PDA

View Full Version : WhiteBlaze Hacked??



Pages : [1] 2

Barman
2008-01-10, 18:00
Was looking around WhiteBlaze and all of the sudden, get a screen that it has been hacked. When trying to go back, get the same screen. Anyone else getting this??

Thanks, John B

Waterbuffalo
2008-01-10, 18:04
yes me too
what jerks

mountain squid
2008-01-10, 18:09
I got it also. :confused: :confused: Hope nothing bad has happened.

See you on the trail,
mt squid

Waterbuffalo
2008-01-10, 18:14
I know I just emailed ATTroll through Myspace

oops56
2008-01-10, 18:15
Yep me too one big hand dam.

dixicritter
2008-01-10, 18:42
Yes WhiteBlaze has been hacked. I have left Attroll a message on his cell phone. I am completely locked out too.

Jaybird62
2008-01-10, 18:45
I am also locked out. Same thing, big hand. Everything else on my computer seems to be working fine. I hope they can't screw with any of our other files? Anyone know

mountain squid
2008-01-10, 18:48
Thanks for the update, dixicritter. Once again, hope it isn't anything bad...

See you on the trail,
mt squid
:rankn-cpo

jrwiesz
2008-01-10, 18:49
Yes WhiteBlaze has been hacked. I have left Attroll a message on his cell phone. I am completely locked out too.

It appears many may be coming or here, or over at AT hiker online, as they are aware of the hacked WB. I saw a post over there just moments ago. They are referring others to this site.

jrwiesz
2008-01-10, 18:51
I am also locked out. Same thing, big hand. Everything else on my computer seems to be working fine. I hope they can't screw with any of our other files? Anyone know

Not sure. I did see an icon on the bottom right corner of the hacker page, but dare not click on it.

dixicritter
2008-01-10, 18:52
No don't click on anything on that page!!!

jrwiesz
2008-01-10, 18:56
No don't click on anything on that page!!!

That's what I thought.
Hey, I see, I can edit here. Is this standard? I like that!
I see l.wolf is here as a member, only 14 posts. Ready, set, go, everybodies in the race!

Sly
2008-01-10, 19:11
Does this look familiar?

mountain squid
2008-01-10, 19:12
I see l.wolf is here as a member, only 14 posts. Ready, set, go, everybodies in the race!
Now, that was funny:laugh: ...

See you on the trail,
mt squid
:rankn-cpo

Sly
2008-01-10, 19:14
No don't click on anything on that page!!!

I have Firefox with NoScripts. Unless I chose to allow scripts, none were live.

Jaybird62
2008-01-10, 19:18
That is it Sly.

Waterbuffalo
2008-01-10, 19:20
I'm having whiteblaze withdrawls
I bet it was wingfoot :)

dixicritter
2008-01-10, 19:22
I'm so angry right now I could spit nails. :mad:

Sly
2008-01-10, 19:26
Not sure. I did see an icon on the bottom right corner of the hacker page, but dare not click on it.

NoScripts has a block over whatever is there. Hovering my cursor over it says something about real audio. I don't think I'll investigate any further. :afraid:

Kirby
2008-01-10, 19:29
I, luckily, also use Firefox, although I had to use Internet explorer to get the nice little song that goes with it. We can unleash the might that is SGT Rock, L.Wolf, and company upon this guy.

The Hacker, I believe, posted on Trailforums.com, or at least someone going by the name "Hack report", and the poster fully supported the hack.

I, regretfully, believe the hacker will delete a whole lot of content on that site.

Kirby

Kirby
2008-01-10, 19:30
NoScripts has a block over whatever is there. Hovering my cursor over it says something about real audio. I don't think I'll investigate any further. :afraid:

it plays a nice little song for you. Nothing has happened to my computer since the song was played, but I luckily did not click on anything.

Kirby

Sly
2008-01-10, 19:31
it plays a nice little song for you. Nothing has happened to my computer since the song was played, but I luckily did not click on anything.

Kirby

What's it say Kirby? Is it repeatable?

gumball
2008-01-10, 19:34
Phew. I thought my own computer had also been hacked, but it appears other people are here without harm. I'm sorry WB is hacked--I hope there is no permanent damage!

Kirby
2008-01-10, 19:35
What's it say Kirby? Is it repeatable?

The song is dramatic, nothing about the take over, at least nothing I could tell. It was meant to make the page dramatic. It sounded like that really dramatic song frequently used in movies and other things when something intense is about to happen, usually to fire everyone up.

Best way I can describe it. I am concerned something map happen if I try to listen to it again. The lyrics are hard to tell.

Kirby

Barman
2008-01-10, 19:36
Here is the coding for the sound, but it wont play here.

</body>
<embed src=http://www.sabirano.com/sabir.ram width=21 height=15 hidden= type=audio/mpeg true autostart=true loop=-1><NOEMBED>-</NOEMBED></p>

I went to the web site, but didn't get anything.

John B

mountain squid
2008-01-10, 19:42
Phew. I thought my own computer had also been hacked
I thought the same...quickly restarted computer and internet connection and then came here. Didn't get any McAfee warning, so who knows:dontknow: .

See you on the trail,
mt squid

Kirby
2008-01-10, 19:43
Google: "Whiteblaze hacked", and look 2-3 posts down, interesting. I did not dare click the link, but that is the hacker claiming victory.

Kirby

Amigi
2008-01-10, 19:52
Sorry for Rick, Rock, and Dixie. I'll torture the f**ker for you if you catch him. But I sure hope this site doesnt become the new hangout for cyberhikers.

gumball
2008-01-10, 19:52
I think it is a rather offensive page, the one that pops up and says we've been hacked.

Yeesh.

Barman
2008-01-10, 19:53
Google: "Whiteblaze hacked", and look 2-3 posts down, interesting. I did not dare click the link, but that is the hacker claiming victory.

Kirby

I went to the site and it was in a foreign language. It talked about

TurKWorM Technology Hacking & Security Platform

what ever that is...

John B

dixicritter
2008-01-10, 19:53
Oh that was when WhiteBlaze got hacked in 2006 Kirby. This isn't the first time we've been hacked.

dixicritter
2008-01-10, 19:55
Sorry for Rick, Rock, and Dixie. I'll torture the f**ker for you if you catch him. But I sure hope this site doesnt become the new hangout for cyberhikers.

Now be nice Amigi.

Sly
2008-01-10, 19:57
Dixi, do you think this is random or someone that knows the site did it on purpose?

Kirby
2008-01-10, 20:00
Oh that was when WhiteBlaze got hacked in 2006 Kirby. This isn't the first time we've been hacked.

Oh, never mind then. No idea WB had been hacked before. Surely Troll must have the site's files stored on backup somewhere.

Kirby

dixicritter
2008-01-10, 20:10
Dixi, do you think this is random or someone that knows the site did it on purpose?

Most likely random. Lots and lots of nut jobs out there that think this crap is funny.

dixicritter
2008-01-10, 20:13
Oh, never mind then. No idea WB had been hacked before. Surely Troll must have the site's files stored on backup somewhere.

Kirby

I'm sure there's a backup. What I'm not sure of is when the last one was. Meaning we could possibly lose 24 to 48 hours worth of posts (possibly less) depending on the backup schedule.

scout005
2008-01-10, 20:17
Probly those global warming geeks who did it.

Wise Old Owl
2008-01-10, 20:21
How long has the site been down?





The hacker is a Turkish looser


http://www.turkworm.com/default/empty-t585.0.html

dixicritter
2008-01-10, 20:24
How long has the site been down?





The hacker is a Turkish looser


http://www.turkworm.com/default/empty-t585.0.html

It's been down a couple of hours now. I got the first call at 6:26pm ET.

ed bell
2008-01-10, 20:27
The hack is a vBulletin problem. Quite a few large message boards have been affected in the past few days. They thought it was a gallery problem at first, but they have identified something else as the vulnerable spot. I'll try to dig up a link.

jrwiesz
2008-01-10, 20:27
Now be nice Amigi.

