# Website hijacking or hacked!



## Wicked2006 (Jul 9, 2005)

To whom it may concern:

You're site has been hacked. Just click one of the threads and see. Please fix! Thanks!


----------



## Gunnar75 (Feb 15, 2011)

annoying


----------



## ARPRINCE (Feb 12, 2011)

Gunnar75 said:


> annoying


Indeed!!! Since yesterday. 

On the garmin thread I started, they injected 12 javascript redirects (1 for each post) to that uk page.


----------



## Cyclin Dan (Sep 24, 2011)

Seriously? All looks good on Tapatalk...the only way to the view this forum in my opinion.


----------



## CAADEL (Jul 23, 2011)

ARPRINCE said:


> On the garmin thread I started, they injected 12 *javascript* redirects (1 for each post) to that uk page.


I've disabled javascript on RBR only and redirects have stopped working. But messages in infected threads are shown as blank posts.

For Google Chrome or Comodo Dragon users go to 

"Settings" --> "Under the Hood" --> "Content settings..." --> 

"JavaScript": Manage exceptions" --> 

"Hostname Pattern": "http://forums.roadbikereview.com" --> "Behavior": "Block".

This will disable all redirects, but it will also disable WYSIWYG text editor so when you write a message and you want to write something in bold or italics or a different color, you'll have to manually use bbcode.

--------------------------------------------------------------------

For Firefox users go to,

Menu "Tools" --> "Options" --> "Content" tab --> remove the tick from the checkbox "Enable Javascript"
This will disable javascript for all websites.

--------------------------------------------------------------------

For Opera users go to,

Menu "Settings" --> "Preferences" -->

"Advanced" Tab --> "Content" --> remove the tick from the checkbox "Enable Javascript"
This will disable javascript for all websites.

I tried to specifically disable Javascript in RBR only in Manage Site Preferences, but Opera doesn't seem to remember my settings for RBR only.

Another thing you can do is go to 
Menu "Settings" --> "Preferences" -->

"Advanced" Tab --> "Content" --> "Blocked Content..." --> "Add..." ---> "http://jforjustice.co.uk/banksters" and hit Enter --> "Close" --> "OK"

--------------------------------------------------------------------

For Internet Explorer users, install Google Chrome or Mozilla Firefox or Opera browser and follow the above instructions. Alternatively buy a Mac.


----------



## nightfend (Mar 15, 2009)

It's not RBR that was hacked. It was a DNS server that RBR uses along with a large number of other websites. It's not like the hackers were targeting this specific site, thinking "AHA, a bicycling site, lets target that!". So it does absolutely no good to complain to anyone running this forum, as they really have no control on the DNS server, other than to file their own complaint about the issue. But, I'm sure the IT department that runs the DNS knows there is an issue.


----------



## ARPRINCE (Feb 12, 2011)

nightfend said:


> It's not RBR that was hacked. It was a DNS server that RBR uses along with a large number of other websites. It's not like the hackers were targeting this specific site, thinking "AHA, a bicycling site, lets target that!". So it does absolutely no good to complain to anyone running this forum, as they really have no control on the DNS server, other than to file their own complaint about the issue. But, I'm sure the IT department that runs the DNS knows there is an issue.


If it was a DNS hack, it would have been easier to bring back the site to normal because you can use other DNS servers for the lookup. However, as you can see below, the hackers injected scripts on the RBR webpages itself. The site admin would either need to restore the site from a backup (prior to the attack) or scan through each site page to remove the script.

https://img689.imageshack.us/img689/1816/hackedj.png


----------



## NYC_CAAD (May 4, 2011)

All fixed i guess!


----------



## Wicked2006 (Jul 9, 2005)

It's nice to see the site is fixed.


----------



## robdamanii (Feb 13, 2006)

nightfend said:


> It's not RBR that was hacked. It was a DNS server that RBR uses along with a large number of other websites. It's not like the hackers were targeting this specific site, thinking "AHA, a bicycling site, lets target that!". So it does absolutely no good to complain to anyone running this forum, as they really have no control on the DNS server, other than to file their own complaint about the issue. But, I'm sure the IT department that runs the DNS knows there is an issue.


Nope. It was an exploit entered into the forum coding that added a java script redirect to posts. It was probably an exploitable SEO plugin or something like that.


----------



## ph0enix (Aug 12, 2009)

ARPRINCE said:


> If it was a DNS hack, it would have been easier to bring back the site to normal because you can use other DNS servers for the lookup. However, as you can see below, the hackers injected scripts on the RBR webpages itself. The site admin would either need to restore the site from a backup (prior to the attack) or scan through each site page to remove the script.
> 
> https://img689.imageshack.us/img689/1816/hackedj.png


Do we know if PHP pages were actually modified or did they simply insert JS into their own posts? vBulletin stores content in a database so it could have been an SQL injection also.


----------

