CAG Hacked - PHPBB Destroyer - Fake Plugin
- Thread starter CheapyD
- Start date
[quote name='The Successful Dropout'][quote name='MorPhiend']How were some people posting during the hack? Are they using Firefox or Safari?[/quote]
no idea....i kept going back and forth to get a 1/2 second glimpse of some of the new posts between getting redirected :lol: some times resulting in me only being able to read one new word at a time[/quote]
Wow, that's insanity.
no idea....i kept going back and forth to get a 1/2 second glimpse of some of the new posts between getting redirected :lol: some times resulting in me only being able to read one new word at a time[/quote]
Wow, that's insanity.
smartasien
CAGiversary!
- Feedback
- 3 (100%)
I tried searching for sp2patch.exe but it couldn't find it. Does that mean i'm safe? I could find sp2patch.exe in regedit though. And i checked the system processes not in safe mode and found only 1 csrss.exe. I'm really paranoid now, can anyone tell me if i'm safe or not?
AnthonyRoundtree
CAGiversary!
[quote name='The Successful Dropout']http://plugin.xtupx.com/
no plug-in download, but i was getting redirected to the above link[/quote]
same here.
i blame fat wallet..... those bastards.
no plug-in download, but i was getting redirected to the above link[/quote]
same here.
i blame fat wallet..... those bastards.
Okay, I thought I was safe...but I wasn't. There was something flashing on my screen for a bit, and then it stopped. And then it flashed again real quick. It did this quite a number of times before I rebooted to Safe Mode and checked to see if there was anything modified during the time I installed the plugin (when I opened it, nothing happened, but it did install). What I did was searched in my C:\Windows\system32\ folder for anything that was modified during the night I had installed it. It appears that there was a folder created on February 28, 2005 10:30pm (the time I had installed the plugin). I deleted the folder, which had csrss.exe in it (I guess it was a clone or something). And I also ran REGEDIT and deleted sp2patch.exe (I don't have Service Pack 2, so anything related to that I really don't care if I delete it or not). So ends my story. Everything is running fine...except that I get an error after I boot up telling me that C:\Windows\system32\SomeWeirdFolderName\csrss.exe is missing. So I get into the Task Manager and it shows that csrss.exe is already running.
Does anyone know how to get rid of that error message? My comp runs fine now, it's just the error message that pops up that is troubling me now.
Does anyone know how to get rid of that error message? My comp runs fine now, it's just the error message that pops up that is troubling me now.
[quote name='Zman310'][quote name='whoknows']oops, I downloaded the plug, installed it, and then put it on cd's and distributed to people for them to use...was that bad?[/quote]
Yes, very bad. You will undoubtedly burst into flames at any moment.[/quote]
Oh well, I guess I'll go stand near my neighbors house, so I dont die without doing some damage. My neighbors are morons.
Yes, very bad. You will undoubtedly burst into flames at any moment.[/quote]
Oh well, I guess I'll go stand near my neighbors house, so I dont die without doing some damage. My neighbors are morons.
[quote name='Rig'][quote name='whoknows'][quote name='Rig']Warning: main(module.Informer.php): failed to open stream: No such file or directory in /home/www/confixx/html/fehler.inc.php on line 36
Warning: main(): Failed opening 'module.Informer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/www/confixx/html/fehler.inc.php on line 36
Fatal error: Cannot instantiate non-existent class: informerpresentation in /home/www/confixx/html/fehler.inc.php on line 52[/quote]
I'm getting this too, and I searched for sp2patch.exe and didn't find it...what should I do now?
Edit: The patch never got downloaded to my knowledge.[/quote]
I don't think anything happened with this one. Well, hopefully nothing was downloaded... :?[/quote]
Yeah, it looks like their host shut them down.
Warning: main(): Failed opening 'module.Informer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/www/confixx/html/fehler.inc.php on line 36
Fatal error: Cannot instantiate non-existent class: informerpresentation in /home/www/confixx/html/fehler.inc.php on line 52[/quote]
I'm getting this too, and I searched for sp2patch.exe and didn't find it...what should I do now?
Edit: The patch never got downloaded to my knowledge.[/quote]
I don't think anything happened with this one. Well, hopefully nothing was downloaded... :?[/quote]
Yeah, it looks like their host shut them down.
chrishicks
CAGiversary!
didn't read through this entire thread but have a few suggestions. you could always install and run SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
it will prevent most of this garbage from insalling. it works for both IE and Firefox. they release updates for new stuff every other week or so too.
or you could also use SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html which is a realtime spyware scanner. its basically like A/V software for spyware.
the best part - both of these programs are completely free.
also, I would also use AdAware and Spybot to scan for already existing stuff on your pc.
