LadyWailua opened this issue on Jun 13, 2010 · 57 posts
LadyWailua posted Sun, 13 June 2010 at 10:48 AM
Today whenever I tried to click on my bookmark (www.renderosity.com) my browser gets "redirected" to another URL named "adf.ly - shrink your URLs and get paid!" ...
I've already made several scans for trojans, virus or hijackers - nothing found.
I tried to get the startpage from two other computers - same redirecting !
Finally I managed to get logged in with the URL of the galleries.
Now what's going on here ?
Could it be a personal problem with my internet connection or do others users notice the same issues ?
JenX posted Sun, 13 June 2010 at 10:52 AM
I just emailed admin about it, as I'm getting a similar redirect.
The only thing I can advise is DO NOT go to the renderosity front page until it's fixed.
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
LadyWailua posted Sun, 13 June 2010 at 10:58 AM
Yes, I also sent this information at the Renderosity admins.
But it's kind of soothing that I'm not the only one with this oddities.
Edit:
Redirection happens even when I'm logged in and trying to connect to the "Home" link at the top of the page menu.
JenX posted Sun, 13 June 2010 at 11:05 AM
LadyWailua,
Don't visit the Home page anymore, and please do a virus/malware scan on your computer. Sometimes, when a site is hijacked, the redirect site plants viruses on the viewing computer.
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
pearce posted Sun, 13 June 2010 at 11:48 AM
I got a page full of Cyrillic writing -- looked like a Russian forum, though I didn't hang around long enough to inspect it closely.
Maggee posted Sun, 13 June 2010 at 11:58 AM
I don't think it's the home page. I get it when I click on the My Forums link only, then it takes you to their own forum page
Some people dream of worthy accomplishments,
While others stay awake and do them.
I am a dreamer
EmmaAndJordi posted Sun, 13 June 2010 at 12:26 PM
I saw it this evening and was scared, but I think it's fixed now. How could they have done this?
It's horrible!!!
Granny8 posted Sun, 13 June 2010 at 3:05 PM
I'm browsing Renderosity, click on a page, and suddenly "bookface" comes up. I closed the window, then re-opened and clicked on 'history'. Every link I clicked on came up the bookface site. Now, I'm not techno-savvy in any way, but, I went to tools>internet options>security>and blocked that site. It seems to have worked, and my anti-virus did not send any alerts. So, I think I nipped it in the bud. I'm glad to see I'm not the only one this has happened to, but it's too bad that some people have nothing better to do than wreak havoc. If anyone knows more about this than I do, and can suggest something I should now do, please let me know.
JenX posted Sun, 13 June 2010 at 3:10 PM
Granny8, if you have a virus scanner and spyware scanner, I'd suggest using them.
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
Francemi posted Sun, 13 June 2010 at 3:13 PM
This is not only on home page. I went to Freestuff and Firefox prevented three (3) windows to popup! Then I went to site mail to send a message to admins and it opened BOOKFACE. I think it is all of Renderosity that is being hacked!
France, Proud Owner of
KCTC Freebies
EmmaAndJordi posted Sun, 13 June 2010 at 3:19 PM
I have Malwarebytes Antimalware and it's very good.
punisher1999 posted Sun, 13 June 2010 at 3:20 PM
Just wanted to piggy back on this... Same thing here.... multiple pages are being affected.... adding *.bookface.net seems to have helped... Malware bytes didn't find anything on my PC either...
JenX posted Sun, 13 June 2010 at 3:22 PM
Our programmers are working to fix this.
In the meantime, I want to note that I'm not getting redirected in either Chrome or Safari.
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
Francemi posted Sun, 13 June 2010 at 3:26 PM
9 times out of 10 I'm not getting redirected with Firefox either... But there is still that 10% risk. I wanted to checkout something today but I'll wait until it is all clean... Wouldn't want Rendo to bring that stupid hacker to my PayPal account. ;o)
France, Proud Owner of
KCTC Freebies
JenX posted Sun, 13 June 2010 at 3:28 PM
Exactly. Stay safe for now, we'll update when it's fixed :)
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
Granny8 posted Sun, 13 June 2010 at 3:36 PM
Thank you, JenX. I ran the scan and all appears to be ok.
Francemi posted Sun, 13 June 2010 at 3:39 PM
Jen, if it takes more than the rest of today to get fixed could you ask the admins if they will make the current coupon valid for another day??? The current coupon is valid until tomorrow only!!
