Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar Mark Forums Read
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 03-12-2019, 09:26 AM   #1
Acepimp
Confirmed User
 
Acepimp's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: East Coast
Posts: 5,363
My Mainstream Site Got Hacked with PORN! Who Did It?? [SCREENSHOTS]

I have some mainstream sites running Wordpress. The DNS was on Cloudflare. I looked at one site today and all I see is this Button:



So I click it and it takes me to what looks like a Russian porn site and then immediately loads this pop-up:



So I go to close the pop-up and it immediately opens a new tab with this full-screen ad:



When I finally close all the bullshit the site looks like this:





---------------------------------

I fixed this in 2 minutes by switching the site back to my webhost's nameservers.

So have any of you heard of Cloudflare DNS hacks?
Acepimp is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-12-2019, 09:30 AM   #2
ghjghj
Confirmed User
 
Join Date: Jun 2005
Posts: 2,186
If you're not using 2FA on cloudflare they are most likely in your e-mail too.
ghjghj is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-12-2019, 12:18 PM   #3
~Ray
visit hardlinks.org
 
~Ray's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: Las Vegas , Nv >>> [email protected] or icq 94994627 anytime
Posts: 18,338
Oooo spooky
~Ray is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-12-2019, 12:52 PM   #4
lezinterracial
Confirmed User
 
Industry Role:
Join Date: Jul 2012
Posts: 2,188
Web cache poisoning? I don't know much about it. But it does seem popular.

https://portswigger.net/blog/practic...ache-poisoning
__________________
4AXpotX1cGFYYEcs6co5299Nkae2kzUepZQ1RzQZCi8D8nz2cA 1e3r2h6sWrb3GP22a8ravttK33oi34Y4C88FBwJBLyvYD
lezinterracial is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-12-2019, 06:39 PM   #5
PamWinterReturns
diskardid mentsch
 
PamWinterReturns's Avatar
 
Industry Role:
Join Date: Sep 2012
Location: Westport Point MA
Posts: 1,877
Have you looked at server logs to see what commands were used? And from what possible IP? Was it a Wordpress hack using an older version? Did they hit any other sites on the box?
__________________
Webmaster from 1993Ė2008. Coma put me out of commission for several years. I'm back in limited-capacity due to health issues/amnesia but I never give up! New project launching soon! 😎👍😎👍

><><><><><><><><><><><><><><><><><><><><><><><><>< >
I put my hosting trust in BlastPort and you should, too. Reliable, helpful and wonít dent your wallet. Donít lose money to downtime. No downtime yet!!
><><><><><><><><><><><><><><><><><><><><><><><><>< >
PamWinterReturns is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-14-2019, 06:17 AM   #6
lezinterracial
Confirmed User
 
Industry Role:
Join Date: Jul 2012
Posts: 2,188
Any updates on this? Was it web cache poisoning? Been reading up more on it, Pretty interesting stuff. James Kettle did a presentation on it. He is a genius.

__________________
4AXpotX1cGFYYEcs6co5299Nkae2kzUepZQ1RzQZCi8D8nz2cA 1e3r2h6sWrb3GP22a8ravttK33oi34Y4C88FBwJBLyvYD
lezinterracial is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-14-2019, 09:45 AM   #7
GspotProductions
Natalie K
 
GspotProductions's Avatar
 
Industry Role:
Join Date: Apr 2010
Location: Spain
Posts: 14,793
fuckers, hope you get it sorted
__________________
My official porn site NatalieK.xxx Porn surfer & webmaster blog Sign up to NatalieKash

Skype: gspotproductions - "Converting your traffic into income since 2005"
GspotProductions is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-14-2019, 04:07 PM   #8
Acepimp
Confirmed User
 
Acepimp's Avatar
 
Industry Role:
Join Date: Jan 2012
Location: East Coast
Posts: 5,363
So I logged into CloudFlare, where my account didn't have any websites on Cloudflare! It looks like someone was able to get into my account and remove my site & redirect my domain.

I updated my password with a much stronger one and will also start using 2FA. Site is back up on Cloudflare.

I found this interesting article on DNS cache poisoning.

Acepimp is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
site, mainstream, cloudflare, close, pop-up, dns, immediately, porn, bullshit, full-screen, tab, finally, fixed, nameservers, hacks, heard, webhosts, minutes, switching, [screenshots], sites, running, wordpress, looked, button
Thread Tools




©2000-, AVN Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.