Jump to content

Hacked/Redirected/WTF?????


JSngry

Recommended Posts

I got this message yesterday, and ran home screaming like a little baby. I had just went through something like this with my Roku box.

I was having trouble getting Roku, so I went to the Roku booklet, and did a search it recommended. I wound up on a Roku site with a beautiful looking operator who asked me if I wanted to chat about it. I explained my problem, and she asked me for my phone number associated with my Roku account. She said a Roku tech would call me back and walk me through the fix to my problem.

A second later, the phone rang. It was the promised Roku tech! He led me through the process, and my Roku was magically fixed. He then told me it only cost me $499!!!!!!!

He told me if I didn't pay, he'd undo the magic fix, so I paid. Then I looked up the company I paid, and it was some scammers located in New Dehli.

I contacted my credit card company, and they told me to uninstall the files they loaded on my hard drive, and they'd take care of the charges.

That's why I'm reluctant to do anything that asks me if I want to make changes to my computer, like Lipi suggested.

You can't trust anyone...:alien:

Link to comment
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

54 minutes ago, mjzee said:

Weird.  I wonder why I never experienced this redirect.  My bookmark is set to the unread content page; maybe that’s why.

I'm having issues on mobile (iPhone 5) again today too, and my bookmark goes to the unread content page too.

I'm posting this through my laptop at work (work's network), with not issues. And I just rebooted my phone, and the O forum just came up totally fine -- after having the malicious(?) redirects moments before (before I rebooted).

No issues on mobile this morning though, all the way through 10am EST (not sure I was ever on after that, until just now).

Edited by Rooster_Ties
Link to comment
Share on other sites

1 hour ago, Jim Alfredson said:

They just changed the name of the server. It might take a while to propagate through the system, but it should fix the problem.

From LiquidWeb:

At this time it looks like you do not have ownership of the domain: organissimo2.com

This has allowed a 3rd party to register the domain and setup a malicious nameserver allowing the redirects to take place.

In a situation of changing servers we would normally recommend domain names like the following:

host.organissimo.org

to new server:

host2.organissimo.org

This would allow for the new server creation with domain names under your ownership.

I would recommend that we update the server hostname to host2.organissimo.org as well as set the nameserver GLU records to the following after we change the server hostname:

ns1.organissimo.org  67.225.241.38
ns2.organissimo.org  67.225.241.38

Please confirm and I will proceed.

Cool. It's been hit or miss this afternoon, hopefully the downstream populates on the promptly and our long national nightmare will soon be over.

Link to comment
Share on other sites

I was re-directed to various ad sites connected with goodmayor Tuesday evening and Wednesday, using bookmarks or typing the adress didn't matter. Right now I used my old bookmark and everything was fine. I was afraid I had clicked something I shouldn't have as I kept getting a bunch of weird spam mails at the same time, but everything seems to be okay. What Jim posted about the servers makes perfect sense.

But I wonder if someone registered that organissimo2 adress in knowledge of the server change to take advantage of the situation ...

Edited by mikeweil
Link to comment
Share on other sites

18 hours ago, Kevin Bresnahan said:

I was telling Jim on Facebook that I had to laugh at one of the redirect websites I got today. It was an official-looking "Microsoft Support" website with a serious voiceover telling me that my Windows computer has been compromised and I must immediately call their tech support number shown on the screen or I would be disconnected from the network.

I was seeing this while using my Linux/Ubuntu laptop. :)

I got this yesterday too.

This is the first time I could get in since maybe Sunday.

Link to comment
Share on other sites

This goodmayor thing...worked fine all weekend at home, back at work today, woops, there's that goodmayor motherfucker again, cleared everything, there he was again. Then gone. Then back agoin. Back and forth, no constant that I can flag. Maybe  somewhere along the way packets are getting thron to some lserver that ain't got the news yet. I don't know, I'm not that smart.

Tell you what though, the bowels of the internet could probably use a good cyberenema.

Link to comment
Share on other sites

OK, for the future folks: clearing your browser cache doesn't do anything relevant in a case like this. If you still have a device that redirects, you need to clear its DNS cache (just a list of hostnames and associated IP addresses), like I mentioned before:

https://documentation.cpanel.net/display/CKB/How+To+Clear+Your+DNS+Cache

On iOS you can turn on airplane mode for a few seconds--that will flush the DNS cache.

On Android you need to do a hard reboot, I believe. (Turn off phone, remove battery, wait a minute, reinsert, boot.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...