AdAware - http://www.lavasoft.de/support/download/
Spybot - http://www.safer-networking.org/en/index.html
or you can also use MS own spyware software which offers realtime protection as well as anytime scanning.
MS Antispyware - http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
the MS software is in beta form at this time however but seems to work very well.
hope this helps.
it will prevent most of this garbage from insalling. it works for both IE and Firefox. they release updates for new stuff every other week or so too.
or you could also use SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html which is a realtime spyware scanner. its basically like A/V software for spyware.
the best part - both of these programs are completely free.
also, I would also use AdAware and Spybot to scan for already existing stuff on your pc.
AdAware - http://www.lavasoft.de/support/download/
Spybot - http://www.safer-networking.org/en/index.html
or you can also use MS own spyware software which offers realtime protection as well as anytime scanning.
MS Antispyware - http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
the MS software is in beta form at this time however but seems to work very well.
hope this helps.
greendj27
CAGiversary!
[quote name='chrishicks']didn't read through this entire thread but have a few suggestions. you could always install and run SpywareBlaster - http://www.javacoolsoftware.com/spywareblaster.html
it will prevent most of this garbage from insalling. it works for both IE and Firefox. they release updates for new stuff every other week or so too.
or you could also use SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html which is a realtime spyware scanner. its basically like A/V software for spyware.
the best part - both of these programs are completely free.
also, I would also use AdAware and Spybot to scan for already existing stuff on your pc.
AdAware - http://www.lavasoft.de/support/download/
Spybot - http://www.safer-networking.org/en/index.html
or you can also use MS own spyware software which offers realtime protection as well as anytime scanning.
MS Antispyware - http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
the MS software is in beta form at this time however but seems to work very well.
hope this helps.[/quote]
Antispyware and antivirus programs don't seem to be catching this thing for people who clicked to install it.
it will prevent most of this garbage from insalling. it works for both IE and Firefox. they release updates for new stuff every other week or so too.
or you could also use SpywareGuard - http://www.javacoolsoftware.com/spywareguard.html which is a realtime spyware scanner. its basically like A/V software for spyware.
the best part - both of these programs are completely free.
also, I would also use AdAware and Spybot to scan for already existing stuff on your pc.
AdAware - http://www.lavasoft.de/support/download/
Spybot - http://www.safer-networking.org/en/index.html
or you can also use MS own spyware software which offers realtime protection as well as anytime scanning.
MS Antispyware - http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en
the MS software is in beta form at this time however but seems to work very well.
hope this helps.[/quote]
Antispyware and antivirus programs don't seem to be catching this thing for people who clicked to install it.
greendj27
CAGiversary!
[quote name='masha'][quote name='greendj27']
Antispyware and antivirus programs don't seem to be catching this thing for people who clicked to install it.[/quote]
NOD32 cought it last night with no problem.[/quote]
I just heard people talking about it last night and saying that Norton and some others weren't catching it. I guess some can though.
Antispyware and antivirus programs don't seem to be catching this thing for people who clicked to install it.[/quote]
NOD32 cought it last night with no problem.[/quote]
I just heard people talking about it last night and saying that Norton and some others weren't catching it. I guess some can though.
CappyCobra
CAGiversary!
- Feedback
- 1 (100%)
THose punks at eaxposed are all giddy with the script kiddie tool that got release for phpbb.
*Disclaimer*
Linking to the 'hacker' forum. Mods, nuke it if you wish. Just wanted to show people here those punks agendas.
Hacker Punks and thier script kiddie tools
*Disclaimer*
Linking to the 'hacker' forum. Mods, nuke it if you wish. Just wanted to show people here those punks agendas.
Hacker Punks and thier script kiddie tools
greendj27
CAGiversary!
"plugin" link
This is a link to the thread on eaexposed where a "plugin" program that exploits phpbb is posted. I wonder if this is the one they used?
This is a link to the thread on eaexposed where a "plugin" program that exploits phpbb is posted. I wonder if this is the one they used?
hiccupleftovers
CAGiversary!
[quote name='CappyCobra']THose punks at eaxposed are all giddy with the script kiddie tool that got release for phpbb.
*Disclaimer*
Linking to the 'hacker' forum. Mods, nuke it if you wish. Just wanted to show people here those punks agendas.
