Hi,

I've checked the server logs, and took a look at your files too. They seem to be
intact and no malicious activity has been detected. And I could visit every page
of your site without any said "hacker logos/images". I'm pretty sure that this
is problem in your customers/clients computer. Can you please ask them to send a
screenshot?


Regards,
Vijay,

http://www.animalstaples.com/personal/screenshot.jpg

Okay, have your provider (or you) check the date that this file was modified
posting.php?mode=reply
and this one:
viewtopic.php?

They have probably over-written these files....

Thanks Debbie, I will forward this to him now.

how does one do this? screen shot?

as a side note I do now get a blocked attempt alert from my mcafee (I went through last night and reset things ) but it still tries to load ..only at this site

How do you do the screen shot (I know how to put it in a Word doc but not how to get in my posting). I see the same thing on the reply screen as the others but also get the "You Must Install Turkish Language Pack" message each page.

Blair

I think you can just hit the Print Screen button and that will copy what is showing up on your screen. Then you can paste it into what you use for your pictures.

Here is what my privacy report is saying.

http://i56.photobucket.com/albums/g177/bonniepaso/Image1.jpg

Just do 'shift', 'PrtScrn' (right above the 'insert' key). Open PaintShop, or whatever you use for graphics, and click 'edit' 'paste'. Or, you can use the capture tool on your graphic program too.

You have to upload the graphic to your webspace (or whatever you use to post pictures here).

I don't know what you all are doing, but I am not getting all that. Even when I use my Enternet Explorer. I use my AOL Explorer all the time cause it open ups a new tap in the same window each time I click on a webpage you all post.

I use Norton AntiVirus. It has not given me any problems and I have no problems with my comp. I've used MacAfee and did not like it so I went back to Norton.

Maybe your firewall is to high. :confused

Lori --

Up until this morning, the text on my screen was exactly like Debbie's -- and the same text would appear on the bottom of every screen (on the index or forum index, individual messages, etc). However, (possibly because my browser is set to automatically reject cookies) the dengesiz message would only appear if the site wasn't loading something else (text or photos) AND if my cursor was on a non-command area of the screen. (In other words, if I put my cursor on "submit" or "post reply" or "Paso Chit Chat," the dengesiz text would disappear.

This morning things are a little different. The dengesiz text seems to be doing an internal battle with something called bitlis. gen. tr (spaces added to prevent this from becoming a link). Bitlis seems to be winning, because it is showing more often than dengesiz.

Other than that, the site is working fine. I can easily ignore the odd text and use the site normally.

It's not my computer. Every other web site works without this text showing up, and I did a full scan of my hard drive last night -- there is nothing unusual on the hard drive.

It doesn't really seem that the site is "infected" in a "normal" way though. It just seems that someone has linked to the site and keeps sending unauthorized cookie requests. I would imagine that wouldn't be too difficult to a computer savy hacker to do. ':roll:'

Hmmmm...now I am having to log in every time I come to the site. I did clear my cookies and temporary Internet files yesterday. Also defragmented and cleaned my harddrive...
But this is everytime I come here....and downloading is VERY slow....
Very strange....

I also get the degenesiz note at the bottom of the screen... :(

http://i4.photobucket.com/albums/y139/Bruja1/apf.jpg
opps I will reload and make it bigger..
crap..well at the bottom it says
downloading picture http:// logo.webservis.gen.tr/logo/4.gif

I will see if I cant get one saved as a jpeg as opposed to a bitmap..lol (I put a space in the addy also so it didnt show as a link

These are the things that I have been able to capture. For whatever reason, I can't get the turkish language pack popup like I do at work. I tried disabling my security features but still could not get it. Anyway, these are some more examples of the things that are trying to load instead of legitimate apf.com stuff.

http://img.photobucket.com/albums/v163/legado/hacker4.jpg


http://img.photobucket.com/albums/v163/legado/hacker3.jpg

http://img.photobucket.com/albums/v163/legado/hacker2.jpg

http://img.photobucket.com/albums/v163/legado/hacker1.jpg

http://img.photobucket.com/albums/v163/legado/hacker.jpg

No problems here. Maybe it's a virus on your computers?

It is not a problem with people's computers.

Here are some examples of sites that dengesiz has successfully hacked:

http://editorialmh.com/banners/adclick.php?n=a9165b4c
http://growthworkscounseling.com/

This one has a good discussion about how the hackers get in
http://www.vbulletin.com/forum/archive/index.php/t-198508.html


http://topmedschool.com/vb/modules/turk.htm
http://www.michaelderickson.com/moodledata/index.html
http://www.gamingempires.com/forums/showthread.php?t=3735

Here's another coming up on the bottom...
http://www.maxtr.net/

Lori, is there any way you can get into your php scripts and set them back to default? These guys have modified your scripts. You need to have your guys change them, and change the FTP/admin passwords. phpbb is very easy to hack.... There might be some security patches they can try? What is the deal with these guys? I'm sorry, but if this was going on one our servers it would have been fixed asap. All they need to do is look at the files to see when they were modified. I'll bet a few days ago when all this started.....

[/url]

From what I have read, there is also a weakness with chat that they can exploit.

They could eventually end up taking this whole site down and royally screwing things up like I have seen on other sites! They will wipe out ALL of the files.

You might want to check some of this out -

If you get trapped in a tangle of web pages, file a complaint with the Federal Trade Commission, toll-free, at 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at ftc.gov. Tell the FTC the name of the site you intended to visit and the name of the site(s) to which you were diverted.



The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint or to get free information on consumer issues, visit www.ftc.gov or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Thanks Debbie. I have forwarded this to my hoster.

I expected an answer when I got up this morning.....but nothing yet. :-?

http://www.ftc.gov/bcp/conline/pubs/alerts/webdivertalrt.htm

http://www.ftc.gov/bcp/conline/pubs/alerts/webdivertalrt.htm

Weird - don't know how I did that twice :oops:

uhh yeah and like 3 hours apart?? do do do do do do do do....

Here are some sites with discussions about how the hackers get into sites and possible fixes. I am not sure what format this forum is in???

http://www.gamingempires.com/forums/showthread.php?t=3735

http://www.vbulletin.com/forum/showthread.php?t=199426

http://forums.digitalpoint.com/showthread.php?s=36c01b2c72e5ecfa02ac12ebd99d2160&t=21125

Here is info for phpbbs - critical update?
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

Yup - I'm getting the second one also now.

I have had no problems..