Gaybutton Posted January 28, 2023 Posted January 28, 2023 This morning my board apparently has been hacked. Please do not go to my board until we have the problem fixed. I will post another message once it is safe to use my board again. If you try to go to my board now, you will see a message similar to this: _____________________________________________________________________________________________________________ Website blocked due to a suspicious download Download blocked: LINK Removed by Admin Malwarebytes Browser Guard blocks downloads that either come from websites that see relatively light traffic or may contain potentially malicious content. This is intended to protect you from new scams. However, if you trust content from this site and would like to proceed, click "Continue". vinapu, TMax and BL8gPt 1 1 1 Quote
Mavica Posted January 28, 2023 Posted January 28, 2023 Thank you for the heads-up, and ... sorry to hear of the hacking. I consider your Thailand board THE best of the Thai forums on the internet. Keep up the good work! BiggusDikkus 1 Quote
PeterRS Posted January 28, 2023 Posted January 28, 2023 49 minutes ago, Mavica said: Thank you for the heads-up, and ... sorry to hear of the hacking. I consider your Thailand board THE best of the Thai forums on the internet. Keep up the good work! It has much of interest, but it is a site almost exclusively focussed on gay pattaya. zombie 1 Quote
Gaybutton Posted January 28, 2023 Author Posted January 28, 2023 Folks, Moses sent a message letting me know he is aware of the problem, but he is traveling now and will e back in about 1 week. He can't do anything about it until then. He told me the problem is definitely a virus. Please don't bypass the warning message. If you do, now the virus will end up on your own computer. If you bypassed it anyway, to be safe I advise you to change all your passwords - all of them. Otherwise the hacker might have access to your passwords. I'm sorry, but that's the situation the way it is. Boy69 and vinapu 1 1 Quote
TotallyOz Posted January 28, 2023 Posted January 28, 2023 So sorry to hear of this GayButton. Much appreciated to let the community know there is a potential risk. BiggusDikkus 1 Quote
Gaybutton Posted January 28, 2023 Author Posted January 28, 2023 1 hour ago, TotallyOz said: So sorry to hear of this GayButton. Much appreciated to let the community know there is a potential risk. Not potential. According to Moses, definite. From what I have read about it, this is a virus that can change your home page - and keep changing it, along with placing extra ads on web sites you visit, and several other problems that are not easy to fix. The part that is potential is it could potentially force you to format your hard drive and re-install everything in order to get rid of it. This is one to keep away from. I don't want some scumbag hacker or my board to cause problems for anyone. As I said, I will post a notification once it is safe to access my board again. To me, the scary part is I have no idea how this got onto my board. It wouldn't hurt anything to change the password that accesses this board, which hopefully might prevent the same thing happening here. I changed several of my passwords and I will change the password I use to access my own board once it is safe to access it. Lucky, TMax and BiggusDikkus 3 Quote
Keithambrose Posted January 28, 2023 Posted January 28, 2023 Hi. I just accesses Gaybutton, before I read this post, and got straight through,read posts and came out. No warning message! Quote
bkkmfj2648 Posted January 28, 2023 Posted January 28, 2023 22 minutes ago, Keithambrose said: Hi. I just accesses Gaybutton, before I read this post, and got straight through,read posts and came out. No warning message! me too, but I was using my mobile phone and there were no issues and/or warnings. However, on my PC my Browser (Google Chrome) started to install an UpdaterBrowsers.rar - malicious program. I was able to stop it and perform a virus scan - so all is ok. so, as GB said - please wait until Moses resolves this issue and GB gives us the all clear. Cheers, M. reader and Rent Boy 1 1 Quote
reader Posted January 28, 2023 Posted January 28, 2023 If you've inadvertently went to site before becoming aware of hack, be sure to check your download folder for file describe above. It downloads immediately and quickly. Do not attempt to open it. Gaybutton, did Moses provide the name of the virus? Quote
Gaybutton Posted January 28, 2023 Author Posted January 28, 2023 43 minutes ago, reader said: Gaybutton, did Moses provide the name of the virus? Not yet. He is traveling and won't be able to get to it until he returns home, in about 1 week from today. I\m not going to try it with my own mobile phone, but apparently people are getting through on mobile phones rather than computer browsers. I advise not trying to access the board at all until we have the problem fixed and I post a message announcing it's safe. I'm sorry this happened, but in my opinion it's just not worth the risk. Boy69 and reader 2 Quote
reader Posted January 28, 2023 Posted January 28, 2023 My experience was that virus downloaded automatically (in a matter of seconds) on my android PC but did not on iPhone or iPad. I immediately deleted file without opening and ran complete scan that indicated no infections. I agree with GB that the safest thing to do is avoid the site until problem is resolved. Quote
10tazione Posted January 28, 2023 Posted January 28, 2023 14 hours ago, Gaybutton said: Website blocked due to a suspicious download Download blocked: [...] GB, is the link in your post a link to the virus? If yes, you'd better let TotallyOZ remove it! Quote
iendo Posted January 28, 2023 Posted January 28, 2023 Why are you waiting a week for Moses? Unless there is something that only he can do, I would contact my hosting support. If it was something that I couldn't handle myself, I would have a reputal person that know about these things handle it for me. there are many websites where you can hire a trustworthy (good references) IT guy. But again, I am talking without knowing your specifiek situation. Quote
Gaybutton Posted January 28, 2023 Author Posted January 28, 2023 4 hours ago, iendo said: Why are you waiting a week for Moses? Moses is my web site guru. He is my hosting support. He hosts my board on his own server. In order to fix that, or other problems that have occurred, it requires him to have full administrative access to my board - the same access level I have myself. There is no one else I would ever trust with that kind of access and his level of expertise. So, I'm sorry, but I'm going to wait for Moses. Also, 10tazione's advice to remove the link is good advice. TotallyOZ has my full "green light" to edit it out. GWMinUS, splinter1949 and BL8gPt 1 2 Quote
Jimbillp Posted January 28, 2023 Posted January 28, 2023 Talk about a virus knowing a virus when it sees one. Quote
vaughn Posted January 29, 2023 Posted January 29, 2023 If you have access to your DNS records (DNS zone), write down then change or delete the www and gaybuttonthai.com A records. This will prevent people getting to the compromised host until Moses returns and can be quickly reversed when the host server has been restored. It's up to you, but doing something to prevent people that frequent your board from being infected with malware should be a pretty high priority, waiting a full week could see your domain registrar take action on your domain and hurt the reputation of your site. TotallyOz and BiggusDikkus 2 Quote
TotallyOz Posted January 29, 2023 Posted January 29, 2023 39 minutes ago, vaughn said: If you have access to your DNS records (DNS zone), write down then change or delete the www and gaybuttonthai.com A records. This will prevent people getting to the compromised host until Moses returns and can be quickly reversed when the host server has been restored. That would keep anyone from accessing and would be my advice while waiting. Or, if too difficult, just forward the domain name to another site while waiting for Moses. floridarob and BiggusDikkus 2 Quote
Gaybutton Posted January 29, 2023 Author Posted January 29, 2023 5 hours ago, vaughn said: If you have access to your DNS records (DNS zone) While I appreciate the advice, apparently you are assuming I even know what that means, much less how to access it or do anything with it. You are talking way above my scope. Folks, I'm doing the best I can. I have already made it clear - when it come to handling this kind of problem I am clueless. I am going to wait for Moses and that's that. Moses is already well aware of the problem. If he has any advice, he'll let me know and I'll follow it. I truly understand some of you are genuinely trying to help, but I'm getting advice I didn't ask for from people I wouldn't know if they were sitting next to me, and it is advice I have no idea how to follow. No offense intended, but I am going to wait for Moses. If he has any advice for me in the meantime, I'll follow it. If anyone truly wants to help, please send your suggestions to Moses, not to me. If it's something he thinks I should do, then he'll tell me and will tell me how to do it. BL8gPt and vinapu 2 Quote
TotallyOz Posted January 29, 2023 Posted January 29, 2023 17 minutes ago, Gaybutton said: While I appreciate the advice, apparently you are assuming I even know what that means, much less how to access it or do anything with it. You are talking way above my scope. Folks, I'm doing the best I can. I have already made it clear - when it come to handling this kind of problem I am clueless. I am going to wait for Moses and that's that. Moses is already well aware of the problem. If he has any advice, he'll let me know and I'll follow it. I truly understand some of you are genuinely trying to help, but I'm getting advice I didn't ask for from people I wouldn't know if they were sitting next to me, and it is advice I have no idea how to follow. No offense intended, but I am going to wait for Moses. If he has any advice for me in the meantime, I'll follow it. If anyone truly wants to help, please send your suggestions to Moses, not to me. If it's something he thinks I should do, then he'll tell me and will tell me how to do it. Your board and you handle it the way you want. Good luck with this and we are all rooting for you. No advice for GB here, but general knowledge for anyone interested. Domain names run are owned by people but under the control of a registrar like GoDaddy. Whoever owns the name gayguides.com can go to that log in and change the DNS to make the site dead or to forward it to another site just by click the DNS area inside the GoDaddy panel. The above advice was given to GB as a way not to need access to the hosting company to do any work. Software is run by a hosting company and this is where GB's virus is and that is run by Moses who will fix the issue when he can. That makes sense as it is not easy for a layperson to do. Again, no advice here for anyone, just clarifying the differences between who controls the DNS (owner of the domain name) and the hosting company (controller of the software). vaughn, Ryanqqq and floridarob 3 Quote
Gaybutton Posted January 29, 2023 Author Posted January 29, 2023 5 hours ago, TotallyOz said: Software is run by a hosting company and this is where GB's virus is and that is run by Moses who will fix the issue when he can. Exactly. I'm worried if I try to do anything myself, all I'll do is just make things worse. And if anyone will know what to do to try to prevent this from happening again, it will be Moses. Once my board is up and running properly, I'll post a new message. vinapu, Boy69 and Mavica 2 1 Quote
khaolakguy Posted January 31, 2023 Posted January 31, 2023 Bumping to keep this warning at the top of the list. Mavica and vinapu 1 1 Quote
Popular Post Gaybutton Posted February 8, 2023 Author Popular Post Posted February 8, 2023 Update: Moses told me that he is going to have to wade through a good 5000 files to find and eliminate the virus plaguing my board. I am in no hurry and, Moses, please take your time. I'd much rather have this done correctly than quickly - and take whatever security steps are necessary to prevent this sort of thing from happening again. Those of you who have memberships on my board, once it is up and running again I suggest you change your board password - just in case. BL8gPt, TMax, TotallyOz and 4 others 7 Quote
gerefan Posted February 15, 2023 Posted February 15, 2023 Not heard anything …is the board safe to log into yet? Quote
Popular Post Gaybutton Posted February 15, 2023 Author Popular Post Posted February 15, 2023 3 hours ago, gerefan said: Not heard anything …is the board safe to log into yet? Not yet, but Moses tells me he is almost finished. He has upgraded the board to the newest version and is moving the whole thing to a different server. He's trying to do everything he can to try to prevent this from happening again. If all goes well, I might be able to give the "green light" as soon as this weekend. Rest assured, I will post a new message when the board is open and safe to access again. Boy69, gerefan, reader and 3 others 4 2 Quote