Hacker Punks and thier script kiddie tools[/quote]
What
ers. I just read the entire topic. Their just playing around it seems and going after random sites. I hope they all burn for putting good honest sites down like this. Stupid idiots. And I here that CAG was attacked again, when? Also, what happened to my thread in the CAG news, feedback, and site assistance forum?
*Disclaimer*
Linking to the 'hacker' forum. Mods, nuke it if you wish. Just wanted to show people here those punks agendas.
Hacker Punks and thier script kiddie tools[/quote]
What
ers. I just read the entire topic. Their just playing around it seems and going after random sites. I hope they all burn for putting good honest sites down like this. Stupid idiots. And I here that CAG was attacked again, when? Also, what happened to my thread in the CAG news, feedback, and site assistance forum?
hiccupleftovers
CAGiversary!
Mods or whoever, I say use their stupid ing program against them. Nuke their site.
ing program against them. Nuke their site.
CappyCobra
CAGiversary!
- Feedback
- 1 (100%)
[quote name='hiccupleftovers']Mods or whoever, I say use their stupid shaq-fuing program against them. Nuke their site.[/quote]
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
hiccupleftovers
CAGiversary!
[quote name='CappyCobra'][quote name='hiccupleftovers']Mods or whoever, I say use their stupid shaq-fuing program against them. Nuke their site.[/quote]
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
[/quote]
Truly a wise man indeed. Now where is our Duke Nukem Forever.
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
Truly a wise man indeed. Now where is our Duke Nukem Forever.
hiccupleftovers
CAGiversary!
[quote name='Scorch']holy shit, these guys don't even deserve to be called hackers.. just some script kiddies.[/quote]
You're right about that. One thing I don't get is what do they have against CAG? What is their vendetta? Did they miss out on a deal/sale and now are disgruntled or something. What's the point of going after a site like this is where I"m getting at.
You're right about that. One thing I don't get is what do they have against CAG? What is their vendetta? Did they miss out on a deal/sale and now are disgruntled or something. What's the point of going after a site like this is where I"m getting at.
Randomthts
CAGiversary!
- Feedback
- 22 (100%)
[quote name='CappyCobra'][quote name='hiccupleftovers']Mods or whoever, I say use their stupid shaq-fuing program against them. Nuke their site.[/quote]
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
[/quote]
Actually Rowdy Roddy Piper said that in "They Live". I feel old.
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
Actually Rowdy Roddy Piper said that in "They Live". I feel old.
[quote name='Randomthts'][quote name='CappyCobra'][quote name='hiccupleftovers']Mods or whoever, I say use their stupid shaq-fuing program against them. Nuke their site.[/quote]
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
[/quote]
Actually Rowdy Roddy Piper said that in "They Live". I feel old.[/quote]
You've actually seen that before??? Whenever TNT or TBS would air that after WCW, I would quickly change the channel.
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
Actually Rowdy Roddy Piper said that in "They Live". I feel old.[/quote]
You've actually seen that before??? Whenever TNT or TBS would air that after WCW, I would quickly change the channel.
Randomthts
CAGiversary!
- Feedback
- 22 (100%)
[quote name='MorPhiend'][quote name='Randomthts'][quote name='CappyCobra'][quote name='hiccupleftovers']Mods or whoever, I say use their stupid shaq-fuing program against them. Nuke their site.[/quote]
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
[/quote]
Actually Rowdy Roddy Piper said that in "They Live". I feel old.[/quote]
You've actually seen that before??? Whenever TNT or TBS would air that after WCW, I would quickly change the channel.[/quote]
Actually I saw at a theater when it came out. Ah, good times.
I wise man once said:
Kill'em all and let God sort'em out!
It's time to kick ass and chew bubblegum. And I'm all outta gum!
- Duke Nukem
Actually Rowdy Roddy Piper said that in "They Live". I feel old.[/quote]
You've actually seen that before??? Whenever TNT or TBS would air that after WCW, I would quickly change the channel.[/quote]
Actually I saw at a theater when it came out. Ah, good times.
CappyCobra
CAGiversary!
- Feedback
- 1 (100%)
[quote name='CheapyD']I saw "They Live" in the theater too. 
FYI, I'm hiring a Server Security guy to work on the CAG server.[/quote]
Maybe you could hire this dude. I'm sure he'll keep your server safe
FYI, I'm hiring a Server Security guy to work on the CAG server.[/quote]
Maybe you could hire this dude. I'm sure he'll keep your server safe
FriskyTanuki
CAGiversary!
- Feedback
- 36 (100%)
[quote name='dcfox'][quote name='CheapyD']I saw "They Live" in the theater too.
