Loading ...
Sorry, an error occurred while loading the content.

ADMIN - Site Hijack?

Expand Messages
  • Shane Steinkamp
    ... pdfs have had names like ... That is quite odd. It did it to me as well, and I had to instruct Avast to kill the connection. There is nothing in the
    Message 1 of 8 , Jun 1, 2009
    • 0 Attachment
      > Ok, so here's one... When I click on the URL
      > http://teststatus.backpackgeartest.org/ a pdf file
      > automatically downloads on my desktop. My mac is setup to automatically
      > try to open it, and when it
      >does it can't for whatever reason so it force quits adobe. Usually the
      pdfs have had names like
      > 866.pdf, or 477.pdf and it says the source is sabition dot com .
      > Any ideas?
      > Other than that, all my tester info is accurate.

      That is quite odd. It did it to me as well, and I had to instruct Avast to
      kill the connection. There is nothing in the source that would cause such a
      thing. Perhaps we have been hijacked in some way. I'll pass it up to Dave
      for advice.

      Shane
    • amatbrewer
      For what it is worth, I tried the link and going to it through BGT.org, and it works fine for me using IE?!?! Dave
      Message 2 of 8 , Jun 1, 2009
      • 0 Attachment
        For what it is worth, I tried the link and going to it through BGT.org, and it works fine for me using IE?!?!

        Dave

        --- In backpackgeartesters@yahoogroups.com, "Shane Steinkamp" <ygroups@...> wrote:
        >
        > > Ok, so here's one... When I click on the URL
        > > http://teststatus.backpackgeartest.org/ a pdf file
        > > automatically downloads on my desktop. My mac is setup to automatically
        > > try to open it, and when it
        > >does it can't for whatever reason so it force quits adobe. Usually the
        > pdfs have had names like
        > > 866.pdf, or 477.pdf and it says the source is sabition dot com .
        > > Any ideas?
        > > Other than that, all my tester info is accurate.
        >
        > That is quite odd. It did it to me as well, and I had to instruct Avast to
        > kill the connection. There is nothing in the source that would cause such a
        > thing. Perhaps we have been hijacked in some way. I'll pass it up to Dave
        > for advice.
        >
        > Shane
        >
      • Shane Steinkamp
        ... I use IE exclusively, and the external link did cause some malicious file to attempt download which was caught by Avast. There is nothing at all in any of
        Message 3 of 8 , Jun 1, 2009
        • 0 Attachment
          > For what it is worth, I tried the link and going to it through BGT.org,
          > and it works fine for me using
          > IE?!?!

          I use IE exclusively, and the external link did cause some malicious file to
          attempt download which was caught by Avast. There is nothing at all in any
          of the teststatus site that could cause such a thing, so I suspect a DNS
          hijack or something otherwise external to the site.

          Shane
        • Shane Steinkamp
          ... You are correct. BridGeT does not generate that. I wonder where it comes from... Shane
          Message 4 of 8 , Jun 1, 2009
          • 0 Attachment
            > There is some obfuscated javascript right after the BODY tag - it tries
            > to create an IFRAME to some third-party website. I didn't follow it
            > further than that, but it does look like a hijack of some sort.

            You are correct. BridGeT does not generate that. I wonder where it comes
            from...

            Shane
          • Shane Steinkamp
            I am uploading a fresh file set. Shane
            Message 5 of 8 , Jun 1, 2009
            • 0 Attachment
              I am uploading a fresh file set.

              Shane
            • Shane Steinkamp
              ... Should be. Shane
              Message 6 of 8 , Jun 1, 2009
              • 0 Attachment
                > Is it safe to go straight too BGT (not using the ADMIN links to get there?
                > I missed an edit when I
                > uploaded my Prime report this morning. Should have taken the nap
                > first...just had gotten off from
                > working a 24.

                Should be.

                Shane
              • Coy
                It is (safe), in case somebody else is nervous about getting on. Coy Boy
                Message 7 of 8 , Jun 1, 2009
                • 0 Attachment
                  It is (safe), in case somebody else is nervous about getting on.

                  Coy Boy

                  --- In backpackgeartesters@yahoogroups.com, "Shane Steinkamp" <ygroups@...> wrote:
                  >
                  > > Is it safe to go straight too BGT (not using the ADMIN links to get there?
                  > > I missed an edit when I
                  > > uploaded my Prime report this morning. Should have taken the nap
                  > > first...just had gotten off from
                  > > working a 24.
                  >
                  > Should be.
                  >
                  > Shane
                  >
                • Shane Steinkamp
                  Totally safe now. Shane
                  Message 8 of 8 , Jun 1, 2009
                  • 0 Attachment
                    Totally safe now.

                    Shane
                  Your message has been successfully submitted and would be delivered to recipients shortly.