France, Proud Owner of
KCTC Freebies
MrsLubner posted Sun, 13 June 2010 at 4:03 PM
My scan reveals no problems but in site mail and the forum I am being hijacked by the Bookface site also. I'm struggling. I've got Firefox and hoped that I wouldn't fall victim... :-(
Flannel Knight's
Photos
MrsLubner
Forum Moderator
______________________
"It please me to take amateur
photographs of my garden,
and it pleases my garden to make my photographs look
professional."
Robert Brault
MagnusGreel posted Sun, 13 June 2010 at 4:07 PM
https://addons.mozilla.org/en-US/firefox/addon/722/
NoScript. will allow you to block the attack in Firefox.
Airport security is a burden we must all shoulder. Do your part, and please grope yourself in advance.
Francemi posted Sun, 13 June 2010 at 4:17 PM
Thank you for that addon. I installed it and now it is blocking scripts from this page... In the list of blocked scripts is "mybookface.net"
France, Proud Owner of
KCTC Freebies
MagnusGreel posted Sun, 13 June 2010 at 4:18 PM
you can allow scripts you do want to run btw.
mybookface is the one you want to block.
Airport security is a burden we must all shoulder. Do your part, and please grope yourself in advance.
Francemi posted Sun, 13 June 2010 at 4:22 PM
Quote - you can allow scripts you do want to run btw.
mybookface is the one you want to block.
Yes thank you. Although I would not know which scripts to allow. ATM it is blocking:
startcounter.com
exponential.com
mybookface.net
kontera.com
facebook.com
yieldmanager.com
renderosity.com (of course I unblocked this one)
France, Proud Owner of
KCTC Freebies
JenX posted Sun, 13 June 2010 at 4:23 PM
france, I can bring the idea up to the store staff, I can't guarantee they'll go for it, though ;)
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
Francemi posted Sun, 13 June 2010 at 4:25 PM
Quote - france, I can bring the idea up to the store staff, I can't guarantee they'll go for it, though ;)
Trying is all we can ask of you Jen! ;o)
France, Proud Owner of
KCTC Freebies
Anar_K posted Sun, 13 June 2010 at 4:27 PM
Same issue here. It seems to be only on Internet explorer. Bookmarks and typing the Rendo site name in redirect to a page mybookface.net powered by phpfox. It looks like a spoof of facebook aimed at young kids.
I tried my bookmark on Google Chrome and Firefox and they both work normally. Typing the addy in on those browsers also results in success as well.
Kinouk posted Sun, 13 June 2010 at 4:46 PM
I called Preston and told him. I'm sure he was happy to hear this :)
punisher1999 posted Sun, 13 June 2010 at 4:47 PM
FYI. Downloading from IE results in corrupt files, however, Norton 360 and Malware Bytes do not detect any infections...
LadyWailua posted Sun, 13 June 2010 at 4:57 PM
For now there is apparently no redirecting noticed in my browser anymore.
I ran several scans (virus, malware, trojans, hijackers) with my always up-to-date protection software. Nothing was found. My firewall did not mention any alerts.
Everything seems to appear save now.
But until there will be a secure and reliable information I stopped browsing renderosity just in case ...
Would be helpful to see some information when it's definitely fixed on the main page or in the news on the renderosity homepage.
AnnieD posted Sun, 13 June 2010 at 5:00 PM
I use IE..and my !Avast did shut down the page and tell me that it had blocked a trojan that was trying to be downloaded...When that happened I tried other websites to make sure it was only affectiong my rendo links....did a scan of my machine...and then I put Spybot Search and Destroy back on my PC...lol I've been meaning to do that for quite a while...guess sometimes we just need a good swift kick.
“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”
[Stuart Chase]
CarolSassy posted Sun, 13 June 2010 at 5:01 PM
Okay, so I blocked mybookface.net. What else should I put on my IE security thingy?
I also got it when I clicked on a comment made on one of my fracs. My AVG caught it, did a whole computer scan and came up with nothing. Thank goodness!
Carol aka
Sassy
If you can't stand the
heat,
Don't tickle the dragon!