Yeah!
I was going to reply to him and tell him, EVERYBODIES on their way over here to the new "hot spot".
Decided against, it.
I'll bet there will be plenty to this site, WB withdrawal and all, looking for information.
The first thing I did was search other sites to see if there was any indication of the hack. Here, and AT Hikers Online, both have the news of the hack, those are the only two if checked. I saw Jaybird62 on the other AT site, and I see he has posted here also.
I hope the hacker didn't damage too much.
Just keeps piling up doesn't?

ed bell
2008-01-10, 20:28
The hack is a vBulletin problem. Quite a few large message boards have been affected in the past few days. They thought it was a gallery problem at first, but they have identified something else as the vulnerable spot. I'll try to dig up a link.Start with this:http://www.vbulletin.org/forum/showthread.php?p=1418681

Kirby
2008-01-10, 20:32
Interesting. I have not received any suspicious emails luckily. Unless I am told otherwise, I will not open any Whiteblaze emails I am sent.

Kirby

Sly
2008-01-10, 20:35
I'm sure there's a backup. What I'm not sure of is when the last one was. Meaning we could possibly lose 24 to 48 hours worth of posts (possibly less) depending on the backup schedule.

Who does that the server or Troll.


Psst: Don't tell anyone www.whiteblaze.net/soruck still works.

Skidsteer
2008-01-10, 20:39
Dixi and Sly,

Let's PM each other about login procedure for mods when this thing is solved.

You know, things like if we need to change passwords, etc.

This sucks!

ed bell
2008-01-10, 20:42
http://forums.digitalpoint.com/showthread.php?t=644589&highlight=hacked
Can't get the link to work right, but the above addy is the best thread about this hack.

dixicritter
2008-01-10, 20:44
Who does that the server or Troll.


Psst: Don't tell anyone www.whiteblaze.net/soruck still works.

I believe it's both.

I figured it would be. Hammockforums.net is still up too.



Dixi and Sly,

Let's PM each other about login procedure for mods when this thing is solved.

You know, things like if we need to change passwords, etc.

This sucks!

Good idea Skids.

dixicritter
2008-01-10, 21:02
SGT Rock is home now and is working the issue as best he can from this end.

The Weasel
2008-01-10, 21:05
Found this site that describes hacking by similar people; googling the hackers comes up with a lot. Please forward this info to Troll

Appears to have a lot to do with vBulletin or whatever your program is.

http://www.vbulletin.org/forum/showthread.php?p=1418681

The Weasel

ed bell
2008-01-10, 21:06
I can't find the link, but I saw where it was a vBulletin index problem. Hopefully no data taken. Good luck!

Kirby
2008-01-10, 21:07
SGT Rock is home now and is working the issue as best he can from this end.

Tell him to go overseas and kick their a$$es army style, what ever that means.

Hope everything works out, I am monitoring progress as I crank out homework, multi tasking is a great skill to have.

Kirby

dixicritter
2008-01-10, 21:08
Thank you we're passing along all info we get.

Skidsteer
2008-01-10, 21:09
Sheesh. The photo gallery is toast too.

I was hoping from the info in Ed's link that they just go for the main forum.

SGT Rock
2008-01-10, 21:12
I just got in from Louisville to this. I'm trying to figure out what they did one step at a time.

Kirby
2008-01-10, 21:15
I just got in from Louisville to this. I'm trying to figure out what they did one step at a time.

Have you made sure the files from this site are backed-up as of the last couple days? I would hate to see it happen, but there is the potential this site could go down as well.

Kirby

The Weasel
2008-01-10, 21:17
Oh dang. Does this mean that it wiped out the messages a little while ago with Jack, Wolf and I proclaiming our everlasting regard, respect and admiration for each other and mutual promises of dignified, gentle discourse? No one will see them? Dang.

TW

Skidsteer
2008-01-10, 21:19
Oh dang. Does this mean that it wiped out the messages a little while ago with Jack, Wolf and I proclaiming our everlasting regard, respect and admiration for each other and mutual promises of dignified, gentle discourse? No one will see them? Dang.

TW

You mean no one would ever believe it without proof. :wink:

ed bell
2008-01-10, 21:21
I just got in from Louisville to this. I'm trying to figure out what they did one step at a time.
This MB had the same problem and it is where I saw the reference to the hack being only index based with no data stolen: http://forum.gsmhosting.com/vbb/showthread.php?p=2912016

The Weasel
2008-01-10, 21:22
You mean no one would ever believe it without proof. :wink:

Well, yeah. Even then it would have been tough. Now? Well, people will just have to trust me that I have a pretty high regard for Wolf and Jack.

TW

SGT Rock
2008-01-10, 21:27
Most likely this is going to be something easy to fix once I figure out where the issue really is. I had a similar one here once and it turned out that they uploaded a back door which I first had to find and delte and with that back door they were only able to do a couple of things - in that case it was to upload a new index.htm file which prempts an index.php file. Once I was able to find the malicious files and dlete them everything was completly back to normal.

In this case I am currently looking for the back door and have shut down the site. The SQL database that all the posts reside in is backed up regularly so we could restore it back to a couple of days ago if needed, but I hope that isn't required. What I need to do is find out if this was done by a "new user" and then delete any attachments that this person uploaded and ban their IP. The last time this happened to hiking HQ they cam back because I didn't get thieer IP banned right away. Once I got that done they never came back.

dixicritter
2008-01-10, 21:27
Well, yeah. Even then it would have been tough. Now? Well, people will just have to trust me that I have a pretty high regard for Wolf and Jack.

TW

You do know Jack and Wolf are members here too right? :wink:

jzakhar
2008-01-10, 21:34
Rock,

Do you have the tools from Jelsoft to verify the files running on your site? Also there are patches up to 3.6.8 which address a lot issues.

Toss me an email or PM if you would like some of the tools from vbulletin to help ease recovery.

Kirby
2008-01-10, 21:37
Rock:
You mentioned you have shut down the page. When I go to Whiteblaze.net, I still get the page the hackers put up, just seeking clarification.

Thanks,
Kirby

Kirby
2008-01-10, 21:38
Actually, I have it book marked to the forums page, not the homepage. The forums page I have book marked still has the hacker page up.

Kirby

SGT Rock
2008-01-10, 21:45
Yes, if you go to the homepage you will get a re-directing page, otherwise you gt the hacker page for now - I didn't want to do a bunch of file work until I looked into it. I have been checking the logs and such and have found the user that has created the problem and banned him, and have banned his IP over here as well so he cannot come on from that location. For now I am trying to figure out what causes our homepage to re-direct to this other index.htm that is showing up. I really don't want to clean the site up until I figure out how it happened.

jrwiesz
2008-01-10, 21:46
Oh dang. Does this mean that it wiped out the messages a little while ago with Jack, Wolf and I proclaiming our everlasting regard, respect and admiration for each other and mutual promises of dignified, gentle discourse? No one will see them? Dang.

TW

Didn't you print a copy for your records?
Shucks.
Let's just hope not too much was disturbed. I'm not all that much of a computer whiz. But, it appeared, when the site went down, by the garbage on the screen, the hackers were bent on destruction. Just a guess.

I'll go with the dignified, gentle discourse. Although we really have not rubbed too much.:biggrin:
Peace.

Kirby
2008-01-10, 21:49
Yes, if you go to the homepage you will get a re-directing page, otherwise you gt the hacker page for now - I didn't want to do a bunch of file work until I looked into it. I have been checking the logs and such and have found the user that has created the problem and banned him, and have banned his IP over here as well so he cannot come on from that location. For now I am trying to figure out what causes our homepage to re-direct to this other index.htm that is showing up. I really don't want to clean the site up until I figure out how it happened.

What type of damage has been done to the forums? Or is that not known yet?

Kirby

The Weasel
2008-01-10, 21:50
You do know Jack and Wolf are members here too right? :wink:


Really? Surely you jest!

Yes, Dixi, I fully suspected that pretty much all of the gang that likes Ernest a lot, for some reason, belongs here, too. But don't tell them what I said, OK? I don't want them to know. It would distress them.

TW

Skidsteer
2008-01-10, 21:50
Patience, Kirby, patience.

Wait till the fire is out.

The Weasel
2008-01-10, 21:52
Rock:
You mentioned you have shut down the page. When I go to Whiteblaze.net, I still get the page the hackers put up, just seeking clarification.

Thanks,
Kirby

Kirby: You are probably getting the hack page as a 'ghost'. Close your browser entirely and then reopen it and see.

