Mon, Dec 2, 10:52 PM CST

Renderosity Forums / Community Center



Welcome to the Community Center Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Community Center F.A.Q (Last Updated: 2024 Nov 30 3:10 am)

Forum news, updates, events, etc. Please sitemail any notices or questions for the staff to the Forum Moderators.



Subject: Renderosity startpage hacked ?


  • 1
  • 2
LadyWailua ( ) posted Sun, 13 June 2010 at 10:48 AM · edited Mon, 02 December 2024 at 10:36 PM

Today whenever I tried to click on my bookmark (www.renderosity.com) my browser gets "redirected" to another URL named "adf.ly - shrink your URLs and get paid!" ...

I've already made several scans for trojans, virus or hijackers - nothing found.
I tried to get the startpage from two other computers - same redirecting !

Finally I managed to get logged in with the URL of the galleries.

Now what's going on here ?
Could it be a personal problem with my internet connection or do others users notice the same issues ?


JenX ( ) posted Sun, 13 June 2010 at 10:52 AM

 I just emailed admin about it, as I'm getting a similar redirect.

The only thing I can advise is DO NOT go to the renderosity front page until it's fixed.

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


LadyWailua ( ) posted Sun, 13 June 2010 at 10:58 AM · edited Sun, 13 June 2010 at 11:02 AM

Yes, I also sent this information at the Renderosity admins.

But it's kind of soothing that I'm not the only one with this oddities. 😉

Edit:
Redirection happens even when I'm logged in and trying to connect to the "Home" link at the top of the page menu.


JenX ( ) posted Sun, 13 June 2010 at 11:05 AM

 LadyWailua,

Don't visit the Home page anymore, and please do a virus/malware scan on your computer.  Sometimes, when a site is hijacked, the redirect site plants viruses on the viewing computer.

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


pearce ( ) posted Sun, 13 June 2010 at 11:48 AM

I got a page full of Cyrillic writing -- looked like a Russian forum, though I didn't hang around long enough to inspect it closely.


Maggee ( ) posted Sun, 13 June 2010 at 11:58 AM

I don't think it's the home page.  I get it when I click on the My Forums link only, then it takes you to their own forum page

Some people dream of worthy accomplishments,
While others stay awake and do them.

I am a dreamer


EmmaAndJordi ( ) posted Sun, 13 June 2010 at 12:26 PM

I saw it this evening and was scared, but I think it's fixed now. How could they have done this?
It's horrible!!!


Granny8 ( ) posted Sun, 13 June 2010 at 3:05 PM

I'm browsing Renderosity, click on a page, and suddenly "bookface" comes up. I closed the window, then re-opened and clicked on 'history'. Every link I clicked on came up the bookface site. Now, I'm not techno-savvy in any way, but, I went to tools>internet options>security>and blocked that site. It seems to have worked, and my anti-virus did not send any alerts. So, I think I nipped it in the bud. I'm glad to see I'm not the only one this has happened to, but it's too bad that some people have nothing better to do than wreak havoc. If anyone knows more about this than I do, and can suggest something I should now do, please let me know.


JenX ( ) posted Sun, 13 June 2010 at 3:10 PM

 Granny8, if you have a virus scanner and spyware scanner, I'd suggest using them.

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


Francemi ( ) posted Sun, 13 June 2010 at 3:13 PM

This is not only on home page. I went to Freestuff and Firefox prevented three (3) windows to popup! Then I went to site mail to send a message to admins and it opened BOOKFACE. I think it is all of Renderosity that is being hacked!

France, Proud Owner of

KCTC Freebies  


EmmaAndJordi ( ) posted Sun, 13 June 2010 at 3:19 PM

I have Malwarebytes Antimalware and it's very good.


punisher1999 ( ) posted Sun, 13 June 2010 at 3:20 PM

Just wanted to piggy back on this... Same thing here.... multiple pages are being affected.... adding *.bookface.net seems to have helped... Malware bytes didn't find anything on my PC either...


JenX ( ) posted Sun, 13 June 2010 at 3:22 PM

 Our programmers are working to fix this.

In the meantime, I want to note that I'm not getting redirected in either Chrome or Safari.  

