Posting this in IB because my experience us that threads in problems and suggestions get ignored.

A few times over the last 24 hours I've had the main forums.sv650.org address redirected to contestwinnersandprizes.com. Happening on both the laptops in my house (posting this from tapatalk as its happening now). If I try to hit any other page for instance usercp.php I get an apache internal server error.

Anyone else seeing the same? It could be a piece of malware thats affected both my laptops I suppose.

Nup,

Was just going to ask if you're laptops are networked in anyway that could share a virus etc. etc.

no problems here.

do the same people use the same laptops or share which ever one is available.

Anyone else seeing the same? It could be a piece of malware thats affected both my laptops I suppose.

Sounds more likely


you given them a once over?

Anyone else seeing the same?

Yes.

Had it last night redirected to that site so closed the browser. Tried again and again it redirected. Tried another site and it was fine. Not seen it since. I run AVG as my anti-virus, full scan reported no issues.

PM John

and make him aware

No problems in the frozen north.

This is all very nice but what have you won?

Anyone else seeing the same?

Nope no problems here.

I had the same earlier on this afternoon, through IE8 & landline.
Avast reported it as URL Malware and disconnected.
Seems OK now though.

I've hand no issue on Chrome, but doing a google based search redflags the forun

OK glad Squirrel Hunter is getting it as well, so less likely to be my laptops and more likely to be a forum or ISP issue.

SQ you are not on Orange by any chance?

Col, Richie posted he's having probs exactly like yours on FB.

OK glad Squirrel Hunter is getting it as well

I'm not.


SQ you are not on Orange by any chance?

Nope, Sky.

There is definitely a URL redirection happening, it is happen both through UK and international connections - I have tried ISPs in UK, US and The Netherlands. The redirect is also only happening through Firefox but not Chrome or IE.

Its happening on IE, Ffox and Chrome for me.

At least its not my laptops, I'll just use tapatalk until its sorted.

Most people will hate me for suggesting this but Safari doesn't seem to be affected.

I haven't seen a problem with Firefox on Mac.

Using chrome. typing "sv650.org" comes up with the problem, typing "forums.sv650.org" doesn't

Not happening here.
Contest winners you say col...?

Just goes to show I was wrong about you...;)

no problem on my laptop but on my phone's internet i get it

Had the same through Firefox this am. Malwarebyte showed nothing as did the scheduled AVG run.
Since no problems.

I'm not sure that it matters what browser you are on. It could be that the server has been compromised and there's a URL tedirection happening once you hit the org, or the domain could be subject to a DNS hijack, which would depend upon what ISP you are using.

redirection

had problems this morning on chrome and ie. Forum was dead and redirected to the 'your a winner' codswallop.

Had problems last night using my Windows phone. Ok so far this morning.

Wheyhey! I'm connected through a browser!

Lots of problems here.:smt039

Happened to me tonight when using IE8..... working normal with chrome....for the moment.

Wasn't on last night. Opera having no troubles at the moment

Same problem here tonight - Both Windows and Linux using Firefox and Opera.

And then suddenly it's OK again.

Got it once earlier tonite and been OK since?

Had it all day Friday from my work PC, when I got home it seemed OK on my laptop and desktop.

Question is..... is anyone running the forum doing anything about it?

No problems here.. firefox, virgin media..

What's ISP's are all the affected people using?

No problems here.. firefox, virgin media..

What's ISP's are all the affected people using?

Chrome on all 3 PC's

Not had a single problem but then we use Firefox in Ubuntu...

I haven't had any problem at all either; not at work or at home

I'm still trying to erase the 'Ralph' virus that's hanging around here....

;)

I am with Virgin media at home AT&T at work not seen any issues.

No problems here (home).

Max OS X 10.6.8, Safari v5.1.2, Virginmedia ISP.

I've had problems this morning. chrome, W7, sky.
Does anyone fall for these scams?.

It's not down to your computer, operating system or web browser. I was seeing it yesterday and this morning at home, but not today from work.

It's either the server or the dns which has been hijacked.

I've just had it happen to me on my iPhone, c**ts, can't we trace them and really spoil their looks?

Happened this morning on the phone, was worried I'd broken it somehow :-P

It looks like a DNS spoofing attack to me.

This is what I saw when telnetting to forums.sv650.org whilst it was happening:

% telnet forums.sv650.org 80
Trying 78.159.101.217...
Connected to forums.sv650.org.
Escape character is '^]'.
GET / HTTP/1.0

HTTP/1.1 302 Found
Date: Sun, 11 Mar 2012 21:00:05 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.5
Location: http://contestwinnersandprizes.com/d/tzonerz.com
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html

Connection closed by foreign host.

