Site redirects

RBrodzinsky Oct 6, 2018

  1. Hardcoaler

    Hardcoaler TrainBoard Member

    10,674
    44,839
    142
    For what it may be worth in your troubleshooting, I use MS Edge and all has been well. I wasn't even aware of this problem.
     
    bremner likes this.
  2. bremner

    bremner Staff Member

    6,266
    6,246
    106
    I think that I have found a hack....trying to figure out how to remove it without killing the site
     
  3. Mr. Trainiac

    Mr. Trainiac TrainBoard Member

    1,540
    2,131
    46
    That is what I was worried about. I don’t know a lot about coding, but the whole ‘site unsecure’ thing doesn’t sound good. From my understanding, it just means that input into the site isn’t encrypted, but there has to be a way to encrypt the site itself to prevent meddling from the outside. Who actually manages and runs this website? Is it you guys (the moderators/staff)? What role does Tapatalk play in this site? Is XenForo the same thing as Tapatalk, or how are they related? I have been around here for a few years now, but I feel like I don’t really understand the inner workings of the site.
     
  4. bremner

    bremner Staff Member

    6,266
    6,246
    106
    A few members of the staff run and maintain the site and server, we are volunteers, this is not a business. As for Xenforo, it is the software and tapatalk is an app that makes it more mobile friendly
     
  5. r_i_straw

    r_i_straw Mostly N Scale Staff Member

    22,210
    49,628
    253
    I am still getting directed to generzapgeneric.idv.am on my Iphone using Safari. Been doing it all day.
     
  6. Mr. Trainiac

    Mr. Trainiac TrainBoard Member

    1,540
    2,131
    46
    Would converting the site to HTTPS make it less susceptible to attacks? Is that even possible? If we were indeed hacked, what would it take to lessen that risk? I’m not asking you personally to do this. I know you guys are all regular guys like the rest of us, but since you seem to know what is going on, I am just throwing out some ideas.
     
  7. bremner

    bremner Staff Member

    6,266
    6,246
    106
    I am the server tech here because that's what I do for a living. An SSL (https) will not stop hacking, a firewall will slow down hacking.
    I am good at working on servers, decent at php scripting, but the hacked files (2) are javascript files. I have a ticket open with the best malware removal company and I informed them of the file names and their locations.
     
    Atani likes this.
  8. Mr. Trainiac

    Mr. Trainiac TrainBoard Member

    1,540
    2,131
    46
    I feel like I am pretty good with operating technology, but when it comes to the coding and actual electronics of it, I’m pretty clueless. Now I have myself thinking about how this website works.
    How do you gain access to the server? I’m assuming it is a staff-only thing. Once you are in, what does it look like and how do you fix it? Is it just lines of code that you have to rewrite? What would cause it to be hacked in the first place? I am astounded by the complexity and interconnectedness of all this internet stuff. The fact that a bunch of wires connected together can make such a global thing is pretty mind blowing.
     
  9. r_i_straw

    r_i_straw Mostly N Scale Staff Member

    22,210
    49,628
    253
    Safari on my desktop also redirects. So far Firefox does not.
     
  10. bremner

    bremner Staff Member

    6,266
    6,246
    106
    Most of the staff does not have access to the server, any server requires knowledge of the login url, username and password.

    Tht server is a computer, you can use either line command (like old Dos) or through the control panel that was installed on the srrver (like windows, just not as advanced)

    As for hacking, there are many ways to do that. You can either break a username and password and get into the server itself (not easy due to security reasons), however most hacks are caused by bots crawling the web looking for a site that they were written to break into. The redirects are written in 2 files in a way that I personally don't know how to remove. As said earlier, I have a ticket open to have it removed, not sure why it hasn't been yet.
     
  11. r_i_straw

    r_i_straw Mostly N Scale Staff Member

    22,210
    49,628
    253
    I tried logging into Trainboard on my phone with Firefox and it redirects me to the Scaletrains.com site.
     
  12. Eagle2

    Eagle2 Staff Member TrainBoard Supporter

    5,727
    479
    82
    This is very strange. I use Win10 and Edge both at home and at work. At home I get the redirect, at work I get on just fine.
     
  13. Hytec

    Hytec TrainBoard Member

    13,965
    6,903
    183
    I also am being redirected, though only on one computer. The two computers not being redirected have been running Chrome for years. The one that is being redirected is new, running Edge, and TB started being started redirected this past Friday. I installed Chrome on that computer and TB was redirected also with Chrome. All computers are running Win 10, version 1803, updated as of today.

    The redirect address is: https://generzapgenetic.idv.am/.

    Neither Windows Defender nor TotalAV can detect anything with a full scan. I used REGEDIT to search the Registry for generzapgenetic and found nothing. I have cleared History, Cookies, Forms, Templates, etc., still No Joy.

    I can only assume that something on the two "clean" computers has, and is blocking that piggy-back redirect from loading, but not on the "infected" computer. Though at the moment cannot guess what or why.

    Bremner, I wish you success. Also, Thank You for your efforts keeping TB running, I really appreciate it.
     
    Last edited: Oct 7, 2018
  14. acptulsa

    acptulsa TrainBoard Member

    3,343
    5,868
    75
    Android/Chrome here. Zero issues. Not even getting that annoying Tapatalk redirect... :p
     
    bremner likes this.
  15. gjslsffan

    gjslsffan Staff Member

    2,626
    5,747
    69
    Mine redirecting multiple times
     
  16. fitz

    fitz TrainBoard Member

    9,709
    2,730
    145
    I had seen no problems using Chrome on my iMAC, so tried Safari and it redirected me to the generz site, but the screen showed the Trainboard home page. woo woo woo?
     
    acptulsa likes this.
  17. Hardcoaler

    Hardcoaler TrainBoard Member

    10,674
    44,839
    142
    Ooops -- I posted too soon. I'm getting redirected now.
     
  18. acptulsa

    acptulsa TrainBoard Member

    3,343
    5,868
    75
    Maybe it would help bremner if you tried it from Chrome again, and reported back. If that now redirects, we'll know it's acting like a virus. Once in our machines, we'll have to clean it out.
     
  19. bremner

    bremner Staff Member

    6,266
    6,246
    106
    Using chrome right now
     
  20. acptulsa

    acptulsa TrainBoard Member

    3,343
    5,868
    75
    I meant fitz. If he had no problem using Chrome, did have a problem using Safari, then not even Chrome was defeating it, wouldn't that indicate it was infecting machines? Once we got redirected, we had it and had to get it removed?
     

Share This Page