TW

ed bell
2008-01-10, 21:52
This is a great opportunity to browse this site. I've been here a few times, but never posted. This is the site that started Sgt. Rock down the road that he is on now. I'm just pissed that he had to come home from a long day to this ****.
On top of that he has his hike to resume. Thanks for your efforts Rock and Dixicritter, it means a lot.

The Weasel
2008-01-10, 21:58
Yes, if you go to the homepage you will get a re-directing page, otherwise you gt the hacker page for now - I didn't want to do a bunch of file work until I looked into it. I have been checking the logs and such and have found the user that has created the problem and banned him, and have banned his IP over here as well so he cannot come on from that location. For now I am trying to figure out what causes our homepage to re-direct to this other index.htm that is showing up. I really don't want to clean the site up until I figure out how it happened.

Rock: If the IP address is in the US and you want to consider doing so, contact the nearest FBI office. From what I see, this group has hacked several other sites, and almost certainly many more. Even if not 'local', it merits reporting. They keep track of such things for many reasons.

TW

saimyoji
2008-01-10, 21:59
Didn't you print a copy for your records?
Shucks.

I got a screen shot as it was in my cache as the hacker struck. :bootyshak

Bidding starts at 5000.00 I accept bankers or cashiers checks only. Will email jpg upon receipt of cash.

SGT Rock
2008-01-10, 21:59
Well it looks like the extent of the damage will simply be some hurt pride or something like that. Somehow the index.php is pointing to another file - that index.htm with the hand on it that you see. As best as I can see for now the original index.phps are actually still on there. Sooooo, that means that there is some sort of modification made to one of the includes or modules or something that is taking the front page of the site to that page you are seeing.

All that means that the data is still in-tact. You just can't read it right now.

reddog176
2008-01-10, 22:03
More than likely, even if the problem is reported to the FBI, they wont do anything unless damages resulting in a certain monetary value has happened.

I'm not sure off the top of my head what that value happens to be anymore.

The Weasel
2008-01-10, 22:04
Rock (and everyone):

My computer just notified me (through "Windows One Care", my antivirus etc program) that I had a Trojan, which it deleted. I don't know, but it may be related to this problem. I couldn't save the name fast enough, but it is something about "trojan" and "redirect" or "redirector".

WB members should scrub with their antivirus, and you might want to make a warning post about that on WB when it comes back up.

TW

Lone Wolf
2008-01-10, 22:06
Oh dang. Does this mean that it wiped out the messages a little while ago with Jack, Wolf and I proclaiming our everlasting regard, respect and admiration for each other and mutual promises of dignified, gentle discourse? No one will see them? Dang.

TW

i never proclaimed liking, respecting, or admiring either of you two pricks

The Weasel
2008-01-10, 22:06
More than likely, even if the problem is reported to the FBI, they wont do anything unless damages resulting in a certain monetary value has happened.

I'm not sure off the top of my head what that value happens to be anymore.

Red Dog, on this one I'll claim professional expertise, and trump you unless you're in a related field. The FBI will take a full report, and accept all information. Will they act on this as if it was a major murder? No. But they gather info nationally on hacking and hackers, and every bit of evidence and information is welcomed by them and assists in building cases as well as helping to protect America's information networks.

TW

Kirby
2008-01-10, 22:07
I may be over reacting, but I just received a suspicious email. It was from someone I did not know (Josh Whalen), and the title was "friend request", but it was not facebook format or anything like that, and I received the email twice.

Over reaction? Most likely. Concerned? Yes.

Kirby

SGT Rock
2008-01-10, 22:07
There is a possibility that the page that it displays has an embeded java script to upload a trojan to your system. My system disables those by default and asks me if I want to enable them by page. For that page I have not allowed the script to run.

The Weasel
2008-01-10, 22:08
i never proclaimed liking, respecting, or admiring either of you two pricks

Wolf, I have no problem with you denying this. Some things are best left to secrecy. Thanks for everything, though, and I look forward to years more of the same. We won't tell others ever again.

Love (platonic only, of course),

TW

Skidsteer
2008-01-10, 22:10
I may be over reacting, but I just received a suspicious email. It was from someone I did not know (Josh Whalen), and the title was "friend request", but it was not facebook format or anything like that, and I received the email twice.

Over reaction? Most likely. Concerned? Yes.

Kirby


There is a possibility that the page that it displays has an embeded java script to upload a trojan to your system. My system disables those by default and asks me if I want to enable them by page. For that page I have not allowed the script to run.

Same here.

System asked me. I said no.

Run a scan, Kirby.

reddog176
2008-01-10, 22:10
Red Dog, on this one I'll claim professional expertise, and trump you unless you're in a related field. The FBI will take a full report, and accept all information. Will they act on this as if it was a major murder? No. But they gather info nationally on hacking and hackers, and every bit of evidence and information is welcomed by them and assists in building cases as well as helping to protect America's information networks.

TW

Alright, it's been quite along time since I've done any reporting to them.. prolly not since before 9/11. So things might be different in how their handled now.

-Reddog

4eyedbuzzard
2008-01-10, 22:13
I may be over reacting, but I just received a suspicious email. It was from someone I did not know (Josh Whalen), and the title was "friend request", but it was not facebook format or anything like that, and I received the email twice.

Over reaction? Most likely. Concerned? Yes.

Kirby

Yeah, I was going to ask Sgt Rock if any user registration/personal info files were downloaded by the hackers.

Oregonhiker
2008-01-10, 22:13
I may be over reacting, but I just received a suspicious email. It was from someone I did not know (Josh Whalen), and the title was "friend request", but it was not facebook format or anything like that, and I received the email twice.

Over reaction? Most likely. Concerned? Yes.

Kirby

surely it must be your bed time:bike:

reddog176
2008-01-10, 22:13
There is a possibility that the page that it displays has an embeded java script to upload a trojan to your system. My system disables those by default and asks me if I want to enable them by page. For that page I have not allowed the script to run.

Upon looking at the source of that page, the only thing i see is an embedded realplayer file.

-Reddog

Oregonhiker
2008-01-10, 22:15
i never proclaimed liking, respecting, or admiring either of you two pricks

Damn that's funny:beer:

Why are the emoticons so much more fun here too?

Some kind of marketing ploy sponsored by Samuel Adams?:beer: :beer: :beer: :beer: :beer:

SGT Rock
2008-01-10, 22:16
Thank goodness.

I think that there is an include that has been somehow hacked. I just checked the journal homepage and get the same thing. What I think may have happened is a security hole that allowed them to upload some sort of script as a different type of file. That include is probably in the header, so whenever the header is included in a page, you get that hacked htm instead of the correct page.

SGT Rock
2008-01-10, 22:17
Damn that's funny:beer:

Why are the emoticons so much more fun here too?

Some kind of marketing ploy sponsored by Samuel Adams?:beer: :beer: :beer: :beer: :beer:
Because I like them and this is my personal site. Maybe you can convince troll to add some more after we get WhiteBlaze sorted out.

reddog176
2008-01-10, 22:18
Thank goodness.

I think that there is an include that has been somehow hacked. I just checked the journal homepage and get the same thing. What I think may have happened is a security hole that allowed them to upload some sort of script as a different type of file. That include is probably in the header, so whenever the header is included in a page, you get that hacked htm instead of the correct page.

Just look for rogue include or require statments
should be easy to spot

-Reddog

Kirby
2008-01-10, 22:19
This is exciting, thus far 611 infections have been found on my computer, should be a fun night.

Kirby

SGT Rock
2008-01-10, 22:21
Troll has put a lot of hacks in the site while I was away. So I am trying to figure out what should and what shouldn't be there cold. I wish I could get a hold of him. The two things I want to try is a restore of the database and an upgrade of the vB software. I know he recently upgraded the PHP version on the server and I think the version of MySQL.

reddog176
2008-01-10, 22:21
Sheesh Kirby.. may as well just reinstall.. more than likely be easier.

-Reddog

Kirby
2008-01-10, 22:22
What do you mean by hacks? Sorry, I am not that computer savy.

Kirby

reddog176
2008-01-10, 22:23
Rock, I take it you have shell access to the server?

You could try doing an "ls -ltr" and it should list any files that have been modified last.

-Reddog

Kirby
2008-01-10, 22:23
Sheesh Kirby.. may as well just reinstall.. more than likely be easier.

