# WARNING



## Anonymous (Nov 24, 2009)

I recently had the opertunity to exchange emails with one of our forum members, my IP address was gleaned from the headers.

Shortly after my computer was hacked into the perpretraitor did not have time to clean up all the system logs. Yes I know who the guilty person is and will turn over my system logs to the RCMP and the FBI for further investigation.

Any one on this forum requesting a copy of my system logs shall recieve a copy on request, and then you will know also who the guilty person is. While hacking they are dumb enough to use their online nick.

Another dumb move for the hacker, you should never hack a computer using Satillight Internet where the bandwidth is limited, you may get timed out. And yes I do think that is very funny as this is why you were not able to complete cleaning up your tracks.

Since 9/11I beleive computer hacking in the U.S.A is considered an act of terrorisim.

Best Regards
Gill Elmgren aka gustavus


----------



## patnor1011 (Nov 25, 2009)

I hope that this person is banned from here by now. Can you pm me your logs at least that part to identify person and I will check my pc.


----------



## butcher (Nov 25, 2009)

how can we tell if someone is hacking into our computer?
and if someone is hacking computers they need to be exposed and expelled.
how can they hack from emails, wouldnt they need to have you download a program to your computer?


----------



## Irons (Nov 25, 2009)

I have suspected this for quite a while now and have mentioned it to others. Precious metals and Mining are a prime target for Organized Crime.
The first project I worked on in 1970 was funded by the Mafia and run by them also. Two different families, and neither was aware of the others' participation. Needless to say, I got away from that as quickly as I could.

If you value your sources and wealth, you better keep your own counsel.


----------



## Rhodium (Nov 25, 2009)

That's why i use two computers. I have one strictly for business, No surfing, posting, or any extra activities on it. Then i have old Blue here. I don't run virus software or anything on it. I wipe it and reload windows about once a month. I welcome the hack. But watch what you look for cat's are sly like that. :twisted: 

Hack Away.


----------



## markqf1 (Nov 25, 2009)

I'm a prime example of the fact that our machines sometimes take us over. Anyone would be doing me a favor let me know if mine is "malfunctioning".

Mark


----------



## gorfman6154 (Nov 25, 2009)

Rhodium said:


> That's why i use two computers. I have one strictly for business, No surfing, posting, or any extra activities on it. Then i have old Blue here. I don't run virus software or anything on it. I wipe it and reload windows about once a month. I welcome the hack. But watch what you look for cat's are sly like that. :twisted:
> 
> Hack Away.



I'm the same way, one for work, and one for play. 

Gustavus, you should make his name public so that all can see. Another option is to use the internet against him. Let the whole world see what a sc*mbag he really is :evil: . If you started posting blogs about him, he will wind up in Google searches for everyone to see.

I hope he did not get anything important, and wish you the very best in getting him busted.

Gorfman


----------



## Anonymous (Nov 25, 2009)

The hack attack came from Amsterdam with the following IP 91.189.94.4, this server was probably used as a relay to set up mail bots.

Several months back I started to install an email server ( Postfix ) with some extra bells and whistles, got sidetracked and never finished the configuration leaving a lot of holes in the sever. Totally my fault.

Postfix in itself is and easy server to configure, it was the additional modules that become a bit tricky since one script with the installation file I needed was written in a foreign language -Italian.

The fellow from Amsterdam had no problems configuring my Postfix server for a mail relay.

Learned some neat stuff from the log files, the missing logs had been renamed and archived. For the next couple of days will be learning how to make my system more secure. my first thoughts are getting a router that uses encryption, maybe even consider using a live encrypted hard drive.

Will see what the Linux gurus have for suggestions in securing ones computer.

ttys
Gill


----------



## AKDan (Dec 1, 2009)

It would seem that this is still ongoing.

This the first time I have seen the warning from my system on the index page, but that is where it popped up.

JS/Exploit-BO.gen which is reported as a trojan


----------



## Anonymous (Dec 1, 2009)

AKDan said:


> It would seem that this is still ongoing.
> 
> This the first time I have seen the warning from my system on the index page, but that is where it popped up.
> 
> JS/Exploit-BO.gen which is reported as a trojan




This is actually very funny, When I suggested volunteering your idle CPU cycles, some replied about concerns of privacy. The very forum you love so much has had the ability to install malicious code for months. This malicious code is able to take over your computer, steal your personal information. But has knowledge of this virus kept you off the board.

Now you too can have your computer infected with a Trojan compliments of the Gold Refining Forum.

We all know that Noxx is busy with his education and what not, maybe it would be in the best interests of the forum if Noxx were to step down from Admin temporarily. I'm sure there are some of our members who have time and knowledge to administer this site in an appropriate manner.

The most recent Google scan found the Gold Forum infected with malicious code and has now added the Gold Forum to its list of malicious sites, we're being blocked by Google. Only a fool would ignore the Google flag.

I should know because my computer was recently violated, and I have my suspicions it originated from this forum.

My suggestion would be for Admin to use Google tools, link located near the bottom of the report. By using Google tools they will know the site has been cleaned properly and will remove the site from the malicious website list much sooner.

View attachment 1


----------



## lazersteve (Dec 1, 2009)

Indeed!

It's time the site was moved to a real host that provides security to their subscribers.

I'm to the point where I'm ready to pay for it out of my own pocket.

Google's blacklisted the forum now. 

Steve


----------



## Anonymous (Dec 1, 2009)

Steve it would not matter if you moved the Forum to another server, that virus is coming along for the ride! The virus is embedded in the forum script and has to be removed by ADMIN who have access to root.

The virus is injected into the forum script by a human sitting on a keyboard, it's obvious the forum software has some holes in it. The developers routinely add patches to fix these holes, has Noxx checked the PHPbb website for a fix.

