C4C appears to have been pwned
Moderator: Jon O'Neill
- Graeme Cole
- Series 65 Champion
- Posts: 2041
- Joined: Tue Jul 06, 2010 9:59 pm
C4C appears to have been pwned
Occasionally, when you request a page on the C4Countdown forum, it will 302-redirect to a website called "bongacams". After a brief inspection of this dubious online resource, I was disappointed to find that the quality of Countdown discussion there is far below what I expect from C4C. Their letters selections use far too many Xs, and the numbers target is always the same and only two digits.
I've seen this happen in both Chrome and Firefox. At least one other person has reported the problem as well. I'm guessing C4Countdown's web server has been compromised in some way.
I've seen this happen in both Chrome and Firefox. At least one other person has reported the problem as well. I'm guessing C4Countdown's web server has been compromised in some way.
- Johnny Canuck
- Kiloposter
- Posts: 1650
- Joined: Sun Oct 03, 2010 10:44 pm
- Location: Montréal 😃, Québec 😕, Canada 😃
Re: C4C appears to have been pwned
Have also had security-related popups saying “Your computer has been locked down”. Props for referencing an Apterous variant, but still annoying.
I'm not dead yet. In a rut right now because of stress from work. I'll be back later in S89. I also plan to bring back the Mastergram - if I can find a way to run a timer or clock through pure MediaWiki without having to upload to Vimeo every time.
-
- Enthusiast
- Posts: 266
- Joined: Sun Apr 07, 2013 11:30 pm
Re: C4C appears to have been pwned
This hasn't happened to me yet on C4C, but it did happen to me on wiki.apterous.org yesterday.Graeme Cole wrote: ↑Sat Dec 17, 2022 4:26 pm Occasionally, when you request a page on the C4Countdown forum...
- Graeme Cole
- Series 65 Champion
- Posts: 2041
- Joined: Tue Jul 06, 2010 9:59 pm
Re: C4C appears to have been pwned
wiki.apterous.org resolves to the same IP as c4countdown.co.uk, so I guess they share the same web server. apterous.org itself is a different server.Sam Cappleman-Lynes wrote: ↑Sat Dec 17, 2022 5:08 pmThis hasn't happened to me yet on C4C, but it did happen to me on wiki.apterous.org yesterday.Graeme Cole wrote: ↑Sat Dec 17, 2022 4:26 pm Occasionally, when you request a page on the C4Countdown forum...
- Andres Sanchez
- Enthusiast
- Posts: 264
- Joined: Sat Apr 02, 2022 12:32 am
Re: C4C appears to have been pwned
Did not expect a thread to be made as quick as it did. Got this redirect and it was real weird for me. Hope that the issue can be fixed
One of da 'Muricans
-
- Post-apocalypse
- Posts: 13308
- Joined: Mon Jan 21, 2008 10:37 pm
Re: C4C appears to have been pwned
How do we know that it was the real Graeme that started this thread? We have to be very careful about considering the motivations behind it. One false move and we could all be paperclips.
-
- Post-apocalypse
- Posts: 6346
- Joined: Wed May 20, 2009 3:37 pm
Re: C4C appears to have been pwned
Nothing wrong with paper clips, I've needed one on here for years (was scouring my posts here to find the one from our absent friend Phi Reynolds)Gavin Chipper wrote: ↑Sat Dec 17, 2022 5:59 pm How do we know that it was the real Graeme that started this thread? We have to be very careful about considering the motivations behind it. One false move and we could all be paperclips.
GR MSL GNDT MSS NGVWL SRND NNLYC NNCT
- Callum Todd
- Series 69 Champion
- Posts: 1127
- Joined: Tue Sep 10, 2013 3:38 pm
- Location: Leeds
Re: C4C appears to have been pwned
'I can see you're trying to maximise paperclips. Would you like some help with that?'
Mark Deeks wrote:Callum Todd looks like a young Ted Bundy.
- Charlie Reams
- Site Admin
- Posts: 9494
- Joined: Fri Jan 11, 2008 2:33 pm
- Location: Cambridge
- Contact:
Re: C4C appears to have been pwned
It seems our web hosting company itself has been compromised, judging by this message I received from them:
FWIW, www.apterous.org is extensively isolated from wiki.apterous.org and from c4c, so there's no risk to anyone's apterous account. But the wiki and c4c are hosted on the same place, which is consistent with the idea that it's the host itself that has a problem.
It's quite annoying that they weren't proactive about this, but let's see if that fixes the issue. Please let me know if you continue to see this happening as of now.Security Notification
Due to a security vulnerability we have temporarily disabled the cPanel mail Horde webmail client until a fix is in place.
FWIW, www.apterous.org is extensively isolated from wiki.apterous.org and from c4c, so there's no risk to anyone's apterous account. But the wiki and c4c are hosted on the same place, which is consistent with the idea that it's the host itself that has a problem.
- Graeme Cole
- Series 65 Champion
- Posts: 2041
- Joined: Tue Jul 06, 2010 9:59 pm
Re: C4C appears to have been pwned
Just happened again for me when reloading the C4C main page.Charlie Reams wrote: ↑Mon Dec 19, 2022 12:09 pm It's quite annoying that they weren't proactive about this, but let's see if that fixes the issue. Please let me know if you continue to see this happening as of now.
- Andres Sanchez
- Enthusiast
- Posts: 264
- Joined: Sat Apr 02, 2022 12:32 am
- Andres Sanchez
- Enthusiast
- Posts: 264
- Joined: Sat Apr 02, 2022 12:32 am
Re: C4C appears to have been pwned
Now I just got one from a site called Fuckbook. God the internet's really full of porn.
One of da 'Muricans
-
- Post-apocalypse
- Posts: 6346
- Joined: Wed May 20, 2009 3:37 pm
Re: C4C appears to have been pwned
Fwiw I go here on my phone and so far none of this Mullarkey
GR MSL GNDT MSS NGVWL SRND NNLYC NNCT
- Charlie Reams
- Site Admin
- Posts: 9494
- Joined: Fri Jan 11, 2008 2:33 pm
- Location: Cambridge
- Contact:
Re: C4C appears to have been pwned
Thanks, I'll keep looking into this. I've enabled DNS protection in case this is some kind of DNS poisoning issue, although that seems unlikely.
Re: C4C appears to have been pwned
Appears to happen to me roughly 1/10 times a log in. Thought I was going mad the first couple of times it happened.
Surely this is a fuck up so bad by the hosting provider we can get a free year from them or something...
Surely this is a fuck up so bad by the hosting provider we can get a free year from them or something...
-
- Enthusiast
- Posts: 300
- Joined: Tue Dec 10, 2019 2:18 pm
Re: C4C appears to have been pwned
Nada on Safari, the superior browser
-
- Post-apocalypse
- Posts: 6346
- Joined: Wed May 20, 2009 3:37 pm
- Charlie Reams
- Site Admin
- Posts: 9494
- Joined: Fri Jan 11, 2008 2:33 pm
- Location: Cambridge
- Contact:
Re: C4C appears to have been pwned
Really sorry about this. The provider claims that everything is resolved from this morning, so please let me know if you continue to see this as of now. If push comes to shove we can move hosts but that is likely to be disruptive (and expensive).
-
- Post-apocalypse
- Posts: 13308
- Joined: Mon Jan 21, 2008 10:37 pm
Re: C4C appears to have been pwned
No problem. Not your fault anyway.