Lythia.com Hacked

Announcements, news and updates of things that affect members. NEW MEMBERS & GUESTS PLEASE READ.
Post Reply
Message
Author
User avatar
Leitchy
Site Admin
Site Admin
Posts: 4161
Joined: Wed Feb 20, 2002 8:56 pm
Location: AU, ACT, Canberra
Contact:

Lythia.com Hacked

#1 Post by Leitchy » Sun Feb 19, 2012 11:28 am

Greetings all.

Despite the grim sounding title, this isn't as bad as it seems, at least as far as your personal information is concerned. There's no evidence to suggest that the database housing your information has been compromised, but it *is* true that pretty much every page on Lythia.com that ended with '.php' has had some code inserted at the beginning of the page which, every once in a while, redirects people to a variety of different web sites that may or may not contain malware.

I have cleaned all the pages I can find (and there are an awful lot of them), but I will be carrying out further examinations over the next few days to see if I got everything. In the meantime, you can always change your password to this site if you feel that could a good move. I'm not going to insist on it, but it certainly can't hurt anything.

I suspect what's happened is that my hosting account password has been compromised so I've already changed *that*, at least. However, one thing you can do is clear your own caches at home. Pages you go to frequently will commonly be held in cache by your browser, and you could experience the same symptoms even though the source of the infection has been cleared.

But if you've cleared your cache and taken all the other precautions sensible people with an Internet connect do and you still get redirected by a page on Lythia.com, please let me know, especially the URL that's doing it. I'm certain I've missed some because there are simply so many pages...and folders, sub-folders, sub-sub-folders, ad nauseum...but I'd like to eventually get rid of it all without scraping the site down to bare metal and starting again, if possible.
Cheers

Leitchy
Site Admin
FAQs & Links

DeCoucy
Reeve
Reeve
Posts: 406
Joined: Wed Jan 19, 2005 1:07 pm
Contact:

Re: Lythia.com Hacked

#2 Post by DeCoucy » Sat Feb 25, 2012 9:22 am

Hi Peter

Cleaned my cache and logged on today and got a redirect. Didn't save the URL, but clearly to kosher.

Cheers,
Conal

User avatar
Krazma
Baron
Baron
Posts: 3022
Joined: Sat Dec 25, 2004 1:43 pm
Location: Austin, Texas

Re: Lythia.com Hacked

#3 Post by Krazma » Sat Feb 25, 2012 9:47 am

Same here. Got a redirect to http://ustreambesttv.rr.nu/11f/
from the http://www.lythia.com/forum/ page before I had even logged in.

User avatar
Leitchy
Site Admin
Site Admin
Posts: 4161
Joined: Wed Feb 20, 2002 8:56 pm
Location: AU, ACT, Canberra
Contact:

Re: Lythia.com Hacked

#4 Post by Leitchy » Sat Feb 25, 2012 11:06 am

Yep, it's happened again. :(
Cheers

Leitchy
Site Admin
FAQs & Links

TheHistorian
Beadle
Beadle
Posts: 223
Joined: Mon Feb 16, 2009 2:11 pm
Location: San Francisco, CA

Re: Lythia.com Hacked

#5 Post by TheHistorian » Sat Feb 25, 2012 11:17 am

Krazma wrote:Same here. Got a redirect to http://ustreambesttv.rr.nu/11f/
from the http://www.lythia.com/forum/ page before I had even logged in.

I just encountered that one as well.

User avatar
Leitchy
Site Admin
Site Admin
Posts: 4161
Joined: Wed Feb 20, 2002 8:56 pm
Location: AU, ACT, Canberra
Contact:

Re: Lythia.com Hacked

#6 Post by Leitchy » Sun Feb 26, 2012 11:20 am

Hopefully the redirect code is now gone forever, but my hoster is now going to scan all pages on all domains in my hosting once a month to double check.

As usual, let me know if things happen from this point on...
Cheers

Leitchy
Site Admin
FAQs & Links

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest