone using Tapatalk

Great thanks appreciated Stephan - best not to post publicly you are right

 

[baiyoke]

FYI ther's still a vulnerability... Just got redirected to myfilestore.com, and when trying to close page, a pop-up tells me I have won something... I'm not able to close page, only if using ctrl+alt+delete.

I googled deeperblue from a friends computer, and clicked on second link: "forum".

 

[Stephan Whelan]

Correct - looks like there is a separate vulnerability that has been identified. Trying to figure out the vector and close it down.