Wiki Been Hacked?

[chinnyhill10]

If I click on any link to the main wiki, the entire thing is hijacked by something called bokotraffic.com which then tells me my computer has been hijacked. Has the wiki been hacked?

[balford]

Looks like it, I'm seeing links to porn stuff and I know of one other person who's seeing the same...

[||C|-|E||]

There is a problem, indeed. I have already told Gryzor about it and the Wiki will resume its activity asap. In any case, there is a backup of all the stuff 

Thank you for telling!

[Gryzor]

Ok, here's what I've found up to now:

   
• From what I've been reading, bokotraffic is a browser highjacker. I still haven't found anything suggesting that it's tied to a server-side element.
• Only links to the site from Google are affected. Other links on third sites seem to be working fine.
• Other search engines are fine, too. (incidentally I just found out that Ask, previously known as AskJeeves, sucks. Search for cpcwiki and it returns wikipedia links at the top ).

If you're reading this, please try searching for cpcwiki on google and reporting back! Thanks!

[Nich]

If you're reading this, please try searching for cpcwiki on google and reporting back! Thanks!

I clicked on CPCWiki via Google and got a largely blank page that redirects to clicksgear.com (I use the NoScript extension on Firefox).

When I clicked on CPCWiki via Bing, Yahoo and DuckDuckGo, I had no problems and saw the main wiki page.

[1024MAK]

That explains why I had no problems yesterday when I used the direct URL.
Mark

[chinnyhill10]

Ok, here's what I've found up to now:

   
• From what I've been reading, bokotraffic is a browser highjacker. I still haven't found anything suggesting that it's tied to a server-side element.

It's not a browser thing because it seems to happen regardless of browser if you arrive in from Google.

[1024MAK]

Okay, it's a bit weird 


Using an iPad's built in browser I get these results:


Search for cpcwiki and get the expected result, that is the cpcwiki is the top hit.
The hyperlink is already the "used before" colour, because, well I just may have visited before  .
Click on the hyperlink and I get a series of quickly changing ULR addresses in the browser before I get the aforementioned blocked site picture.
But if instead of "clicking" the link, I copy it, then paste it into another tap, it works correctly.
Also, if instead of a simple "click", instead I select "open in a new tab", again it works correctly.


Mark

[Gryzor]

I can confirm it's a server issue; hijacking incoming traffic only from google and redirecting it.


Here's the offending code: http://pastebin.com/ziZCE8RR


Must find out where it originates from...

[SRS]

Thats what I get:

http://scan-microsoft.com.scan-viruses.top/link/goscan.php

telling me I need to install their software to "free" my win10.

My direct link works just fine.

[Munchausen]

From an android phone it brings up a whole load of scanning android messages ending in a "your android phone has a virus" or something like that.

[Skunkfish]

I got redirected to something called 'Pussy Saga'. It was... interesting.

[Foebane72]

Yep, I clicked on links to CPCWiki last night and this morning and was immediately redirected to porn sites, as well as god-knows-what other nasties like adware or whatever.

Nasty shock for me because I was hit by a massive adware/malware attack last year, from a most unexpected source.