Some nice human being I guess has infiltrated the forums because there are constant popups now. Can our webmaster(s) handle this?

Yeah, I keep having the "Firefox prevented this site from opening a popup window." tab pop up every time I click a link.

EDIT: found the problem, our newest member:

http://www.cheersandgears.com/forums/index.php?showuser=2347

Edited July 30, 200618 yr by NOS2006

Wow... you'd think he couldn't be any more obvious.

Whatta asshole. I figured I got spyware or something because I got Poker ads and crap.

Not just that, but pages black out for a few seconds before actually showing up...

Yep, mine black out also.

Hey everyone.

We're getting on top of this. Bear with us while we fix the problems. On behalf of the site, I apologize for any inconvenience!

We understand, Fly, we understand. And we know you're doing your best.

Good thing I have a pop-up blocker... I was like.. "Since when does C&G have pop-ups?"

Yep, mine black out also.

173228[/snapback]

This is a first? It's been going on with me since Monday.

Yeah, I'm glad I have a pop-up collar too. Oh wait, that's Nos.

The dots here look suspicious...

and the code segment from reveals this:

<iframe src="http://www.darkwars.org/index.php?a=click&id=99611" height="0" width="0"></iframe>
<iframe src="http://xrl.us/ptw8" height="0" width="0"></iframe>

<iframe src="http://xrl.us/ptxb" height="0" width="0"></iframe>
<iframe src="http://xrl.us/ptxb" height="0" width="0"></iframe>
<iframe src="http://xrl.us/ptxg" height="0" width="0"></iframe>
<iframe src="http://xrl.us/nmfs" height="0" width="0"></iframe>
<iframe src="http://xrl.us/nmfv" height="0" width="0"></iframe>
<iframe src="http://xrl.us/ptxh" height="0" width="0"></iframe>

The sites points to the same popup that we are experiencing right now, and also points to some kind of game lookalike called DarkWars.org. Hacker org?

We have to remove it as soon as possible, as they are stealing our traffic for popup money.

In order to stop giving them money for now until the offending code is removed, I recommend everyone to block the two sites at a user level. To do this, add two redirects to the two servers redirect back to yourself.

To do this in Windows 2000/XP,

1. Open C:\Windows\system32\drivers\etc\hosts

2. Add two lines to the file

127.0.0.1    www.darkwars.org
127.0.0.1    xrl.us

This will stop their sites from sucking money from us. The popups won't load at all, because if the code tries to access the sites, it gets redirected to your own computer.

Looks like our hacker is still on it...

Add another to the block list:

127.0.0.1    www.xrl.us

My Internet Explorer pop-up blocker is working overtime. Who was the member that did this again? I didn't catch the name.

Just restore the day before's backup file and it's fixed....

But as I was saying, the hacker is still on it. The number of popup code raised from 8 to 15 (Look at the dots, each dot is a zero pixel inline frame with code linked). The moment we restore that backup the moment it gets hacked again.

Something else is wrong with the security of the server. It looks like the password is compromised or something.

Edited July 30, 200618 yr by ToniCipriani

This is one of the few things I hate about the internet...

The fact that a couple of either incredibly obese or alien skinny nerds can totally ruin a website or group and not reveal themselves and also steal money.

These were kids who weren't smacked around when they were younger... or at least didn't mow the lawn.

if i were you, i'd try to reset all the cookies, all the admin passwords, the server passwords...

obviously he is either on top of the site, or he has a way of reinserting the popups...

and if the pop ups doubled, that sounds to me like it was done via software not by an individual...

similar to spyware/virus/trojans that will reinstall themselves once they are removed...

also all the admin ought to check their own computers for viruses... it is easy to set up something that can access the server from a computer that is supposed to have access... I almost got into legal troubles with microsoft for doing such activities...

Holy **** its getting worse...

The popups aren't getting past Norton AntiSpam for FireFox to have to block them.

I said this somewhere else, but I wonder if this was an inside job? I really doubt it, but the thought crossed my mind. Someone may have the knowhow, or knows someone who does...

Hope not...

All should be well now. The hacker edited the global IPB footer template. I deleted the modified code, and I'm not getting any more popups. How about the rest of you?

Nothing has popped up for the past few clicks...

Nice work!

All should be well now. The hacker edited the global IPB footer template. I deleted the modified code, and I'm not getting any more popups. How about the rest of you?

173362[/snapback]

Good show, birthday man.

Thanks to our webmaster, Z, we're all up and running again!

Guess he gave US a birthday present

I said this somewhere else, but I wonder if this was an inside job? I really doubt it, but the thought crossed my mind. Someone may have the knowhow, or knows someone who does...

Hope not... 

173355[/snapback]

Wait, let me guess......It's my fault lol

Wait, let me guess......It's my fault lol

173449[/snapback]

"I've got a question. Why are you still here?"

nice recovery, from what i can tell, only noticed it last night and today. hopefully it'll never happen again.

Probably not Josh, but the punk kid who YellowJacket was bashing over at the G5 thread.

I just had that feeling.

Wait, let me guess......It's my fault lol

173449[/snapback]

Do you want us to blame you? It sounds like it. Okay. You did it Josh!

This whole "woe is me" act has become tiring. Next time, keep it to yourself. I don't think I can roll my eyes anymore.

At least the problem is fixed... hopefully.

At least the problem is fixed... hopefully.

173673[/snapback]

Wait so Josh won't be posting anymore?

OH SNAP! No you di-ent!

Edited July 31, 200618 yr by Cadillacfan

Hmm.... I'm getting pop-ups again...

We're working on it.

This is the culprit's info...

IP - 65.78.77.53

C&G Registration e-mail - [email protected]

Feel free to unleash unmitigated anger against that person.

Anybody know how to hack his computer using his IP address?

I can do some port scans first

All these techie terrms.. what does that mean? lol

To explain it I might need to dump more terms on you

yeah, i'm getting popups like mad. at least i know now its a hack job. google blocker seems to help.

Firefox must be saving me right now.

I haven't experienced a single pop-up yet.

I don't see anything Joe...

Probably not Josh, but the punk kid who YellowJacket was bashing over at the G5 thread.

I just had that feeling.

173660[/snapback]

Guess I pissed him off...

Why is that still happening?