-Reddog

My computer went from automatically checking once a week to not checking at all, this is the first manual scan I have done is quite a while.

Kirby

reddog176
2008-01-10, 22:24
What do you mean by hacks? Sorry, I am not that computer savy.

Kirby

Hacks, I.E. Small functionality changes to the site.

-Reddog

reddog176
2008-01-10, 22:25
My computer went from automatically checking once a week to not checking at all, this is the first manual scan I have done is quite a while.

Kirby

Some viruses are actually capable of disabling your automatic virus scans. Might be what happened.

-Reddog

Skidsteer
2008-01-10, 22:27
What do you mean by hacks? Sorry, I am not that computer savy.

Kirby


Shortcuts or ways to make a page look like you want it and do what you want it to do despite the bulletin board software.

Ways to get around the 'package' install.

Kirby
2008-01-10, 22:27
Some viruses are actually capable of disabling your automatic virus scans. Might be what happened.

-Reddog

"Zango" has been found as a critical infection on my computer, should I quarantine it or remove it?

Kirby

peanuts
2008-01-10, 22:28
well i guess you can add me to the list.... gone for a few hours...bang!! a hcked wb... can anyone say- withdrawal...

Sly
2008-01-10, 22:30
Yes, if you go to the homepage you will get a re-directing page, otherwise you gt the hacker page for now - I didn't want to do a bunch of file work until I looked into it. I have been checking the logs and such and have found the user that has created the problem and banned him, and have banned his IP over here as well so he cannot come on from that location..

Do you mind posting the IP?

reddog176
2008-01-10, 22:30
"Zango" has been found as a critical infection on my computer, should I quarantine it or remove it?

Kirby

Zango appears to just be spyware/adware.. shouldn't be a HUGE threat -- More info at http://en.wikipedia.org/wiki/Zango

-Reddog

Kirby
2008-01-10, 22:30
I am screwed, the virus cased my virus protection to close down.

Oregonhiker
2008-01-10, 22:30
Because I like them and this is my personal site. Maybe you can convince troll to add some more after we get WhiteBlaze sorted out.

The more beer the better ol' gramppapy used to say:beer:

Oregonhiker
2008-01-10, 22:31
This is exciting, thus far 611 infections have been found on my computer, should be a fun night.

Kirby

Good grief:bootyshak

Hooch
2008-01-10, 22:33
Well folks, this just sucks all to hell. Dunno who did what they did to WB, but they deserve to rot for it. They've really mesed up my evening. :argh:

dixicritter
2008-01-10, 22:36
Mine too Hooch... mine too!:motz:

oops56
2008-01-10, 22:36
Well i got spy ware avast virus zone alarm so far so good.spy run once a week takes 30 min.

SGT Rock
2008-01-10, 22:38
I'll find that IP. Right now I searching the database for the forum for some things to see if I can find the malicious stuff.

Lone Wolf
2008-01-10, 22:38
spankin' MM weren't such a good idea :bootyshak

SGT Rock
2008-01-10, 22:39
212.116.220.73

Skidsteer
2008-01-10, 22:39
Well i got spy ware avast virus zone alarm so far so good.spy run once a week takes 30 min.

It'd be a good idea to run it right now. For everybody.

Better safe.

jrwiesz
2008-01-10, 22:40
i never proclaimed liking, respecting, or admiring either of you two pricks

I thought that, perhaps, there was some writer embelishment, when I initially ready the post.:biggrin:

Hooch
2008-01-10, 22:40
Mine too Hooch... mine too!:motz:Mayeb it works out for the best, I have to start a 16 hour shift at 0700. The lack of any WB tonight will get me in bed at a reasonable hour, hopefully. BTW, why are the emoticons so much more fun here??

Oh, and SGT Rock is so short he uses a paper towel for an underquilt. :aetsch:

Sly
2008-01-10, 22:41
I think I'm safe. Comodo Firewall with Defense +, BOClean, NOD32 AV and a router with a firewall.

Hey hacker :bootyshak

Kirby
2008-01-10, 22:41
Re-scanning computer, everything seems to be doing well, restarted to try and fix things. Now my question is when something is found, should I quarantine ore remove?

Thanks,
Kirby

Alligator
2008-01-10, 22:41
Can we at least get a little green screen here for the time being?:canabis:

reddog176
2008-01-10, 22:44
212.116.220.73

that Ip address is definatly a Saudia Arabia address. Running some checks to see if it's an open proxy or not.

-Reddog

ed bell
2008-01-10, 22:45
I'll find that IP. Right now I searching the database for the forum for some things to see if I can find the malicious stuff.
Rock, the Admin at another site that was targeted posted this:http://forum.gsmhosting.com/vbb/showpost.php?p=2915386&postcount=47
Is this what you are looking for?

reddog176
2008-01-10, 22:47
that Ip address is definatly a Saudia Arabia address. Running some checks to see if it's an open proxy or not.

-Reddog

Looks like that ip is no longer in use at the moment, so it's more than likely not a proxy.

The ip belongs to this company:

role: AwalNet Role
address: Akariah 3, 8th Floor, Olaya St.
address: P.O.Box 50, Riyadh 11372, Saudi Arabia.
address: see http://www.awalnet.com
phone: +966 1 4600111
fax-no: +966 1 4601110
remarks: trouble: abuse@awalnet.net.sa

I'll bet it's a dynamic IP, and unless you get lots of traffic from Saudia Arabia, you'll be better off banning 212.116.220.*

-Reddog

SGT Rock
2008-01-10, 22:49
That looks like the same thing I am trying to track down. It is a template thing. Upgrading to the newer version will fix it per VBulliten suport forum.

Ron Haven
2008-01-10, 22:50
Do you mind posting the IP?I spoke to Rock one day last year about all these Asian groups trying to hack into forums.Lately they have been coming on strong.Besides appalachiantrailservices.com I also have franklingossip.com or wncforum.com and it is a full time job keeping out all this Asian garbage.

Sly
2008-01-10, 22:50
212.116.220.73

Thanks, I checked my active connections from time to time since this happened, never noticed it.

Once I figure out how to make a firewall rule, I'll ban it.. :bandit:

SGT Rock
2008-01-10, 22:50
Yes, I learned that lesson with my last bad hack attack. I banned the one they attacked from and they came back again with an IP that was a number different, so I banned the series. So now no one from that part of Turkey can visit my site.

reddog176
2008-01-10, 22:52
Yes, I learned that lesson with my last bad hack attack. I banned the one they attacked from and they came back again with an IP that was a number different, so I banned the series. So now no one from that part of Turkey can visit my site.

Okies, just checking..
I know sometimes in situations like this I tend to overlook things.
:afraid:

SGT Rock
2008-01-10, 22:54
Well I checked every possible part of the site and there are no viruses. I'm still searching the dBase for the template screw up.

ed bell
2008-01-10, 22:54
That looks like the same thing I am trying to track down. It is a template thing. Upgrading to the newer version will fix it per VBulliten suport forum.
Good luck and get some damn sleep son, you've got some thru-hikin' to do.:bandit:

Kirby
2008-01-10, 22:55
*waiting for virus scan to complete so I can sleep*

I am guessing WB or HHQ does not receive a ton of traffic from Saudia Arabia, or that part of the world in general.

Kirby

Sly
2008-01-10, 23:00
I'll bet it's a dynamic IP, and unless you get lots of traffic from Saudia Arabia, you'll be better off banning 212.116.220.*

-Reddog


I made a global rule blocking 212.116.222.000 > 255 will that work? :albertein

reddog176
2008-01-10, 23:01
I made a global rule banning 212.116.222.000 > 255 will that work? :albertein

yeah, that'll do it

-reddog

dixicritter
2008-01-10, 23:03
ooooo techy talk... y'all are so cool! :wink:

SGT Rock
2008-01-10, 23:04
I think I found it in the template.

Kirby
2008-01-10, 23:04
Time to create "A dummy's guide to banning bad IP addresses from taking over my computer".

Kirby

Midway Sam
2008-01-10, 23:05
Rock,

I also sent this via PM and eMail but I wanted to make sure you saw it ASAP...

I know many people are throwing you links, but you need to address 2 issues... the corruption in the DB and the security flaw that allowed the corruption. Here is the solution to the flaw...

http://www.photopost.com/forum/showthread.php?t=134910

I have a vBulletin forum with Photopost and I am familiar with the exploit.