It's up to the forum owner to secure the site, and attend to any problems or adding applications from ROOT, and only Noxx has access to ROOT.

Perhaps the password Noxx has chosen to use for Admin is not a very strong one and is easily broken with a little persistence from a hacker.

My suggestion is for what its worth, strengthen the password for ADMIN, then add SSL for secure login's Noxx ca either use a self sighned certificate or purchase one from Verisign or any one of the many commercial vendors offering these certificates.

This eliminates the possibility of persistence hacking using a Jack The Ripper Password Dictionary being thrown at the login screen used for Admin, yes the hacker has access to root to do his dirty deed.

Regarding email address's have any of you been getting spam from a gmail address, which escapes detection of your spam filters.

For those of us that use eBay , on line Postal Services and on line banking we are very familiar with the secure url beginning HTTPS://.

That screen having us type in YES or Noxx is a joke, there is no security there at all.

Noxx could also install tripwire, which is an application to notify whenever changes to files in root have been modified.
http://www.linuxlinks.com/article/20080503120347559/Tripwire.html

PHPbb3 using SSL
http://www.phpbb.com/community/viewtopic.php?f=46&t=1437445

OpenSSL self signed Certificates http://sial.org/howto/openssl/self-signed/

And NO I'm not volunteering for the job as Admin, been there done that with an online store using Oscommerce with a proprietary not shared SSL certificate.

Oscommerce http://www.oscommerce.com/


----------



## lazersteve (Dec 2, 2009)

Gus,

I'm aware of Root permissions and the how they affect the security of the site as well as SSL site configurations.

The forum pages would obviously have to be cleaned of any exisitng problems like trojans, viruses, and patched to a more secure version before moving.

You are 100% correct about Noxx's security measures.

I would tend to disagree with you that the virus had to be injected by a human at a keyboard as the web today is full of automation programs that similate 'humans at the wheel'. Of course, ultimately a human had to write the code that infected the site.

Another possible route of infection is Noxx himself. His computer may be infected and everytime he logs in to administer the site (like the recent 'outage' event) he reinfects the forum code from the root. This mode of infection is more popular today than it has ever been. At my day job, we have several hundred thousand dollars worth of firewalls, SSL secure sites, security software, and our own private MetroE WAN network of 1000+ servers and workstations, yet we still have the problem of site outages associated with internal attacks that exploit human behaviour. 

If Noxx's computer is comprimised, and he has Admin privialges, all the external security, patches, and hardened passwords in the world won't stop re-infection. 

A hacker need not overcome sophisticated security measures if he can trick a human that already has access to these systems to execute his code under their administrative login. This sort of 'computer identity theft' is the wave of the future of modern hacks. These socially engineered attacks can only be fixed through better education of our Admins and users. Worse still they are constantly evolving as the 'good guys' find ways of blocking the vunerabilites. 

In a nut shell, something has to change if the forum is going to thrive without these types of problems.

Steve


----------



## goldsilverpro (Dec 2, 2009)

Until the malware problem is solved, I'm running the forum in Opera 10 (doesn't use Google search) using a sandbox. I can't get into the forum on FF 3.5, sandboxed or not, since it is Google powered. As I understand it, the sandbox will isolate the forum and prevent infection of my computer. To run any browser, temporarily, in a sandbox, right click on the icon (Opera, in this case) and click on "Run Sandboxed". 
http://sandboxie.com/

Sandboxie quickly downloads and doesn't slow anything down when using. However, as I understand it, other downloads, etc. made while the browser is in a sandbox will be lost when the browser is shut down. There are ways to save them, but I haven't got that far yet.


----------



## kklynnt (Dec 4, 2009)

I wonder if Noxx is keeping the latest script updates installed for the forum? The developers should be working on any reported security issues and getting a fix out to the forum owners. 

The forum looks to be hosted on 1and1.com.... There are better web hosting services out there in my opinion. Kerry


----------



## Rhodium (Dec 4, 2009)

If Google has got us black listed then somebody needs to tell that bot he's not welcome here anymore. 
:shock: :shock: :shock:


----------



## goldsilverpro (Dec 5, 2009)

Is it Google or Firefox? I have no problem getting on the forum with IE8 or Opera 10, both of which have the Google toolbar. The problem is only with FF 3.5.


----------



## lazersteve (Dec 5, 2009)

The default search engine for Firefox is Google, that's who's blocking access to the forum.

Microsoft's default search engine is typically Bing, Windows Live, or Yahoo. When you installed the Google toolbar it asked you if you want to make it the default search engine, you probably said no.

Steve


----------



## goldsilverpro (Dec 6, 2009)

Steve,

I just made a Google search in Opera for the forum and had no problems getting in. Why is that?


----------



## greentea (Dec 6, 2009)

I get the warning using Opera 9.64 and IE8. My default SE is Yahoo and my AV is Avast. I seem to remember this happening when I first came to this board. What's going on?


----------



## lazersteve (Dec 6, 2009)

GSP,

Try the same search from FF and you will get a big warning message.

Must have something to do with Opera why you are getting in, or maybe sandboxing has allowed you to access the google search without being blacklisted. I really don't know.

I'm using my IE8 to access the forum right now.

Steve


----------



## lazersteve (Dec 6, 2009)

Here's what Google is telling my Firefox when I click on a search link of the forum:

Google Page Ananlysis

Steve


----------



## LeftyTheBandit (Dec 7, 2009)

Will Norton 360 protect me from this threat?

For three day's I have been balking at that security message but I needed by GRF fix. I would hate to loose this site.

I guess I will run a scan and shut my computer off at night then monitor google to see if a fix is achieved in the future.

:|


----------

