Page 1 of 11
BRITSIM
Posted: 03 Aug 2013, 15:09
by Dev One
Sorry Guys & Girls, but it looks as if Britsims been hacked yet again!
One gets redirected to an apps site!
I have been free of this until today & Dave Moly is also affected.
Have not heard from the Happy Otter for ages, so presumably he has got more fish (or Squirrels?) to fly!
Keith
Re: BRITSIM
Posted: 03 Aug 2013, 19:20
by Vancouver
No problem for me I used
http://www.britsim.com/ to get there.
Re: BRITSIM
Posted: 03 Aug 2013, 19:28
by Dev One
Alex,
One seems to be able to get there, but I have found (Dave also) that on the 3rd click, if trying to answer a forum question for example, one gets redirected & if you do get that it changes its address each time!
Keith
Re: BRITSIM
Posted: 03 Aug 2013, 19:33
by GHD
It seems ok here:
Ah, I see what you mean. If one attempts to repy to a post, one is redirected to another site
Re: BRITSIM
Posted: 03 Aug 2013, 19:53
by Filonian
Found the same when I tried to register a vote on a download.
Graham
Re: BRITSIM
Posted: 04 Aug 2013, 09:00
by Vancouver
I don't get those symptoms at all, I've repeatedly tried too. FYI I use IE10 on W7 64. if that makes a difference.
Re: BRITSIM
Posted: 04 Aug 2013, 11:56
by basys
Hi Folks
Britsim site has definitely been hacked.
There's a hidden DIV containing Cyrillic text and links.
Plus a couple of links to an Islamic site
which from the link looks like its also a victim of a hacker.
HTH
ATB
Paul
Re: BRITSIM
Posted: 04 Aug 2013, 13:10
by Dev One
Paul,
Thanks for that - it may be very useful for the Happy Otter when he can find time to attack the problem. We did have quite a few russian forum messages that were jibberish some time back that Rob cleared (& we hopefully deleted - but probably not from the root), but have not seen any islamic stuff.
Obviously the hole that Rob tried to plug is still leaky!
Unfortunately Dave M & myself are certainly not well enough acquainted with software manipulation to even try to modify anything & we seem to be missing poor old Leif's touch!
Regards
Keith
Re: BRITSIM
Posted: 04 Aug 2013, 14:42
by basys
Hi Folks
Keith -
WRT your original malicious script infection -
Not all components had been removed from Britsim,
& guessing infection occurred in two seperate events.
Looks like the Islamic site was the payload vector.
The content of the file on their website had since been removed,
but if at any time is reinstated
your visitors will be subjected to its effects.
The calling code is still present in your templates,
(guessing in php for header & footer, plus at least ).
IIRC there may also be regeneration code,
that checks for & reinstates removed elements,
including a php file, which generates a browser specific js.
HTH
ATB
Paul
Re: BRITSIM
Posted: 04 Aug 2013, 19:18
by Dev One
Thanks for the added info Paul, but its all Greek to me. Just hope Rob passes by & can use your info.
Regards
Keith