Hubert posted Sun, 13 June 2010 at 5:05 PM
Phew... I had that annoying mybookface.net redirection too. My IE got immediately redirected when trying to access my Gallery or the Forums here. Whereas my Opera was working normally. Only the Rendo url was affected then. I was already searching the Web and certain IT KnowledgeBases for helpful hints to clean up and was even digging deep in my Registry, because my anti-mal/spy/whatever apps didn't find any culprit. Nor did Hijackthis or similar tools report any infection on my affected configuration. Now, I suddenly could access Rosity again and found this thread here. Thanks to the site staff for seeing to this issue!! Hubert
"All that we see or fear, is but a Sphere inside a Sphere." (E. A. Pryce -- Tuesday afternoon, 1845)
MSTene posted Sun, 13 June 2010 at 5:11 PM
=/ bleh
same here, as of about an hour ago.. firefox blocks the pop ups but yes they got thru IE with the switcheroo..
everything seems clear tho from spybot. eset, and scans
and happened on several pages not just the home page as a starting point, from the marketplace as well.
Francemi posted Sun, 13 June 2010 at 5:25 PM
Well well... Bookface is not showing up in the blocked scripts right now. Only Facebook and Renderosity are shown as scripts for the page.
France, Proud Owner of
KCTC Freebies
goldie posted Sun, 13 June 2010 at 5:27 PM
one of the best things you can do for yourselves folks is to stop using IE and start using firefox. much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.
markschum posted Sun, 13 June 2010 at 5:29 PM
hmm, I had problems yesterday when rendo suddenly wanted me to confirm my email. This morning I got a few popups , adfly and board4all.cz.
I hope no one got to the member email listings :(
pjz99 posted Sun, 13 June 2010 at 5:44 PM
Firefox is not exactly invulnerable to malware, it just has different exploits.
edit: and I say that as a Firefox user
KageRyu posted Sun, 13 June 2010 at 5:48 PM
Quote - one of the best things you can do for yourselves folks is to stop using IE and start using firefox. much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.
That's fine if you like firefox, but I don't. And it may prevent the scripts running, doesn;t mean that information exchanged between your browser and a hacked website is safe, there are deeper issues than just the redirect scripts when something like this happens.
Incidently if you are running a blocking or blacklisting program with up to date blocklists for known trojan/virus/malware sites it will stop the redirects as well (such as Pergaurdian2).
The New HD Toaster from Wamco toasts bread more evenly and acurately than Standard Toasters. Take advantage of the FULL resolution of your bread and try one today, because if your toast isn't in High Definition, you are not getting the most of your toast!
umblefugly posted Sun, 13 June 2010 at 6:01 PM
If you check this link youll see
http://www.siteadvisor.com/sites/mybookface.net
Click udmserve.net and its a dangerous site directly linked to mybookface with a minimum of 5 virus/malwares. Also has a bunch of adsites linked to it aswell.
Granny8 posted Sun, 13 June 2010 at 6:06 PM
Carol, as far as I can tell that fixed it on my pc. I did run the scan tho just to be safe. Maybe you should too.
AnnieD posted Sun, 13 June 2010 at 6:41 PM
If it will help anything...
This is the report I got from Avast when it aborted the connection
Trojan Horse Blocked:
Object: http://Nekoja.info/page/news.php
Infection: JS;Prontexi-BR [Trj]
Action: Connection Aborted
“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”
[Stuart Chase]
CarolSassy posted Sun, 13 June 2010 at 6:46 PM
So what do ya'll think? Should we download some really good Registry Checker to make sure it's also cleaned out? Can anyone suggest a free Registry cleaner program?
Thanks Granny8! I did run the scan.
Carol aka
Sassy
If you can't stand the
heat,
Don't tickle the dragon!
AnnieD posted Sun, 13 June 2010 at 6:50 PM
CCleaner does all of that...
http://www.piriform.com/ccleaner
excellent program and not very big...they keep it updated regularly too.
“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”
[Stuart Chase]
Faery_Light posted Sun, 13 June 2010 at 9:08 PM
I have AVG installed on windows 7 and as soon as I logged in to the site I got a warning.
Listed as an unsafe page access with trojan warning.
So I closed out my browser immediately.
When I checked on Facebook others were saying they had the same problem.
I figured the admins would catch it and do some fixing. :)
As for now, I'll log off until we get updates that the entire site has been cleared.
Safest that way.
Let me introduce you to my multiple personalities. :)
BluEcho...Faery_Light...Faery_Souls.
CarolSassy posted Sun, 13 June 2010 at 9:14 PM
Thank you AnnieD! Downloaded that software and will run it manana! (:
Carol aka
Sassy
If you can't stand the
heat,
Don't tickle the dragon!
AnnieD posted Sun, 13 June 2010 at 9:30 PM
Quote - Thank you AnnieD! Downloaded that software and will run it manana! (:
You're welcome...the program does a lot more than just clean your registry..be sure to check out all the features.. I use it every day to clean junk cookies and junk temp files.
