View unanswered posts | View active topics It is currently Wed Oct 16, 2019 4:36 am



Reply to topic  [ 15 posts ] 
Website hacked? 
Author Message
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Website hacked?
Is your website hacked? The zsnes.com homepage is advertising illegal casinos. Better clear that up before the Nintendo lawyers shut you down.


Sat Mar 26, 2016 1:56 am
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
In addition, the WHOIS e-mail addresses are bouncing. Please fix that ASAP too before zsnes.com gets shut down by ICANN.


Sat Mar 26, 2016 2:01 am
Profile WWW
"Your thread will be crushed."
User avatar

Joined: Wed Jul 28, 2004 1:49 am
Posts: 1233
Location: Not in Winnipeg
Reply with quote
Post Re: Website hacked?
As far as I can tell, the only ad script being run on the front page is from Google. But yes, this does look like it was manually added somehow.

_________________
<pagefault> i'd break up with my wife if she said FF8 was awesome


Sat Mar 26, 2016 2:24 am
Profile WWW
Zealot
User avatar

Joined: Wed Jul 28, 2004 3:31 am
Posts: 1140
Reply with quote
Post Re: Website hacked?
There are three ads running on the main site.

This is one that pops up a new tab the first time you click within the page, including clicking to dismiss any of the other ads:

Code:
<!-- BEGIN S0005157 POP -->

<script>
var _gunggo={settings:{siteID:"S0005157",pop:{type:"tab"}}};
_gunggo.settings.pop.freqcap={frequency:2,duration:1};
</script>
<script src="//cdn.directrev.com/js/gp.min.js?s=S0005157"></script>

<!-- END S0005157 POP -->


The second:

Code:
<td class='PHeader'>

<script type="text/javascript"><!--
google_ad_client = "pub-7645045873107134";
google_ad_width = 300;
google_ad_height = 250;
google_ad_format = "300x250_as";
google_ad_type = "text_image";
google_ad_channel ="2957165506";
google_color_border = "C8CFD8";
google_color_bg = "C8CFD8";
google_color_link = "000000";
google_color_url = "203040";
google_color_text = "000000";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

</td>


And the third:

Code:
<td colspan='3' class='PSubHeader'>
<script type="text/javascript"><!--
google_ad_client = "pub-7645045873107134";
google_ad_width = 468;
google_ad_height = 15;
google_ad_format = "468x15_0ads_al";
google_ad_channel ="0528548908";
google_color_border = "A4A9B0";
google_color_bg = "A4A9B0";
google_color_link = "000000";
google_color_url = "203040";
google_color_text = "000000";
//--></script>
<script type="text/javascript"
  src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
<br />
</td>


In the middle of the main page body is a plain text ad that doesn't appear to include any trackers:

Code:
<p>If you are interested in online casinos, but don't know which one is good -
<a href="hxtxtxpx://oxnxlxixnxexcxaxsxixnxox-xxx.xcxoxmx/">Best
online casino</a> review site can help you with decision.
And if you
just want
to try free slots you also can visit this <a
href="hxtxtxpx://sxlxoxtxsx-xzx.cxoxmx/">online slots</a> website, there you
will find a lot of different slots games without fees.

                        </p>


And finally, at the footer of the page:

Code:
               <div style="text-align:center">
                  <script type="text/javascript">
                     if (typeof topbar_banner_0_ad == "function") { topbar_banner_0_ad(); }
                  </script>
               </div>


E: Looks like xehas.org, the site of Radio, who the main site claims is the current maintainer, is some Japanese portal for loan information that hasn't been updated since 2013.


Sat Mar 26, 2016 3:05 am
Profile WWW
Zealot
User avatar

Joined: Sat Jul 02, 2005 2:01 am
Posts: 1076
Reply with quote
Post Re: Website hacked?
Clickjack ads are obnoxious. Shame.

_________________
Maybe these people were born without that part of their brain that lets you try different things to see if they work better. --Retsupurae


Sat Mar 26, 2016 7:07 am
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
That middle online casino one has to go; this website is hosted in the US and online casinos are illegal in the US.
Because it is entered inline and not in an ad frame, that is what suggests that the site may have been hijacked.

I traced the IP of that online casino to a foreign VPS provider called FastVPS/bill2fast . com despite them using CloudFlare, and I reported them to abuse.


Sat Mar 26, 2016 11:36 pm
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
Maybe we have a rogue webmaster or the owner of that illegal casino site is lying. This is from the abuse reply I got:

"Dear ______!