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


Francemi ( ) posted Sun, 13 June 2010 at 3:26 PM

9 times out of 10 I'm not getting redirected with Firefox either... But there is still that 10% risk. I wanted to checkout something today but I'll wait until it is all clean... Wouldn't want Rendo to bring that stupid hacker to my PayPal account. ;o)

France, Proud Owner of

KCTC Freebies  


JenX ( ) posted Sun, 13 June 2010 at 3:28 PM

 Exactly.  Stay safe for now, we'll update when it's fixed :)

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


Granny8 ( ) posted Sun, 13 June 2010 at 3:36 PM

Thank you, JenX. I ran the scan and all appears to be ok.


Francemi ( ) posted Sun, 13 June 2010 at 3:39 PM

Jen, if it takes more than the rest of today to get fixed could you ask the admins if they will make the current coupon valid for another day??? The current coupon is valid until tomorrow only!!

France, Proud Owner of

KCTC Freebies  


MrsLubner ( ) posted Sun, 13 June 2010 at 4:03 PM

My scan reveals no problems but in site mail and the forum I am being hijacked by the Bookface site also. I'm struggling. I've got Firefox and hoped that I wouldn't fall victim... :-(

Flannel Knight's Photos
MrsLubner
Forum Moderator
______________________
"It please me to take amateur photographs of my garden,
and it pleases my garden to make my photographs look
professional."
                                          Robert Brault


MagnusGreel ( ) posted Sun, 13 June 2010 at 4:07 PM

https://addons.mozilla.org/en-US/firefox/addon/722/
NoScript. will allow you to block the attack in Firefox.

Airport security is a burden we must all shoulder. Do your part, and please grope yourself in advance.


Francemi ( ) posted Sun, 13 June 2010 at 4:17 PM

Thank you for that addon. I installed it and now it is blocking scripts from this page... In the list of blocked scripts is "mybookface.net"

France, Proud Owner of

KCTC Freebies  


MagnusGreel ( ) posted Sun, 13 June 2010 at 4:18 PM

you can allow scripts you do want to run btw.

mybookface is the one you want to block.

Airport security is a burden we must all shoulder. Do your part, and please grope yourself in advance.


Francemi ( ) posted Sun, 13 June 2010 at 4:22 PM

Quote - you can allow scripts you do want to run btw.

mybookface is the one you want to block.

Yes thank you. Although I would not know which scripts to allow. ATM it is blocking:

startcounter.com
exponential.com
mybookface.net
kontera.com
facebook.com
yieldmanager.com
renderosity.com (of course I unblocked this one)

France, Proud Owner of

KCTC Freebies  


JenX ( ) posted Sun, 13 June 2010 at 4:23 PM

 france, I can bring the idea up to the store staff, I can't guarantee they'll go for it, though ;)

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


Francemi ( ) posted Sun, 13 June 2010 at 4:25 PM

Quote -  france, I can bring the idea up to the store staff, I can't guarantee they'll go for it, though ;)

Trying is all we can ask of you Jen! ;o)

France, Proud Owner of

KCTC Freebies  


Anar_K ( ) posted Sun, 13 June 2010 at 4:27 PM

 Same issue here. It seems to be only on Internet explorer. Bookmarks and typing the Rendo site name in redirect to a page mybookface.net powered by phpfox. It looks like a spoof of facebook aimed at young kids.
I tried my bookmark on Google Chrome and Firefox and they both work normally. Typing the addy in on those browsers also results in success as well.


Kinouk ( ) posted Sun, 13 June 2010 at 4:46 PM

I called Preston and told him. I'm sure he was happy to hear this :)


punisher1999 ( ) posted Sun, 13 June 2010 at 4:47 PM

FYI. Downloading from IE results in corrupt files, however, Norton 360 and Malware Bytes do not detect any infections...


LadyWailua ( ) posted Sun, 13 June 2010 at 4:57 PM

For now there is apparently no redirecting noticed in my browser anymore.

I ran several scans (virus, malware, trojans, hijackers) with my always up-to-date protection software. Nothing was found. My firewall did not mention any alerts.
Everything seems to appear save now.
But until there will be a secure and reliable information I stopped browsing renderosity just in case ...

Would be helpful to see some information when it's definitely fixed on the main page or in the news on the renderosity homepage.


AnnieD ( ) posted Sun, 13 June 2010 at 5:00 PM

I use IE..and my !Avast did shut down the page and tell me that it had blocked a trojan that was trying to be  downloaded...When that happened I tried other websites to make sure it was only affectiong my rendo links....did a scan of my machine...and then I put Spybot Search and Destroy back on my  PC...lol   I've been meaning to do that for quite a while...guess sometimes we just need a good swift kick.

 

“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”

[Stuart Chase]


CarolSassy ( ) posted Sun, 13 June 2010 at 5:01 PM

Okay, so I blocked   mybookface.net.  What else should I put on my IE security thingy?

I also got it when I clicked on a comment made on one of my fracs.  My AVG caught it, did a whole computer scan and came up with nothing.   Thank goodness!

Carol aka Sassy
If you can't stand the heat,
Don't tickle the dragon!


Hubert ( ) posted Sun, 13 June 2010 at 5:05 PM · edited Sun, 13 June 2010 at 5:09 PM

Phew... I had that annoying mybookface.net redirection too. My IE got immediately redirected when trying to access my Gallery or the Forums here. Whereas my Opera was working normally. Only the Rendo url was affected then. I was already searching the Web and certain IT KnowledgeBases for helpful hints to clean up and was even digging deep in my Registry, because my anti-mal/spy/whatever apps didn't find any culprit. Nor did Hijackthis or similar tools report any infection on my affected configuration. Now, I suddenly could access Rosity again and found this thread here. Thanks to the site staff for seeing to this issue!! Hubert

"All that we see or fear, is but a Sphere inside a Sphere."     (E. A. Pryce -- Tuesday afternoon, 1845)


MSTene ( ) posted Sun, 13 June 2010 at 5:11 PM

=/  bleh
same here, as of about an hour ago.. firefox blocks the pop ups but yes they got thru IE with the switcheroo..
everything seems clear tho from spybot. eset, and scans

and happened on several pages not just the home page as a starting point, from the marketplace as well.


Francemi ( ) posted Sun, 13 June 2010 at 5:25 PM

Well well... Bookface is not showing up in the blocked scripts right now. Only Facebook and Renderosity are shown as scripts for the page.

France, Proud Owner of

KCTC Freebies  


goldie ( ) posted Sun, 13 June 2010 at 5:27 PM

one of the best things you can do for yourselves folks is to stop using IE and start using  firefox.  much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.


markschum ( ) posted Sun, 13 June 2010 at 5:29 PM

hmm, I had problems yesterday when rendo suddenly wanted me to confirm my email. This morning I got a few popups , adfly and board4all.cz.   

I hope no one got to the member email listings :(  


pjz99 ( ) posted Sun, 13 June 2010 at 5:44 PM · edited Sun, 13 June 2010 at 5:44 PM

Firefox is not exactly invulnerable to malware, it just has different exploits.
edit: and I say that as a Firefox user

My Freebies


KageRyu ( ) posted Sun, 13 June 2010 at 5:48 PM · edited Sun, 13 June 2010 at 5:51 PM

Quote - one of the best things you can do for yourselves folks is to stop using IE and start using  firefox.  much better, faster browser and with the NoScript add-on you wouldn't have this current problem ruining your day.

That's fine if you like firefox, but I don't.  And it may prevent the scripts running, doesn;t mean that information exchanged between your browser and a hacked website is safe, there are deeper issues than just the redirect scripts when something like this happens.

Incidently if you are running a blocking or blacklisting program with up to date blocklists for known trojan/virus/malware sites it will stop the redirects as well (such as Pergaurdian2).

The New HD Toaster from Wamco toasts bread more evenly and acurately than Standard Toasters. Take advantage of the FULL resolution of your bread and try one today, because if your toast isn't in High Definition, you are not getting the most of your toast!


umblefugly ( ) posted Sun, 13 June 2010 at 6:01 PM

If you check this link youll see

http://www.siteadvisor.com/sites/mybookface.net

Click udmserve.net and its a dangerous site directly linked to mybookface with a minimum of 5 virus/malwares. Also has a bunch of adsites linked to it aswell.


Granny8 ( ) posted Sun, 13 June 2010 at 6:06 PM

Carol, as far as I can tell that fixed it on my pc. I did run the scan tho just to be safe. Maybe you should too.


AnnieD ( ) posted Sun, 13 June 2010 at 6:41 PM

If it will help anything...
This is the report I got from Avast when it aborted the connection

Trojan Horse Blocked:

Object: http://Nekoja.info/page/news.php
Infection: JS;Prontexi-BR [Trj]
Action: Connection Aborted

 

“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”

[Stuart Chase]


CarolSassy ( ) posted Sun, 13 June 2010 at 6:46 PM

So what do ya'll think?  Should we download some really good Registry Checker to make sure it's also cleaned out?  Can anyone suggest a free Registry cleaner program?
 

Thanks Granny8!  I did run the scan.

Carol aka Sassy
If you can't stand the heat,
Don't tickle the dragon!


AnnieD ( ) posted Sun, 13 June 2010 at 6:50 PM · edited Sun, 13 June 2010 at 6:50 PM

CCleaner does all of that...

http://www.piriform.com/ccleaner

excellent program and not very big...they keep it updated regularly too.

 

“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”

[Stuart Chase]


Faery_Light ( ) posted Sun, 13 June 2010 at 9:08 PM

I have AVG installed on windows 7 and as soon as I logged in to the site I got a warning.
Listed as an unsafe page access with trojan warning.
So I closed out my browser immediately.
When I checked on Facebook others were saying they had the same problem.

I figured the admins would catch it and do some fixing. :)

As for now, I'll  log off until we get updates that the entire site has been cleared.
Safest that way.


Let me introduce you to my multiple personalities. :)
     BluEcho...Faery_Light...Faery_Souls.


CarolSassy ( ) posted Sun, 13 June 2010 at 9:14 PM

Thank you AnnieD!  Downloaded that software and will run it manana! (:

Carol aka Sassy
If you can't stand the heat,
Don't tickle the dragon!


AnnieD ( ) posted Sun, 13 June 2010 at 9:30 PM

Quote - Thank you AnnieD!  Downloaded that software and will run it manana! (:

You're welcome...the program does a lot more than just clean your registry..be sure to check out all the features..  I use it every day to clean junk cookies and junk temp files.

 

“For those who believe, no proof is necessary. For those who don't believe, no proof is possible.”

[Stuart Chase]


KageRyu ( ) posted Mon, 14 June 2010 at 1:39 AM

Some other good, free, anti-malware/anti-spyware programs include:
Malwarebytes (I really recommend even just the free version - they update constantly)
Spybot - Search & Destroy
Superantispyware
Clamwin
AVG Free
Hijackthis
Combofix

The New HD Toaster from Wamco toasts bread more evenly and acurately than Standard Toasters. Take advantage of the FULL resolution of your bread and try one today, because if your toast isn't in High Definition, you are not getting the most of your toast!


Francemi ( ) posted Mon, 14 June 2010 at 5:07 AM

Any news from the programmers yet? It seems to be okay now. Since last night (it is 6am here) I haven't seen any scripts blocked.

France, Proud Owner of

KCTC Freebies  


JenX ( ) posted Mon, 14 June 2010 at 10:01 AM

 It's just about 10am at the office right now, they wouldn't have been in the office very long.  There will most likely be an announcement when they've got all the information together.

Jeni

Sitemail | Freestuff | Craftythings | Youtube|

Knowledge is knowing a tomato is a fruit. Wisdom is not putting it into a fruit salad.


Francemi ( ) posted Mon, 14 June 2010 at 11:29 AM

It seems to be fixed from my end anyway. SInce last night there hasn't been a need to stop scripts on Renderosity website. I checked out my cart content this morning - no problem.

France, Proud Owner of

KCTC Freebies  


StaceyG ( ) posted Mon, 14 June 2010 at 11:40 AM
LostinSpaceman ( ) posted Mon, 14 June 2010 at 12:00 PM

Quote - I'm browsing Renderosity, click on a page, and suddenly "bookface" comes up. I closed the window, then re-opened and clicked on 'history'. Every link I clicked on came up the bookface site. Now, I'm not techno-savvy in any way, but, I went to tools>internet options>security>and blocked that site. It seems to have worked, and my anti-virus did not send any alerts. So, I think I nipped it in the bud. I'm glad to see I'm not the only one this has happened to, but it's too bad that some people have nothing better to do than wreak havoc. If anyone knows more about this than I do, and can suggest something I should now do, please let me know.

You did exactly what you should have done. An extra virus scan of your system wouldn't hurt.


  • 1
  • 2

Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.