“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”
[Stuart Chase]
KageRyu posted Mon, 14 June 2010 at 1:39 AM
Some other good, free, anti-malware/anti-spyware programs include:
Malwarebytes (I really recommend even just the free version - they update constantly)
Spybot - Search & Destroy
Superantispyware
Clamwin
AVG Free
Hijackthis
Combofix
The New HD Toaster from Wamco toasts bread more evenly and acurately than Standard Toasters. Take advantage of the FULL resolution of your bread and try one today, because if your toast isn't in High Definition, you are not getting the most of your toast!
Francemi posted Mon, 14 June 2010 at 5:07 AM
Any news from the programmers yet? It seems to be okay now. Since last night (it is 6am here) I haven't seen any scripts blocked.
France, Proud Owner of
KCTC Freebies
JenX posted Mon, 14 June 2010 at 10:01 AM
It's just about 10am at the office right now, they wouldn't have been in the office very long. There will most likely be an announcement when they've got all the information together.
Jeni
Sitemail | Freestuff | Craftythings | Youtube|
Knowledge is knowing a tomato is a fruit. Wisdom is not putting it
into a fruit salad.
Francemi posted Mon, 14 June 2010 at 11:29 AM
It seems to be fixed from my end anyway. SInce last night there hasn't been a need to stop scripts on Renderosity website. I checked out my cart content this morning - no problem.
France, Proud Owner of
KCTC Freebies
StaceyG posted Mon, 14 June 2010 at 11:40 AM
Please see post by JeniferC at the link below
http://www.renderosity.com/mod/forumpro/showthread.php?thread_id=2804111
LostinSpaceman posted Mon, 14 June 2010 at 12:00 PM
Quote - I'm browsing Renderosity, click on a page, and suddenly "bookface" comes up. I closed the window, then re-opened and clicked on 'history'. Every link I clicked on came up the bookface site. Now, I'm not techno-savvy in any way, but, I went to tools>internet options>security>and blocked that site. It seems to have worked, and my anti-virus did not send any alerts. So, I think I nipped it in the bud. I'm glad to see I'm not the only one this has happened to, but it's too bad that some people have nothing better to do than wreak havoc. If anyone knows more about this than I do, and can suggest something I should now do, please let me know.
You did exactly what you should have done. An extra virus scan of your system wouldn't hurt.
LostinSpaceman posted Mon, 14 June 2010 at 12:04 PM
Quote - one of the best things you can do for yourselves folks is to stop using IE and start using firefox. much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.
That's a bogus claim. Anyone who knows how to use IE's security settings, like myself, was able to block that site as soon as we discovered it.
AnnieD posted Mon, 14 June 2010 at 12:39 PM
Quote - > Quote - one of the best things you can do for yourselves folks is to stop using IE and start using firefox. much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.
That's a bogus claim. Anyone who knows how to use IE's security settings, like myself, was able to block that site as soon as we discovered it.
I totally agree! But there will always be those that don't want to use IE for whatever reason...and will bash it every chance they get.
Back in the "day" I used Netscape Navigator...it had everything I needed until they sold out..I hated having to go to IE...but after trying a bunch of other browsers that I didn't like..and once I gave it chance and learned about it..I never looked back. To each his own I say....lol
“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”
[Stuart Chase]
LostinSpaceman posted Mon, 14 June 2010 at 12:44 PM
Just an added reminder. Now would be a good time for everyone who logged in yesterday to update their passwords to something new. Just because, well, it makes good sense.
nruddock posted Mon, 14 June 2010 at 2:10 PM
Quote - > Quote - one of the best things you can do for yourselves folks is to stop using IE and start using firefox. much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.
That's a bogus claim. Anyone who knows how to use IE's security settings, like myself, was able to block that site as soon as we discovered it.
Not a bogus claim, as with a properly used NoScript the redirect didn't even occur, in fact it took a while for me to work out what all the fuss was about (problem wasn't obvious in FireBug, had to view the page source to see it).
pjz99 posted Mon, 14 June 2010 at 7:33 PM
Again, Firefox just has different exploits, it's not invulnerable.
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html (current version)
MagnusGreel posted Mon, 14 June 2010 at 7:54 PM
Quote - Again, Firefox just has different exploits, it's not invulnerable.
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html (current version)
no one said it is invulnerable. just less vulnerable to this attack when used with NoScript.
Airport security is a burden we must all shoulder. Do your part, and please grope yourself in advance.