Our customer reply is:

"Hello, our links do have to zsnes.com site. The administrator of the site contacted us and asked for permission to publish those links. I see no reason that the site zsnes.com hacked. If the one who complained, said that zsnes.com hacked the site, he can write zsnes.com administrator of the site and resolve the problem with him. We do not influence the arbitration zsnes.com site."

Respectfully, Dmitry Skalenko
FASTVPS customer care"


Mon Mar 28, 2016 12:20 pm
Profile WWW
ZSNES Developer
ZSNES Developer
User avatar

Joined: Tue Jul 27, 2004 10:54 pm
Posts: 3901
Location: Solar powered park bench
Reply with quote
Post Re: Website hacked?
Can someone post a screenshot of what they're seeing?

I'm looking at the homepage, I don't see anything obviously wrong. I turned off my add-blockers and still don't see anything too obnoxious.

_________________
May 9 2007 - NSRT 3.4, now with lots of hashing and even more accurate information! Go download it.
_____________
Insane Coding


Mon Mar 28, 2016 4:59 pm
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
It appears the text itself in the homepage has been manipulated - see the circled part in https://imgur.com/nFP2p4f
To ensure it isn't a virus on my own computer I tried it on my phone too, and on my phone using Orweb (Tor browser for mobile) and it is still there.
Here is the offending portion of the source code:

Code:
                        <p>
                           ZSNES is a Super Nintendo emulator programmed by zsKnight and _Demo_.
                           On April 2, 2001 the ZSNES project was GPL'ed and its source released
                           to the public. It currently runs on Windows, Linux, FreeBSD, and DOS.
                           Remember that this is a public beta so don't expect this to run on your
                           machine.
                        </p>

                        <p>If you are interested in online casinos, but don't know which one is good -
<a href="http://onlinecasino-x.com/">Best
online casino</a> review site can help you with decision.
And if you
just want
to try free slots you also can visit this <a
href="http://slots-z.com/">online slots</a> website, there you
will find a lot of different slots games without fees.

                        </p>


Note that the injected content isn't even tabbed like the rest of the page.


Mon Mar 28, 2016 11:25 pm
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
That Directrev ad causes popups on mobile; the ad just above the introduction appeared to offer illegal ROMs so the webmaster should investigate ASAP before Nintendo does.


Tue Mar 29, 2016 4:10 am
Profile WWW
ZSNES Developer
ZSNES Developer
User avatar

Joined: Tue Jul 27, 2004 10:54 pm
Posts: 3901
Location: Solar powered park bench
Reply with quote
Post Re: Website hacked?
Thanks for the information. I e-mailed _Demo_, hopefully he can clarify what's going on.

_________________
May 9 2007 - NSRT 3.4, now with lots of hashing and even more accurate information! Go download it.
_____________
Insane Coding


Tue Mar 29, 2016 5:20 am
Profile WWW
ZSNES Developer
ZSNES Developer
User avatar

Joined: Tue Jul 27, 2004 10:54 pm
Posts: 3901
Location: Solar powered park bench
Reply with quote
Post Re: Website hacked?
I just noticed someone manipulated the contributors list to add some evil links.

Image

_________________
May 9 2007 - NSRT 3.4, now with lots of hashing and even more accurate information! Go download it.
_____________
Insane Coding


Tue Mar 29, 2016 5:23 am
Profile WWW
Gecko snack

Joined: Sun Aug 21, 2005 11:06 am
Posts: 2372
Location: Australia, QLD
Reply with quote
Post Re: Website hacked?
Everything seems to look good now, went through all the pages and checked any URL's I came across. The popup advert is also gone which is good.

_________________
Core i7 920 @ 2.66GHZ | ASUS P6T Motherboard | 8GB DDR3 1600 RAM | Gigabyte Geforce 760 4GB | Windows 10 Pro x64


Thu Mar 31, 2016 7:58 am
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
I can confirm it is fixed too.


Thu Mar 31, 2016 11:50 pm
Profile WWW
Rookie

Joined: Mon Nov 22, 2004 8:14 pm
Posts: 32
Reply with quote
Post Re: Website hacked?
Just one more thing: Since you use Google Adsense, you need to comply with certain privacy policy requirements. These requirements are described at https://support.google.com/adsense/answer/1348695?hl=en


Mon Apr 11, 2016 1:20 am
Profile WWW
Display posts from previous:  Sort by  
Reply to topic   [ 15 posts ] 

Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by ST Software.