Sly
2008-01-10, 23:07
ooooo techy talk... y'all are so cool! :wink:

LOL... I know. Normally if it's any more than moving my mouse and clicking I'm lost. :stupido:

reddog176
2008-01-10, 23:07
ooooo techy talk... y'all are so cool! :wink:

Lol, 'tis what I do for a living..

-Reddog

SGT Rock
2008-01-10, 23:08
It's all over the template dBase. I gotta restore an older version.

Midway Sam
2008-01-10, 23:09
Here is the text of an eMail that the Photopost license holder should have received yesterday...


Dear Sam,

This bulletin affects all versions of PhotoPost vBGallery prior to 2.4.2 but does not affect PhotoPost Pro, ReviewPost, or PhotoPost Classifieds.

We recently became aware of a new exploit that hackers have created in order to upload and attempt to execute php scripts on a webserver using vBGallery. The exploit essentially involves uploading a PHP script disguised as an image file, using a filename that contains a ".php.gif", "
php.wmv" or a similar file extension in order to manipulate or trick the Apache webserver into executing the script as a PHP program. Ultimately, this is a security flaw in the Apache webserver and has the potential to affect any software that handles user file uploads, not just vBGallery, but we have patched vBGallery and released 2.4.2 to prevent this issue from occuring.

Please visit our forum to read the complete bulletin, see instructions on updating to vBGallery 2.4.2 for vBulletin 3.6 and 3.7 (or manually patching older versions of vBGallery against this potential exploit), and read about the provided "clean.php" scanner script used to look for potential ".php.gif" type file uploads:
http://www.photopost.com/forum/showthread.php?t=134910

Thanks,

The PhotoPost Team

dixicritter
2008-01-10, 23:12
LOL... I know. Normally if it's any more than moving my mouse and clicking I'm lost. :stupido:


Lol, 'tis what I do for a living..

-Reddog

Don't worry guys that really was a compliment. :) I married a computer geek don't forget. :D

SGT Rock
2008-01-10, 23:13
Just saw what you posted sam, I think that is right on with it. The first instance of the script I found was actually listed in the database as uploaded by photo post.

Midway Sam
2008-01-10, 23:15
Ha, this exploit only seemes to affect Apache web servers. This is one of the few times it has been a POSITIVE thing for me to be running IIS on Windows. <grins>

The Weasel
2008-01-10, 23:21
I thought that, perhaps, there was some writer embelishment, when I initially ready the post.:biggrin:

"Writer enhancement"? Moi?

TW

Grandma
2008-01-10, 23:32
Man, I feel violated. :bath:

Guess I will run a scan just to be safe. I've got time, my wife is in the bedroom running on the treadmill.

Lugnut
2008-01-10, 23:56
i never proclaimed liking, respecting, or admiring either of you two pricks

I knew you would come thru! :beer:

Oregonhiker
2008-01-11, 00:11
212.116.220.73

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 212.0.0.0 - 212.255.255.255
CIDR: 212.0.0.0/8
NetName: RIPE-NCC-212
NetHandle: NET-212-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1997-11-14
Updated: 2005-08-03

# ARIN WHOIS database, last updated 2008-01-10 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

saimyoji
2008-01-11, 00:19
Man, I feel violated. :bath:

Guess I will run a scan just to be safe. I've got time, my wife is in the bedroom running on the treadmill.

Hmmmm...Grandma has a wife.....:biggrin:

Sly
2008-01-11, 00:24
Oregonhiker, I'm not sure how you got that. RIPE is like IANA or WHOIS or one of those companies that checks and assigns IPs they're not a hack site.

Gaiter
2008-01-11, 03:04
wow, i'm suffering from whiteblaze withdrawal and obviously not the only one
go admins go, :beer: go admins go :elefant: beat those hackers :fight:
:arty:

okay i've done my cheering

Gaiter
2008-01-11, 03:07
This is exciting, thus far 611 infections have been found on my computer, should be a fun night.

Kirby

get a mac (yes i know mac viruses are still out there, but they are so rare, and stopped so quickly you don't have to worry about them) thats my answer to every pc problem.

GGS
2008-01-11, 03:28
Ha, this exploit only seemes to affect Apache web servers. This is one of the few times it has been a POSITIVE thing for me to be running IIS on Windows. <grins>

LOL! MW Sam, let's celebrate while we can!

SGT Rock
2008-01-11, 07:25
Troll restored the back-up at 0-dark-stupid so some posts and user accounts are lost, but for the most part we are OK. Basically any posts or thread or new users that joined after 0200 EST on the 10th of January.

Until Troll checks all the security holes, the site will be turned off. In case you didn't know, ATTroll does most of the software upgrades- that whole one cook theory works for us.

So keep on coming here until he gets it done I expect it will probably be later today or tomorrow.

dixicritter
2008-01-11, 07:31
I sure do wish y'all liked the smilies here better. :wink:

Huge sigh of relief and cudos to Rock and Troll!!!!:congrats: Happy dance time.:dancing2:

Gray Blazer
2008-01-11, 07:38
Good morning. Looks like I'm gonna actually teach kids today instead of hanging out on WB. :aetsch:

SGT Rock
2008-01-11, 07:53
Troll really deserves the credit on getting the site restored.

JAK
2008-01-11, 07:58
I sure do wish y'all liked the smilies here better. :wink:

Huge sigh of relief and cudos to Rock and Troll!!!!:congrats: Happy dance time.:dancing2:Smilies here way better. I consider this place more like home. :tee:
I only hang out at the other place because I feel the need to misbehave a little. :thrasher:

Sly
2008-01-11, 08:01
Good Morning SGT Rock's Hiking H.Q.! :bike:

SGT Rock
2008-01-11, 08:04
:cheers: Admit it, y'all loves my smilies:drillserg

Sly
2008-01-11, 08:04
Troll restored the back-up at 0-dark-stupid so some posts and user accounts are lost, but for the most part we are OK. .

.

You mean all of TW's posts have vanished? Such a pity! :beer:

Lone Wolf
2008-01-11, 08:06
sorry i messed up whiteblaze. i was typing stuff, right clicking etc. then:gob_beer the site went down!

Lone Wolf
2008-01-11, 08:08
:cheers: Admit it, y'all loves my smilies:drillserg

:canabis: like yeah dude. totally

Sly
2008-01-11, 08:09
sorry i messed up whiteblaze. i was typing stuff, right clicking etc. then:gob_beer the site went down!


No doubt it was that group hug with BJ and TW that did it. :aetsch:

SGT Rock
2008-01-11, 08:21
:knuddel: Yep, some things are so wrong they destroy the fabric of space time and take down websites:albertein

Grandma
2008-01-11, 08:28
:proud:
Hmmmm...Grandma has a wife.....:biggrin:
Don't get your hopes up, I'm not a 29 yr old lesbian. My wife and I were going over Vail pass on snowmobiles one winter, and the trails were in rough shape. I was taking it easy, and my wife passed me and yelled, "speed up Grandma!" It kind of stuck. Sorry to ruin any fantasy you had. :aetsch:

JAK
2008-01-11, 08:35
Sometimes I feel I'm a lesbian trapped in a mans body. :date:

Alligator
2008-01-11, 09:02
:knuddel: Yep, some things are so wrong they destroy the fabric of space time and take down websites:alberteinGood thing it wasn't JT and WD:bike: you might have lost a whole month.

mountain squid
2008-01-11, 09:09
Well, Good morning everyone. Glad to see the problem at WB has been identified.

SGT Rock, you're too short to still be pulling an all-nighter:coffee: ... thanks for the hard work. (When I was this short, I don't think I even made it past noon:biggrin: ...)

See you on the trail,
mt squid
:rankn-cpo

:hmmmm: wondering how many people made their first post here, on this thread?

:cguru: Hackers beware...

Sly
2008-01-11, 09:25
:hmmmm: wondering how many people made their first post here, on this thread?

:cguru: Hackers beware...

I thought I had joined before but apparently not. :adore: HHQ

Tin Man
2008-01-11, 09:28
:hmmmm: wondering how many people made their first post here, on this thread?


