Hacked web sites (Everone should read!)

[Johnk]

Over the past several months several Trainz Community web sites have been hacked.

Most readers just ignore the hacked site and move on. A few, and a very small few at that, take the time to contact the web site owners and let them know.

A month or so back, I discovered a hacked site and reported it to the owner. As it turned out, this very popular site had been hacked for weeks without the owner's knowledge. Google had picked it up however, and branded it a malicious wares site. As a consequence, it took the owner weeks of pain and anguish to get his reputation back with Google. This could have been avoided if just one of the dozen or so daily visitors had taken time to contact the site owner and warn him.

About three months ago, the Trainz Resources Directory was also hacked. It wasn't so obvious, but IanWoodmore, an observant colleague who regularly frequents my site, noticed some irregularities and reported them to me.

Four days ago the TRD site was hacked again and I wish to thank clam1952 for taking the time to warn me just minutes after the attack took place. That saved the TRD being banned by Google and gave me time to get the site back on line quickly.

Another kind lady by the name of Margaret then contacted me to say my first attempt at getting everything repaired had failed. Once again, I offer my many thanks.

I also wish to thank my Collegue IanWoodmore for also picking up the errors, but he was not quite as quick as the fantastic folks above.

It's interesting to note that from the log files, I can see that the hacker worked for a couple of days before finally breaking in. The site was up and running again in a few hours, and running perfectly overnight. I can never understand what pleasure hackers and graffiti artists (?) get from seeing their hours of work wiped out with a single stroke, be it a replaced script or paint roller.

So folks, the moral of the story is this: These web sites are put up for your enjoyment by hard working colleagues who wish to share things with you. The hack is not only an abuse to the owner's web site, it's also abusing you. The quicker the site is returned to normal, the less pleasure the hacker will get.

Please help by reporting all hacked web sites immediately, please don't leave it to someone else.

 

[NIARTcar]

Thank you for reporting this to the community, I took a few minutes to comb through my site and check for anything. Luckly I did not find anything. However, I still thank you for your warning. I find it shocking someone is willing to spend so much time to hack a site that sees such a small demographic. Compared to the rest of the web, our comunity is but a niche. I esspecially find it extremely irritating that they had the audacity to ruin oene of the most informative sites we have here.


best wishes,
Nick

 

[UP5521]

Yeah,thanks for the warning,this and other trainz information site should not have been hacked,I'm glad to see that no valuable information was lost at the time this incident happened!

 

[Johnk]

It's absolutely essential that you have a backup of your site stored somewhere. It took me about an hour to repair my first hack because the backup was 100% up to date. The last one took longer because I'd been making mods to the site on other people's computers during my three month trip. Unfortunately I never had a backup for the mods, but I think I've now covered all bases.

I should point out that my site is run with Zen Cart, one of the most popular free shopping cart scripts available. There are hackers out there who delight in destroying Zen Cart stores and in many instances they can do insufferable damage. Imagine if you had a store with 10,000 items and no backup? Oddly, people do!

Most web site hacks are what they call re-directs. The hacker places code on your site to re-direct people to other web sites containing malware.

To check your site, go to your home page and click any link. If it takes you to where you expect, probably all is okay.

Regards,

John

 

[brakemen]

reply to hacked

after reading the post of trainz web sites being hacked. if its ok to ask what trainz web sites been hacked I'v been every where down loading content and now I'm thinking if the content I downloaded is bad. since I have been downloading on june 4,5,6 and 7. it makes me wonder now. I wonder if I need to check anything I downloaded near the june 5.

brakemen

 

[johnwhelan]

after reading the post of trainz web sites being hacked. if its ok to ask what trainz web sites been hacked I'v been every where down loading content and now I'm thinking if the content I downloaded is bad. since I have been downloading on june 4,5,6 and 7. it makes me wonder now. I wonder if I need to check anything I downloaded near the june 5.

brakemen

You may assume .cdp files are safe from carrying viruses or malware. The problem on sites being hacked is Malware gets picked up directly by the browser when it goes to the site especially if you haven't kept the security updates up. You shouldn't be using IE 6 or 7 for example.

Cheerio John

 

[brakemen]

reply to john whelan

I know this does not have any thing to do with the hacked browser but after reading your post john whelan I thought just to give you a bit of info on my part.

each week I run anti virus scan and other scans and nothing comes up as as infected folders or anything like that. and I do have ie 8.

 

[johnwhelan]

I know this does not have any thing to do with the hacked browser but after reading your post john whelan I thought just to give you a bit of info on my part.

each week I run anti virus scan and other scans and nothing comes up as as infected folders or anything like that. and I do have ie 8.

You're probably safe. Having said that it is very difficult to be absolutely certain. There is a certain class of Malware that use a technique called rootkit which are very difficult to detect. Win 7 is the most robust, Vista not far behind it, patched XP trails but isn't bad and some one I know who worked for me and was responsible for database security took the view so what. He didn't use his credit card over the internet etc. We scanned his office machine once and came up with 34 bits of Malware but as he said it still worked and he had the data files and documents backed up. He was religious on the machines with databases though.

Cheerio John

 

[Johnk]

I've only come across one kind of hack to date:

Wen you reach a site the home page is not the one you intended to go to. For example you may end up at a Poker page. If you click any link on that page, you could download Malware. Even the X on the top right may be hacked so the best option is to close the Tab, click the Home button or close the browser.

AntiVirus software like AVG may advise you of the hack, gut it's doubtful. The only real solution in my mind is a Firewall. This will stop stuff being downlaoded to your computer unless you approve it.

The type of hacks JW is talking about can still get on your computer even if you have a firewall especially if you use older versions of IE or even Firefox to a lessor degree for that matter. Always use the latest browser, keep your Antivirus software updated and use a firewall. Even then, run a malware checker like Malware Bytes regularly.

 

[RRSignal]

Win 7 is the most robust, Vista not far behind it, patched XP trails but isn't bad and some one I know who worked for me and was responsible for database security took the view so what.

None of my clients are reporting any trouble with XP. Vista and Win7 though...mayhem.

The OS really isn't the issue. The vector malware uses to enter depends on higher-level apps like the browser, Adobe Reader, Flash, Quicktime, and, our old favorite, MS Office files. These take advantage of flaws in the software itself.

Granted, out of a couple thousand machines for which I am responsible or have tested, only a couple dozen are Vista or Win7, but the stats for them aren't any better than those for XP SP2 or SP3 and maybe worse. Meaning that the good ol' fashioned social engineering is still, after all these years, by far the most effective method of getting malware on one's machine.