Forum hacked ??!??

I just went to visit this site, it showed I was logged off, said it needed to run Flash (I've switched scripting and ActiveX off), and got redirected to this page http:// tgjtydkydy. gurujiremedies. com / duty-of-care/vF7pvqhYmQyZy7AKOmFdOSl8dVw-0ZLp2-vS9X27KWNsD_/IdfPp_/xJ2jHrEmTkoQFb5csEio/DLOJ_/EJVKljsMQ~~/OGZhZTB.... et c. /conclusion-of-fact.cfm
which tried to download and install some sort of ransoware. Since the page claimed it had my files encrypted (no encryption process running om my PC though....) it is probably Cryptolocker.


Any comments from mods or Admins?

In addition, there is also a redirect is to dgerhhe. banskoresales. com, which got intercepted by Malwarebytes.

I just tried logging in and had to change my password to get back in, so something certainly happened. I would suggest everyone change their pw.

A strange thing happened after I pressing in the link that was in the red message asking for reset the passworld.
I received a link of activation on my email and a new password.
Then I login in my account with this password and created a new password.

But when the red warning disappeared the new password stopped to work.
Then I tried login again but with my old password and it worked fine.

I already changed my password again.

I just would like to know if the red message that was in the top asking for reset the password was published by the Admin of Ophilia.
Or it was from the hacker?

Search not more work

It occasionally happens, even when logged on already.

where
are
the
mods

search not working for me either

stagliano wrote:

I responded an hour after the first post was made. I also posted about it in the mod section. There's really not much else I can do about it.

Seen this. Very annoying.

Search is working again.

Part of the problem might be related to the host imagecorn, which contains malware.



If you find threads containing this host, please report them immediately.

ckdk3 wrote:

I had the same thing happen to me, very weird.

A few days ago we had to fight off an attack on our Forum. Unfortunately this caused a few inconvineinces for the members which seem to have all been resolved by now. Everything works fine. If anyone notices any bugs or glitches, let me or mods know.

Because of the attack, I moved this website to the restricted zone in my browser, disabling javascript. The only nuisance this caused was having to log in every time. Now when I entered the forum, I got a cloudflare message telling me to switch my javascript back on. After I did this I got a message it was checking my browser. This checking seemed to happen only once, because after I moved the forum back to the restricted zone and receiving the message about turning on javascript again, I moved it to the trusted zone and was able to enter the site without the checking.
Leaves me the questions, why do I have to have javascript turned on, is it because of some extra security checking and what is this browser checking all about?
I can understand it is to prevent future attacks but I can really appreciate some more detailed explanation. Also I would like to know what kind of attack it was. It was obviously aimed at the visitors as there was an attempt to install a Trojan of some kind, there was a contact with some obscure server (c+c ?) and a redirection to what luckily seems to be just a regular HTML page with the extortion demands. It said my files would be locked, so it could be a cryptolocker variety, but also just some simple ransomware just blocking access.

After 3 days of intensive scanning (including deep boot- and rootkit scanning) my PC seems clear, but a more detailed description of the attack would definitely help in regaing my trust in both the site and my PC.

Anyway, thanks for clearing up there was an attack was on the site.