Thread subject: Motherwell Pool League :: scottish pool

Posted by the shooter on 10 August 2009 18:27
#1

anybody else having problems getting onto the scottish site as i keep getting redirected to another site?

Posted by JB on 10 August 2009 18:47
#2

yes, I dont know if its a virus, but if it is, its totally mucked up the Uddy site.

****IN THE MEANTIME, COULD ALL SITE USERS MAKE SURE THEY DON'T CHANGE THEIR AVATAR (PROFILE PICTURE) ON THIS SITE.....

THANKS*****

Posted by dosser on 10 August 2009 18:59
#3

just noticed that... it must be the whole scottishpool domain as UPL.scottishpool is screwed as well as scottishpool.com

Posted by JB on 10 August 2009 19:04
#4

It wont be the domain, as .scottishpool.net is on a different dns from "scottishpool.com" - that said, if Bill has managed to infect a common server, he could have big problems.

Whilst I know how malware like this is installed and how people get it onto a site, we seem to be ok. I just hope Bill doesn't port the code over onto the server which hosts the Motherwell site, which is also hosted by scottishpool.net domain

Edited by JB on 10 August 2009 19:07

Posted by the shooter on 10 August 2009 19:17
#5

When we tested this site we found links to incredibleholidaysavings.com, which our tests found to be a high volume or spammy e-mailer.

this is what mcafee says about it, hope they get it sortedsmcokehead

Posted by JB on 10 August 2009 21:05
#6

Confirmed, the scottish pool website has been hacked and this will be the same with the uddy site. Again, I would request that in the meantime all users do not change their avatars.

I would imagine that Bill has the scottish site backed up and He should be able (hopefully) to get it back online within the next 24 hours or so.

Edited by JB on 10 August 2009 21:09

Posted by maxi on 11 August 2009 09:51
#7

The problem is hitting the webservers which host all scottishpool hosted sites, but only if they use the same version of php as the scottish site. That's why the likes of Airdrie, Uddingston and Scottishpool are being hit but sites like Kilsyth, Motherwell and Strathclyde aren't....yet...smpray

Posted by JB on 11 August 2009 10:54
#8

Aye, but the webservers are likely being infected by users from the local (or possibly national) sites uploading dangerous content, such as embedded code in avatars etc

Just another reason by admins have to be careful about who they activate on their site.

Best of luck to all concerned, although there is a strong likiehood they will be starting from scratch. Like Maxi says, hopefully our updated version of the software will be robust enough to survive the attack.

Posted by JB on 11 August 2009 23:15
#9

Scottish site back up and running, Uddy site still down (but I would imagine this can be fixed fairly quickly)

Got a bit lucky there.....

Posted by the shooter on 19 August 2009 23:29
#10

scottish site down againsmmad