However, now it's OK again and when I ping forums.sv650.org I see:

% ping forums.sv650.org
PING forums.sv650.org (64.131.76.170): 56 data bytes

Notice that the ip address for the real Org is 64.131.76.170, but the server which is redirecting people to the scammers site is 78.159.101.217

so what's making the DNS redirect sporadic rather than permanent?

Many other sites are being affected. https://www.google.co.uk/#hl=en&gs_nf=1&cp=27&gs_id=32&xhr=t&q=contestwinnersandprises.com&pf=p&sclient=psy-ab&oq=contestwinnersandprises.com&aq=f&aqi=&aql=&gs_sm=&gs_upl=&gs_l=&pbx=1&bav=on.2,or.r_gc.r_pw.r_cp.r_qf.,cf.osb&fp=eca6a646aa0fe0a2&biw=1440&bih=785

Not had a single problem but then we use Firefox in Ubuntu...
Sadly that didn't help:
Same problem here tonight - Both Windows and Linux using Firefox and Opera.

These pr*cks should have their heads kicked in, there must be some way someone could plausibly find out where they live?

These pr*cks should have their heads kicked in, there must be some way someone could plausibly find out where they live?

Yep, these deserve it more than most.

These pr*cks should have their heads kicked in, there must be some way someone could plausibly find out where they live?

Back tracing the ISP through the emails- doable if your CIA, MI6, NSA

It looks like a DNS spoofing attack to me.


Looks more like compromised server. The '302 Found' is a web server redirect code (Moved Temporarily).

There's quite a few ways this can happen but the one we see most often is a hacked .htaccess file in the root directory. Have recently see them with several 'conditions' required for the redirect to fire, which would explain randomness.

Keep calm and carry on. I'm sure our Ubermeistertsm is sorting it as we speak ;)

Looks more like compromised server. The '302 Found' is a web server redirect code (Moved Temporarily).

There's quite a few ways this can happen but the one we see most often is a hacked .htaccess file in the root directory. Have recently see them with several 'conditions' required for the redirect to fire, which would explain randomness.

I did wonder if it was a compromised server because of the 302. However, the server that's redirecting is on a different ip address to the org's current ip. Also the way that some people are seeing it and not others, or at different times, would indicate that it's a dns attack, due to the way that dns changes propagate around the net.

If you are suffering, try setting your DNS server to the public google one at 8.8.8.8.

Won't be fast but should be reasonably reliable

Sorry wyrdness you're quite right - I hadn't read your post properly. :oops:

Looks more like compromised server. The '302 Found' is a web server redirect code (Moved Temporarily).

There's quite a few ways this can happen but the one we see most often is a hacked .htaccess file in the root directory. Have recently see them with several 'conditions' required for the redirect to fire, which would explain randomness.

I did wonder if it was a compromised server because of the 302. However, the server that's redirecting is on a different ip address to the org's current ip. Also the way that some people are seeing it and not others, or at different times, would indicate that it's a dns attack, due to the way that dns changes propagate around the net.

I love it when you guys talk geek to me :smt060

So I'm one of the lucky ones that hasn't been affected yet. :D

#hides before it does#

had it all saturday night! right pain in the ar5e! seems to be sorted for now though.

Forum is broke for me at the moment. Every time i try and get on it on my laptop it redirects me to contestwinnersandprizes.com/d/tzonerz.com
tapatalk is ok tho

DangerousDave is back!

Happening to me again this morning on my work PC, OK on my fone though.

Have sent TSM a message with exactly what the problem is. :cool:

Have sent TSM a message with exactly what the problem is. :cool:

"TSM you're a t**t" probably wont get it fixed Sudoxe...

:p

Wouldn't mind a copy of the solution if you don't mind forwarding it to me.

"TSM you're a t**t" probably wont get it fixed Sudoxe...

:p

Wouldn't mind a copy of the solution if you don't mind forwarding it to me.

But I posted him a new full stop ;)

I had it the other day on IE.

I am getting it on IE on the works PC now, what the hell!?

Not been able to get on the ORG all day apart from on my blackberry. What's happening?!

Working ok now for me.

Working fine on my home laptop

Someone called Rich dropped me an email yesterday. I was unaware of the problem up till that point, as I have had no issues myself. I just assumed it was malware on Rich's laptop.