Is there a prize? (1st post here for me)

Tin Man
2008-01-11, 09:40
Well now that we have the offending IP address, how do we send a virtual nuke and melt the frackers website, keyboards and all? :cguru:

SGT Rock
2008-01-11, 12:10
The few times WhiteBlize goes down I get a spike in new members. And today of all days my server is doing something that is causing temporary outages.

Alligator
2008-01-11, 12:27
The few times WhiteBlize goes down I get a spike in new members. And today of all days my server is doing something that is causing temporary outages.Probably a bunch of rabble rousers too, the lot of them.

Any idea if WB PM's were lost?

SGT Rock
2008-01-11, 12:30
The only ones that would have been lost were any that were sent after 0200 on the 10th of January.

Tin Man
2008-01-11, 12:40
The only ones that would have been lost were any that were sent after 0200 on the 10th of January.

The temporary home page on WB is a little confusing...

"Everything posted on WhiteBlaze after midnight on 9 January 11, 2008 will be lost."

SGT Rock
2008-01-11, 12:56
I'm confused by that too. But what I can tell from looking at it is the last post made before the back up was at 0200 EST on the 10th. So as long as we use that as the last good restore point before the upgrade to the software, that should be the as of time when everything after that went into a black hole.

Alligator
2008-01-11, 13:13
The temporary home page on WB is a little confusing...

"Everything posted on WhiteBlaze after midnight on 9 January 11, 2008 will be lost."Attroll may been thinking between those days. Sometimes people think of midnight as the end of the day.

JAK
2008-01-11, 13:18
Ah well. I am not too saddened by my lost posts. It wasn't my best work. :stupido:

:biggrin:

If your heading out this weekend Rock, have a blast.
I intend to get out and mess about a bit, if only a daytrip.

Tin Man
2008-01-11, 13:41
The temporary home page on WB is a little confusing...

"Everything posted on WhiteBlaze after midnight on 9 January 11, 2008 will be lost."

My question was more what does 9 January 11 mean? 9th of January or 11th of January. I take it from Rock's post it should read either:

9 January, 2008 or January 9, 2008 and not: 9 January 11, 2008

or am I missing something?

(sorry if this is nitpicking, I just like to be clear)

SGT Rock
2008-01-11, 13:47
I have no clue at all. Ignore the man behind the curtain.

Alligator
2008-01-11, 13:49
I'm just guessing but I think he could of meant something like
9th-January 11, 2008. ATTroll doesn't type well, and he was probably tired at that point.

Tin Man
2008-01-11, 14:04
I guess we will find out when it comes back up. In the meantime has a Ranger Team been dispatched to take out the perpetrators?

Sly
2008-01-11, 14:12
Damn, I thought someone got this site too, minus the hand. :bandit:

Rock, got a question or three. What would happen if you back upped the tainted site? Do you have several back ups to choose from? :toilet:

Sly
2008-01-11, 14:16
I guess we will find out when it comes back up. In the meantime has a Ranger Team been dispatched to take out the perpetrators?

I'd like to find out who the anonymous posters were on Trail Forums that thought it was deserving and one guy from the at-l who I never saw post before that said it was karma because of the moderation.

Ironically, after that dude posted to TF about saving the hand and if anyone wanted a copy to email him, the mods there closed that thread! :beer:

jzakhar
2008-01-11, 14:29
Damn, I thought someone got this site too, minus the hand. :bandit:

Rock, got a question or three. What would happen if you back upped the tainted site? Do you have several back ups to choose from? :toilet:

If that was the case you could still recover from it, it would just take a lot longer. Start with a fresh set of files, then wipe the templates and import the default and start over.

wanderer42460
2008-01-11, 14:33
thanks rock for updating me. man i and Terry7 are having whiteblaze withdrawls......................

i have to go by this handle instead of "the only wanderer" but i am still "THE ONLY WANDERER!"

did we piss someone off over at whiteblaze or is it the software company screwing with us so we had to purchase the proper updates?

Sly
2008-01-11, 14:42
did we piss someone off over at whiteblaze or is it the software company screwing with us so we had to purchase the proper updates?

Some geeky dudes from Arabia that found a vulnerability in the software vBulletin puts out and WB uses. They've hacked other sites too. :cguru:

I guess since they can't go out with girls/women they have nothing better to do! :ahhhhh:

I saw somewhere that some guy bans all IP's from the ME and Turkey. I wonder what the Koran says? :bike:

SGT Rock
2008-01-11, 14:44
I guess we will find out when it comes back up. In the meantime has a Ranger Team been dispatched to take out the perpetrators?
I'm thinking of figuring out who it was and sending them a "you won the lottery" thing and wait for them to show up. I love it when they do stings like that.

Damn, I thought someone got this site too, minus the hand. :bandit:

Rock, got a question or three. What would happen if you back upped the tainted site? Do you have several back ups to choose from? :toilet:
If I understand what you mean - backing up the site AFTER it was hacked? The problem with that is there might be something in that copy that you don't catch when you go to fix and restore which allows them back in.

The site is generally backed up every night, so on the average if there is a problem we normally only lose data for a few hours. So say a site gets hacked at 1000 that was backed up at 0200 we only lose 8 hours of issues.


I'd like to find out who the anonymous posters were on Trail Forums that thought it was deserving and one guy from the at-l who I never saw post before that said it was karma because of the moderation.

Ironically, after that dude posted to TF about saving the hand and if anyone wanted a copy to email him, the mods there closed that thread! :beer:
Trail Forums is a little less monitored than WhiteBlaze and the system is so open I could go on there and post as Sly. People that get hassled for acting like jerks on a more moderated and controled site love that sort of freedom. I normal ignor them because they do it to themselves. If they only realized the irony of how they are acting over there.

That said, I remember back when we started, Zip Drive was telling me about some of the trolls they had problems with over there that were on our site now. Funny how they run around.

But with all that, I'm starting to have more sympathy for WF and how he got to be the way he was. As for me I absolutly hate moderating, so if i pissed someone off they really went over the edge to get me to even act.



If that was the case you could still recover from it, it would just take a lot longer. Start with a fresh set of files, then wipe the templates and import the default and start over.
The thing I noticed in this last hack and recovery is how we can import differnt parts of the dBase. So once this is all over I think the prudent thing to do would be occasionally back up certain sections - so like when we make changes to the template create a back-up of just that section of the dBase so if it ever does get screwed up we can restore just that section without having to write over all the other data like posts. But that sort of restore has certain dangers. I was searching for instances of the hijack script in the dBase last night and found it had actually been embeded in some posts in the forum dBase as well as the template dBase.

SGT Rock
2008-01-11, 14:46
thanks rock for updating me. man i and Terry7 are having whiteblaze withdrawls......................

i have to go by this handle instead of "the only wanderer" but i am still "THE ONLY WANDERER!"

did we piss someone off over at whiteblaze or is it the software company screwing with us so we had to purchase the proper updates?No, despite all the conspiricy theories over on TJ, it really was just some teenage jackasses from Saudi, not some bonehead I told to stop acting like a bonehead. Lets face it, except for maybe one or two guys ever, most of the trolls that act like that don't have the skills required.

Tin Man
2008-01-11, 14:56
I'm thinking of figuring out who it was and sending them a "you won the lottery" thing and wait for them to show up. I love it when they do stings like that.

Cool, what are you figuring for a jackpot after they show up?

kdholmwood
2008-01-11, 15:05
For many weeks I have been getting "Internet Explorer cannot display the webpage" every time I try to visit WhiteBlaze from my home pc here in England. No problems from my school computer. Probably not connected to recent sabotage, but is anyone else having similar difficulties?
Keith

Skidsteer
2008-01-11, 15:28
For many weeks I have been getting "Internet Explorer cannot display the webpage" every time I try to visit WhiteBlaze from my home pc here in England. No problems from my school computer. Probably not connected to recent sabotage, but is anyone else having similar difficulties?
Keith

Nope. It's been loading fine until last night.

ed bell
2008-01-11, 16:12
No, despite all the conspiricy theories over on TJ, it really was just some teenage jackasses from Saudi, not some bonehead I told to stop acting like a bonehead. Lets face it, except for maybe one or two guys ever, most of the trolls that act like that don't have the skills required.Funny posts over there about this. They (the couple of jackasses) actually started with the tragedy involving Meredith. I saw the shameful lies and outright fabrications about WB that I couldn't help but respond. Not to stir it up, but to give what I believed to be WB's side of the story. I made sure to point out that many members of WB love TJ.com and use their journal hosting services. I'd bet that the moderators over there can't stand some of the stupid crap that gets spewed by a couple of the posters over there. Oh well, I guess it's an ongoing battle that is never won. Good thing is that once sites get the good reputation that TJ.com and WB have, it ain't hard to find folks to stick up for them while using facts instead of fabrications. Thanks again SGT. Rock and ATTroll for keeping WB a site worth contributing to. Like HikingHQ as well,BTW.:bandit:

Hog On Ice
2008-01-11, 16:14
For many weeks I have been getting "Internet Explorer cannot display the webpage" every time I try to visit WhiteBlaze from my home pc here in England. No problems from my school computer. Probably not connected to recent sabotage, but is anyone else having similar difficulties?
Keith

read the linked thread starting with page 3 and see if the resolution works for you also: http://hikinghq.net/forum/showthread.php?t=2484&page=3

short answer - check your DNS settings - it should be select DNS server automatically

Sly
2008-01-11, 16:32
Hey HOI what's with the avatar, I thought you were opposed to things like that?:biggrin:

Alligator
2008-01-11, 16:45
I have to say, it doesn't look like too many folks made it to the alpha site. Must of just succumbed to withdrawal. :dontknow:

The Weasel
2008-01-11, 17:01
You mean all of TW's posts have vanished? Such a pity! :beer:

Sly, I was gonna stop, but now that you've asked, I'll keep on posting! Thanks! I know everyone will be grateful to you for getting me to keep on keeping on!

TW

The Weasel
2008-01-11, 17:03
:knuddel: Yep, some things are so wrong they destroy the fabric of space time and take down websites:albertein

Ummm...now that we know how to do it........

TW

Hog On Ice
2008-01-11, 17:05
Hey HOI what's with the avatar, I thought you were opposed to things like that?:biggrin:

avatar? avatar??? what avatar? I don't see no avatar...

Oh you mean the one in my profile - its just a hat similar to one I often wear hiking.

SGT Rock
2008-01-11, 17:06
Cool, what are you figuring for a jackpot after they show up?Ass whooping. Thier momma's didn't raise 'em right.


For many weeks I have been getting "Internet Explorer cannot display the webpage" every time I try to visit WhiteBlaze from my home pc here in England. No problems from my school computer. Probably not connected to recent sabotage, but is anyone else having similar difficulties?
KeithWe had that a while back for another user. Turns out a trojan had changed his DNS settings.


Funny posts over there about this. They (the couple of jackasses) actually started with the tragedy involving Meredith. I saw the shameful lies and outright fabrications about WB that I couldn't help but respond. Not to stir it up, but to give what I believed to be WB's side of the story. I made sure to point out that many members of WB love TJ.com and use their journal hosting services. I'd bet that the moderators over there can't stand some of the stupid crap that gets spewed by a couple of the posters over there. Oh well, I guess it's an ongoing battle that is never won. Good thing is that once sites get the good reputation that TJ.com and WB have, it ain't hard to find folks to stick up for them while using facts instead of fabrications. Thanks again SGT. Rock and ATTroll for keeping WB a site worth contributing to. Like HikingHQ as well,BTW.:bandit:
I know. But they speak volumes to their own character every time they post. The funny thing is they never realize it.

read the linked thread starting with page 3 and see if the resolution works for you also: http://hikinghq.net/forum/showthread.php?t=2484&page=3

short answer - check your DNS settings - it should be select DNS server automatically
That is what I was thinking of too HOI. That avatar looks just like the hat you wear.

Sly, I was gonna stop, but now that you've asked, I'll keep on posting! Thanks! I know everyone will be grateful to you for getting me to keep on keeping on!

TW
Always greatful for you Weasel. Some folks just got to get to know you.

Hog On Ice
2008-01-11, 17:09
Always greatful for you Weasel. Some folks just got to get to know you.

hey Rock - get it right - its "The Weasel" :biggrin:

The Weasel
2008-01-11, 17:09
Always greatful for you Weasel. Some folks just got to get to know you.

I know what you mean, Rock. And I like introducing myself, particularly when I have the right address for them to give to the process server!

TW

______

"One lawyer in small town will generally starve. But two can make a pretty good living." - A. Lincoln

mountain squid
2008-01-11, 17:17
I have to say, it doesn't look like too many folks made it to the alpha site. Must of just succumbed to withdrawal. :dontknow:
Maybe they all went for a hikehttp://www.mazeguy.net/sports/running.gif...

See you on the trail,
mt squid
:rankn-cpo

Kirby
2008-01-11, 17:18
I think when WB is operating again, a discussion should happen about upgrading the smiley's over there. I mean, come one, here I have one with a smiley running over another smiley with a bicycle :bike:, and other interesting ones as well:bandit: :bandit: :argh: :adore: :ahhhhh: :bandit: :albertein :banghead: :boxing: :gob_devil :gob_nutra :gob_evil :gob_beer .

Ok, I got a little over board.

Kirby

Alligator
2008-01-11, 17:29
Maybe they all went for a hikehttp://www.mazeguy.net/sports/running.gif...

See you on the trail,
mt squid
:rankn-cpoEither that or they went straight to alt.politics.:fight:

Ray
2008-01-11, 17:54
I have to say, it doesn't look like too many folks made it to the alpha site. Must of just succumbed to withdrawal. DWM was sent to the Betty Ford Clinic for help with his WhiteBlaze problem.

Alligator
2008-01-11, 18:02
DWM was sent to the Betty Ford Clinic for help with his WhiteBlaze problem.I hope he gets help. Between you and me though I think he's the kind of guy who might smuggle in a wireless device.
:flute:

SGT Rock
2008-01-11, 18:09
I'm betting the real die hards found a political site. The rest of 'em are planning a trip this weekend.

jzakhar
2008-01-11, 18:16
The thing I noticed in this last hack and recovery is how we can import differnt parts of the dBase. So once this is all over I think the prudent thing to do would be occasionally back up certain sections - so like when we make changes to the template create a back-up of just that section of the dBase so if it ever does get screwed up we can restore just that section without having to write over all the other data like posts. But that sort of restore has certain dangers. I was searching for instances of the hijack script in the dBase last night and found it had actually been embeded in some posts in the forum dBase as well as the template dBase.

Really, do you have any info on the root kit used? There may be documentation and some steps to recovery. Embedding in posts is bad mojo though, that does make it very hard to recover from.

mountain squid
2008-01-11, 18:20
or maybe http://www.mazeguy.net/expressive/scratchchin.gif everybody had to go :driver: (this is the best smiley!!!) buy snacks http://www.freesmileys.org/smileys/eatdrink051.gif (http://www.freesmileys.org)for tomorrows playoff gameshttp://www.mazeguy.net/sports/footballhelmet.gif...

See you on the trail,
mt squid
:rankn-cpo

Tin Man
2008-01-11, 18:22
I'm betting the real die hards found a political site. The rest of 'em are planning a trip this weekend.

Maybe that is a good thing. Close WB 2 days before each primary. :biggrin:

Sly
2008-01-11, 18:38
:captain: :arty: :dito: :canabis: :aetsch: :elefant: :joyman: :pepsi: :viking: :gob_nospa

I need a favorite smiley folder! :bootyshak

Skidsteer
2008-01-11, 18:44
DWM was sent to the Betty Ford Clinic for help with his WhiteBlaze problem.


I hope he gets help. Between you and me though I think he's the kind of guy who might smuggle in a wireless device.
:flute:

He hides it in a bowling pin.

mountain squid
2008-01-11, 19:17
or maybe http://www.freesmileys.org/smileys/ad/idea.gif (http://www.freesmileys.org) some rented a movie http://foolstown.com/sm/tit.gif http://www.freesmileys.org/smileys/sw018.gif (http://www.freesmileys.org) http://www.freesmileys.org/smileys/ad/superman.gif (http://www.freesmileys.org) http://www.freesmileys.org/smileys/whacky034.gif (http://www.freesmileys.org)...