FYI, I'm hiring a Server Security guy to work on the CAG server.[/quote]
Does that mean you'll be raising the CAG monthly subscription fee?[/quote]
Yep, it's now two beatings, three BJ's, and a happy ending.
FYI, I'm hiring a Server Security guy to work on the CAG server.[/quote]
Does that mean you'll be raising the CAG monthly subscription fee?[/quote]
Yep, it's now two beatings, three BJ's, and a happy ending.
MorbidAngel4Life
CAGiversary!
[quote name='CrashSpyro123'][quote name='dcfox'][quote name='CheapyD']I saw "They Live" in the theater too.
FYI, I'm hiring a Server Security guy to work on the CAG server.[/quote]
Does that mean you'll be raising the CAG monthly subscription fee?[/quote]
Yep, it's now two beatings, three BJ's, and a happy ending.[/quote]
All I have left is a BJ.
FYI, I'm hiring a Server Security guy to work on the CAG server.[/quote]
Does that mean you'll be raising the CAG monthly subscription fee?[/quote]
Yep, it's now two beatings, three BJ's, and a happy ending.[/quote]
All I have left is a BJ.
themoor666
CAGiversary!
- Feedback
- 3 (100%)
[quote name='Socheata']I deleted the folder, which had csrss.exe in it (I guess it was a clone or something). And I also ran REGEDIT and deleted sp2patch.exe (I don't have Service Pack 2, so anything related to that I really don't care if I delete it or not). So ends my story. Everything is running fine...except that I get an error after I boot up telling me that C:\Windows\system32\SomeWeirdFolderName\csrss.exe is missing. So I get into the Task Manager and it shows that csrss.exe is already running.
Does anyone know how to get rid of that error message? My comp runs fine now, it's just the error message that pops up that is troubling me now.[/quote]
Same problem here.
Does anyone know how to get rid of that error message? My comp runs fine now, it's just the error message that pops up that is troubling me now.[/quote]
Same problem here.
hey, i know absolutely nothing about all this redirect stuff, etc...but i have a question...is this "program" everyone is saying not to download something that was installed automatically onto a user's machine when logged into CAG or is it something along the lines of actually "agreeing" (if that is the right word?) to d/l something (ie. my knowingly d/ling a program like spybot from download.com)?
i haven't d/led anything from CAG but was redirected to some page with programming code on it like most others, and just want to know if i need to go through all the steps that cheapyd and defender outlined
this is me reading this whole thread
thanks to one & all in advance
i haven't d/led anything from CAG but was redirected to some page with programming code on it like most others, and just want to know if i need to go through all the steps that cheapyd and defender outlined
this is me reading this whole thread
thanks to one & all in advance
If you saw something like this...
then I think you are ok. Looks like the "hackers" site was taken down by the host or something.
Code:
Warning: main(module.Informer.php): failed to open stream: No such file or directory in /home/www/confixx/html/fehler.inc.php on line 36
Warning: main(): Failed opening 'module.Informer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/www/confixx/html/fehler.inc.php on line 36
Fatal error: Cannot instantiate non-existent class: informerpresentation in /home/www/confixx/html/fehler.inc.php on line 52then I think you are ok. Looks like the "hackers" site was taken down by the host or something.
thats exactly what it was
thx cheapy
[quote name='CheapyD']If you saw something like this...
then I think you are ok. Looks like the "hackers" site was taken down by the host or something.[/quote]
thx cheapy
[quote name='CheapyD']If you saw something like this...
Code:
Warning: main(module.Informer.php): failed to open stream: No such file or directory in /home/www/confixx/html/fehler.inc.php on line 36
Warning: main(): Failed opening 'module.Informer.php' for inclusion (include_path='.:/usr/share/php:/usr/share/pear') in /home/www/confixx/html/fehler.inc.php on line 36
Fatal error: Cannot instantiate non-existent class: informerpresentation in /home/www/confixx/html/fehler.inc.php on line 52then I think you are ok. Looks like the "hackers" site was taken down by the host or something.[/quote]
supermariomelee
Banned
Did anyone else notice something while surfing the site yesterday that seemed like another hacker attack? I noticed it around the time I signed off.
danny90044
CAGiversary!
yeay cag is back up!
supermariomelee
Banned
Huh, weird. I had that plugin and forgot to remove. So when I ran lavasoft's adware detection program today(which had to be updated), apparently it was deleted after it was completed. Cause the folder isn't there anymore. Just something that I'd thought I'd pass along for those that haven't removed it yet.
bread's done