To be on the safe side, I sent FIzzwheel and TSM an email yesterday just to check if they'd heard anything about this and Fizz directed me to this thread. I'm waiting to hear back from TSM, it's his server and I have limited access to the inner workings

More later.
John

YES.... Thank the lord someone else is having this problem and its not just me.

I completely got rid of Google chrome, then restarted the laptop and reinstalled it, That worked for about 2 days then yesterday same again different web page but the same crap and Google 404'd the mighty .Org

it's working again today... :0)

CHROME, WINDOWS 7, TalkTalk

...... it's his server and I have limited access to the inner workings

More later.
John

John - limited access to the inner workings of TSM are to be considered a blessing. There are some places a sensitive and intelligent person should not delve :smt109

I think wyrdness had it right (post #46) and it's a DNS issue. when he tried it forums.sv650.org was resolving to 78.159.101.217 (which then redirected to the http://contestwinnersandprizes.com/d/tzonerz.com site), instead of the proper 64.131.76.170.

A quick check of random DNS servers yesterday and while most had the right address, resolver1.opendns.com had the wrong one. It's showing the right IP now but for it to be wrong at all suggests a wider issue.

It's been fine all day today

had the same redirection issues recently, but been ok for past 2 days. only tried my laptop at home, not my phone using works broadband.

I think wyrdness had it right (post #46) and it's a DNS issue. when he tried it forums.sv650.org was resolving to 78.159.101.217 (which then redirected to the http://contestwinnersandprizes.com/d/tzonerz.com site), instead of the proper 64.131.76.170.

A quick check of random DNS servers yesterday and while most had the right address, resolver1.opendns.com had the wrong one. It's showing the right IP now but for it to be wrong at all suggests a wider issue.

since we now know the ip could we not all just navigate to 64.131.76.170 when experiencing the issue

since we now know the ip could we not all just navigate to 64.131.76.170 when experiencing the issue

Not quite.

But you can add

64.131.76.170 forums.sv650.net

to your Windows "hosts" file (Sid Squid, you will find a file called /etc/hosts on your Ubuntu box), Windows users, well it could be anywhere (as in Microsoft has changed its location on various different versions of Windows - do a search from the Windows Start Menu.)

Of course, knowing what the problem is, and understanding it, I would say that stuff would be time wasted (and potential for problems in the future) and that service will be back to normal in the next 24 hours.

Not quite.

But you can add

64.131.76.170 forums.sv650.net

to your Windows "hosts" file (Sid Squid, you will find a file called /etc/hosts on your Ubuntu box), Windows users, well it could be anywhere (as in Microsoft has changed its location on various different versions of Windows - do a search from the Windows Start Menu.)

Of course, knowing what the problem is, and understanding it, I would say that stuff would be time wasted (and potential for problems in the future) and that service will be back to normal in the next 24 hours.

Didnt understand a word of that except the last line which sounds good.:confused:

Not quite.

But you can add

64.131.76.170 forums.sv650.net

to your Windows "hosts" file (Sid Squid, you will find a file called /etc/hosts on your Ubuntu box), Windows users, well it could be anywhere (as in Microsoft has changed its location on various different versions of Windows - do a search from the Windows Start Menu.)

Of course, knowing what the problem is, and understanding it, I would say that stuff would be time wasted (and potential for problems in the future) and that service will be back to normal in the next 24 hours.
oh yeah! didn't think that through fully

Still zero issues on iPhone via O2 3G and virgin media, also no issues virgin media windows 7 Firefox.

Seems to have stopped on IE now

Still zero issues on iPhone via O2 3G and virgin media, also no issues virgin media windows 7 Firefox.

Thats probably because Virgin Media are doing something dumb like only updating their DNS servers every 6 months or something (overly harsh exageration there btw :p)

super dumb. I haven't seen one bit of spam. :razz:

super dumb. I haven't seen one bit of spam. :razz:

Or the thousands of requests for quotes for work done that they labelled as spam and just quietly binned for you...

Lol :) thousands of quotes

Take this soulkiss, a giant picture of an iPad!



http://wondrouspics.com/wp-content/uploads/2011/07/ipad_2.jpg

and Iphone

http://cache.gawker.com/assets/images/gizmodo/2009/07/macbook_cake_3.jpg

japanese cake iphone ftw.

Have sent TSM a message with exactly what the problem is. :cool:

What was it? What was it? Curious now... PM away as not to embarrass TSM ;)

Me too :)