See you on the trail,
mt squid
:rankn-cpo

Sly
2008-01-11, 19:31
Hey, maybe once Whiteblaze is back up y'all can enable all these smileys in the humor forum! :albertein :bandit:

:goodnight

SGT Rock
2008-01-11, 19:32
Really, do you have any info on the root kit used? There may be documentation and some steps to recovery. Embedding in posts is bad mojo though, that does make it very hard to recover from.
I'm not sure. Troll said something about it before he went off to work today - apparently it was pretty interesting. I would like to hear more about it myself too but he didn't have time. Maybe once he gets done upgrading and all, we can have a thread about it.

SGT Rock
2008-01-11, 19:32
I'd love to add more smilies, but Troll doesn't even like having as many as we already do - especially the dancing 'nanner.

Tipi Walter
2008-01-11, 19:41
Hey, I get to join the WhiteBlaze crowd here at Headquarters for my very first post!! :adore:

I didn't know my addiction levels were so high until WB went offline . . .:afraid:

wanderer42460
2008-01-11, 20:02
:adore:
I'd love to add more smilies, but Troll doesn't even like having as many as we already do - especially the dancing 'nanner.i praise you guys for all you do anyway.......:adore: :aetsch: :bootyshak :angel: :ahhhhh: :birthday:

The Weasel
2008-01-11, 20:02
I'm betting the real die hards found a political site. The rest of 'em are planning a trip this weekend.

No, we're just enjoying quiet before the next storm. Is it possible, Rock, that this whole thing was a set up from Dixi to cause a total "time out" for all of us? Less work for her for a while trying to make a lot of hotheads be nice? I bet she tries the Shultz Defense and says "I know NOTHING!" But who has the most to gain in terms of peace and quiet?

TW

wanderer42460
2008-01-11, 20:04
I emailed FD today and asked her if she was enjoying her vacation time?

wanderer42460
2008-01-11, 20:10
Step 1: I'm powerless over my addiction to www.whiteblaze.net and my life is unmanageble.................

Ewker
2008-01-11, 20:43
whew, I just got thru reading 15 pages of post..hurray for me:arty:

Rick
2008-01-11, 20:58
I just read everything as well. WhatI noticed yesterday was that when the hand came up, also a small badge came up with a banner mentioning this site uses scripted windows and click to allow. If you system wasn't set to notify or prompt, perhaps you picked something up.... I am not that computer savvy, but I thought it odd...

The Weasel
2008-01-11, 21:57
:withstupi

Just checking. Dang. We need these on WB.

TW

Rouen
2008-01-11, 22:40
:captain: :arty: :dito: :canabis: :aetsch: :elefant: :joyman: :pepsi: :viking: :gob_nospa

I need a favorite smiley folder! :bootyshak

:dito: :five: I give these smileys :officer10 I hope I dont get :gob_censo for this :bootyshak:elefant:

Frolicking Dino
2008-01-11, 23:07
Merciful heavens, I leave town to see my grand and great-grandkids & the site goes down. Just couldn't live without me, could you? :elefant:

Lugnut
2008-01-11, 23:32
I'm betting the real die hards found a political site. The rest of 'em are planning a trip this weekend.

Guess that makes this the WB life raft for us stuck at home. :biggrin:

4eyedbuzzard
2008-01-11, 23:37
You didn't knock the server over with your dino tail on the way out the WB door when leaving for your visit did you :questionm :biggrin:

Gaiter
2008-01-12, 01:04
so out of curiosity, how many new members on this site since WB went down?
i know i'm one of the newbie's here

freefall
2008-01-12, 02:03
1) It is great you have a site that will give all WB members some reprieve.
2) Hopefully the rhetoric that beleaguers WB will not spread to Hiking HQ.
3) When my computer did a virus/malware scan last night, it found 8 incidences . Most of them were harmless so I just deleted them and went on my way.
4) Jack Bauer just emailed me that he is on the way to Saudi to take care of these SOBs. The writer's strike has him itchin' for some action!
God bless WB. Be well.

Smile
2008-01-12, 02:28
Keep up the good work, I hope this is resolved soon! :)

jrwiesz
2008-01-12, 02:38
I'm betting the real die hards found a political site. The rest of 'em are planning a trip this weekend.

Nope, went to:

HikingHQ:beer:

The Straight Dope:canabis:

AT Hikers Online:sleep:

Trailplace:hmmmm:

Trail Journals[to catch-up on Lion King]:star:

then took a hike/bike ride.:bike: :biggrin:

Unfortunately tomorrow, I have to go back to work.:banghead:

Gotta love these guys!:arty:

Best of luck with getting WB back up ASAP, and back to the more important stuff - your hike!:adore:

Tin Man
2008-01-12, 07:33
4) Jack Bauer just emailed me that he is on the way to Saudi to take care of these SOBs. The writer's strike has him itchin' for some action!


That would be difficult at the moment. Kiefer's doing a 48-day stint in the pokey for parole violation and DUI. He is scheduled to be released on January 21.

http://www.tmz.com/category/celebrity-justice/

Alligator
2008-01-12, 08:33
Guess that makes this the WB life raft for us stuck at home. :biggrin:I was thinking more like it was the mirror site.

Greentick
2008-01-12, 08:38
...4) Jack Bauer just emailed me that he is on the way to Saudi to take care of these SOBs. The writer's strike has him itchin' for some action!
God bless WB. Be well.

Good thing he's indisposed at the moment. I would hate for him to be caught in the arclight the B52s have en route!

Took me a couple of days to get my security clearance here but now I can feel the joy :biggrin: .

Frolicking Dino
2008-01-12, 08:56
You didn't knock the server over with your dino tail on the way out the WB door when leaving for your visit did you :questionm :biggrin:::: Dino whacks the bespeckled scavenger gently with her tail and winks :bootyshak :::

hopefulhiker
2008-01-12, 09:47
I am also going through WB withdrawals... but I did visit Sgt Rock's Trail journal and it is really well done..

When I did my trail journal when I started out I was so beat up I could just barely post my milage.. Rock's journal is really good and he obviously has the energy to keep a good journal..

Keep it up Rock!

Also again I want to thank the moderators for their work on the WB site.. You can really tell that you take something for granted when the site goes down..

Ron Haven
2008-01-12, 10:25
sorry i messed up whiteblaze. i was typing stuff, right clicking etc. then:gob_beer the site went down!I bet you had Pirate in on it too huh?:beer:

Sly
2008-01-12, 10:43
I'd love to add more smilies, but Troll doesn't even like having as many as we already do - especially the dancing 'nanner.

:gob_! That's why I mentioned in the humor forum. :vroam: Shirely :love: that's not too much to ask... :listen:


:withstupi

Frolicking Dino
2008-01-12, 11:03
Fess up- Dixi put you up to this because the Dino was gone and the site was rowdy....
This just in..... Dixi hires LW and Pirate as hitmen for WB.... film at 11.
:shakehand :vroam: :biggrin:

Sly
2008-01-12, 11:44
How many have clicked on Whiteblaze to see if it's back up? :cguru:

Lone Wolf
2008-01-12, 11:46
every 15 minutes:gob_pop

Shades of Gray
2008-01-12, 11:51
so out of curiosity, how many new members on this site since WB went down?
i know i'm one of the newbie's here

There just might be someone from The Green Diamond here:hello:, but he's more interested in paying bills and getting outdoors than posting this weekend.

Lone Wolf
2008-01-12, 12:04
what is the green diamond?

Tin Man
2008-01-12, 12:09
How many have clicked on Whiteblaze to see if it's back up? :cguru:

A good time to reflect on Meredith's passing. And despite any differences WB members may have with each other, they, like hikers everywhere, are united in support and rememberence. Quite humbling.

Lugnut
2008-01-12, 12:36
every 15 minutes:gob_pop

Addicted? :aetsch:

The Weasel
2008-01-12, 12:44
Addicted? :aetsch:

No, Lugnut, but Wolf misses me. A lot. Obviously.

The Weasel

Tin Man
2008-01-12, 12:51
No, Lugnut, but Wolf misses me. A lot. Obviously.

The Weasel

Nah! You aren't the same without Jack's love and praise. :bike:

Frolicking Dino
2008-01-12, 12:57
No, Lugnut, but Wolf misses me. A lot. Obviously.
Nah! You aren't the same without Jack's love and praise. :bike:http://i16.photobucket.com/albums/b47/lowcarbscoop/Frequently%20used/Popcorneatingsmiley.gif

Lone Wolf
2008-01-12, 12:59
:reddy: puke: