What happened the last couple of days? (I'm assuming all users were getting the same funky redirects all over the place as I was.) Site hack? DNS hack? Is there a support email address on some other domain where such inquiries can be made if the site ever disappears again?
I think I've bought two jet skis and a timeshare in Orlando. Those I can sort. I might need some help with the lovely Svetlana from Minsk if anyone has any suggestions.
I think I accidentally clicked something—I have an annoying alert that pops up every 30 seconds or so telling me my Macafee Security is out-of-date and I need to update it. I never had Macafee on this computer. And I can't shut off the alert. Aside from that everything seems to be ok. Hey, it might have stopped... Yeah, I haven't seen the alert for a few minutes now. Good to see this place back in action!! Hopefully it's better now and it doesn't just happen again. Also, now we know where to go next time: WritingForums.com (note that's .com, not .org—it's a sister site from way back that's been split off). A bunch of us found our way there by hook or by crook and met up, it was really fun and the people there are most excellent indeed. They really rolled out the red carpet and welcomed us with open arms and whiskey. To see it all as it happened, complete with updates on the hack itself, check this thread: writingforums.org hijacked? We actually ended up having a ball, believe it or not.
When the site went down the only place I was able to reach the staff from was the Facebook page, a former mod replied there and she was able to contact the current mods for me, who then went to the thread Xoic linked. Yeah, on that note, there should be more ways to contact the mods in cases like these. We all went to the other forum completely by chance. Glad to see the place is back!
I suspect the mods have been frantically trying to contact Daniel for the last couple of days. But please tell us the site's database hasn't been hacked and that user data is safe.
I initially thought they wiped it, but I don't think they did. The site is exactly as we left it. Now unless a back up was taken exactly a day before the hack and they restored that, all that happened is that the hackers replaced the index file. But I don't want to speculate, Moose said that this isn't helpful on the other forum and I agree so let's not do that. I think we should wait for official announcements from either Daniel or the mods to tell us exactly what happened and how the hackers got in. Until then let's just be thankful we have it back. And yes you're right, they were looking for Daniel. The thread Xoic linked tells the story of how it all went down. They found him last night.
Yeah, it took a minute to get him on the horn. The comms went from Rhode Island to Japan to England to Sweden to Arizona where Daniel is. But once we reached him it was a relatively easy fix. I don't know all the details, but it looks like the host was just hacked with a redirect from the URL. As far as I know, the data wasn't breached at all, but I have no information about that yet. Once the dust settles and we know more we'll probably make a formal announcement, assuming there's something formal to announce. Kind of funny that everyone had the same idea. First thing I thought was, I bet everyone went over to the .com. And sure enough, we were all there! It seems like a good place, and the moderators allowed us to have our own little area to congregate, which was very helpful. Regarding contacting the mods @ps102, in a situation like that, if you can't reach us via the forum because the forum is down, we're going to know that immediately when we try to log in. I could see other instances perhaps when that might be necessary, though. Something for us to think about it. The important thing is that now that we've been through this once, the mods know how to get in touch with each other offsite. It would have taken half the time if I'd written down everyone's emails BEFORE the site crashed. That has since been rectified.
Been there, done that, got the NFT so I feel ya. It never occurred to me to go to the .com, as I thought they were nothing to do with here. I just thought, be patient, I assumed the antlered one was on the case.
Yeah, everyone was on it. There were just a lot of time zones to navigate. Fortunately, the chain moved westward ahead of the sun, so it got a little "earlier" for everyone as it progressed. Ultimately, it was @Komposten, our former admin in Sweden (I think), who had an old phone number that still worked. It was as international and James Bond-ish as I'm likely to experience in my life.
When I had to do something similar to our owner, I made sure to extract an up to date cellphone number, email address and mailing address out of him. I'm starting to think all forum owners are cut from the same cloth. Ours comes back once every six months, does a bunch of updates and disappears.
I’ve got to be honest. I thought all that crap with all those spammy websites coming through every time I tried to log on to WF was just happening to me. I didn’t realise it was happening to everyone on this forum. I thought “oh dear, how am I supposed to update the poetry contest today”? (WF was actually working when I logged from a different IP). Plus in events like this I couldn’t contact the other mods because i don’t have their e-mail address. Glad to see everything’s back up again. HOUSTON we’re back online!
Also when something like this happen it’s clear now more than ever that xenforo needs updating. And it’s about time.
I ended up taking refuge over at @Iain Aschendale's personal profile on Facebook, along with a few other .org habitues, current and past. Suppose I could have checked out .com in the interim. But I hate making up new passwords.
One positive thing out of this for me is finding out my anti-virus software really works. Bong! bong! bong! Avast wouldn't let me get anywhere near the fake redirect page. Come to think of it, if anyone landed on it, did you take a screenshot? I'm curious as to what it looked like. From what I understand from @big soft moose, it was a list of various links, including the one to this site, designed to pay the highjackers for every click. Did the fake link take you to anything? Or did you get the wind up and nope out of there without clicking?
I was redirected to other websites, including for Sephora and 1001 Coupons and also a page that announced I was the lucky winner for doing the 5 billionth Google search
The fake redirect page the hackers hijacked the site with was a well-known malicious advertising platform. Your anti-virus knew about it and blocked it. uBlock Origin blocked them for me. Even though I have it turned off for this site so they can gain ad-revenue. I don't usually care for big corps because they are rich enough but this site absolutely isn't. It didn't look like anything really lol. The platform just took people to various places instantly upon visiting WF.org. Some shady ones and some legit ones like Home Depot. I was mostly getting Expedia.
Back when I was a mod there was a Discord thingy that was invitation-only for the mods to use in case of emergencies. Seems to have gone by the wayside as I'm still a member, as are some mods from the distant mists of time, but no one current. Not my circus though, I'm just a monkey.
It does but that wasn't relevant to what happened - as far as i know from what Daniel said it looks like there was a problem with either the url or the host - it doesn't look as though the hack came through the site...we'll share some more detail when Daniel's finished looking into it (bear in mind that we're not going to outline security weaknesses publicly because that would be dumb In terms of contacting us if the sites down - one thing that stood out yesterday was that we couldn't get into either the wforg facebook or twitter because the login's are stored in the admin area here, and our only access to the email needed o rest them also depends on having access here... that's dumb and needs addressing
This link could be useful to prevent these things from happening again. WF isn’t the only website susceptible to hackers but something can be done to prevent this and that’s not up to us but the site owner so there isn’t really anything we can do. https://www.creativebloq.com/web-design/website-security-tips-protect-your-site-7122853
I did a whois on the site, and contacted namecheap. They refused to talk with anyone not the site owner. Pretty stupid not to listen to a report of a problem.
The redirect was sending to several different sites. From what I saw looking at it, some were just generating hits for the site, and others were malware sites.
Macafee itself is stealthware. It negotiates "ultra-discreet"bundling with many other software packages you may download. At most it warns of co-installation with an unobtrusive checkbox (often with tiny or low-contrast print) that defaults to "Install." By the time you notice it installing, you're hosed. For this unethical behavior alone, it should itself be classified as malware. In fact I've had scanner programs warn me of its presence in zips and installation files, so some of them already classify its stealth installers as malware. You can be faked into installing it, but you can also be tricked into various actions by programs impersonating Macafee when you don't actually have it on your computer. I second the recommendation of MalwareBytes Anti-Malware (MBAM).
