website compromised - LED Grow Lights - International Cannagraphic Magazine Forums

Phillthy · 05-08-2010, 12:16 PM

tried to click your banner. your website is compromised.

WizeWizo · 05-08-2010, 12:24 PM

Quote:

Originally Posted by Phillthy

tried to click your banner. your website is compromised.

Huh? worked fine for me just now....

Mulletsoda · 05-08-2010, 02:19 PM

I second the compromised website, URL : https://www.hydrogrowled.com/

First time I visited I was redirected to www1.firesavez7.com, where I recieved a pop-up warning "Warning, your computer is at risk of malware attacks. We recommend you to check your system immediately. Press OK to start the process now", giving you only OK as a choice.

Then it lands on https://www1.firesavez7.com/?p=p52dcW...Oppomwm5h2bHFs, where it acts like it's doing a scan of my Windows computer ( Hm... I'm running linux, so how does my My Documents folder have viruses?? ), finding several. Then it tries to force a download of : https://www1.savemypc1.xorg.pl/mak107...k7XJx5qpb2c%3D ... here's the VirusTotal result from the .exe that got dropped : https://www.virustotal.com/analisis/1...938-1273320112

This only happens the first time I visit the main site, repeated visits do not trigger this behavior. Clearing my cache and cookies, then revisiting the site, does result in the download being dropped again.

This isn't unusual, websites are compromised every day, it's not a super big deal. Contact the person who manages the site, it's something that needs to be taken care of. Nice site, though providing a Wikipedia link to back up your claims isn't the most credible source. ;-)

Off this topic, though... do your lights use PWM? I have yet to look deep into LED grows, but from my experience with LEDs, you can get much more out of them with a 20-30% current increase on a 10% duty cycle. Is that something that would make a difference, has it already been implemented? I know that modifying the amount of current flowing through the LED can effect the output wavelength, too... I'm curious as to what conclusions you've reached on that topic. LEDs are definitely on my todo list; I'm watching, I believe in LED technology.

Phillthy · 05-08-2010, 02:46 PM

mulletsoda described it to a T.

Mulletsoda · 05-08-2010, 02:49 PM

https://img98.imageshack.us/img98/5001/screenshot4y.png

Just remember, folks... no website will ever be able to tell you that you have a virus. Do not EVER believe if someone (something) both tells you there is a problem and offers to fix it. It makes me sad that so many people fall for these things every day...

Any real, professional program will not contain grammatical errors or mis-spelled words like
"Windows Web Security have detected Trojans and ready to remove them"

"can gather information from user's computer throught Internet connection"

Stay safe, and good luck!!

PS LEDgirl (or whoever runs that site) your site has not yet been flagged by Google as a malware distributor, if you can get it fixed before then, it'll save you tons of work.

https://giftbusinessowners.com/has-yo...mpromised.html

https://www.stopbadware.org/home/security

mrwags · 05-08-2010, 03:59 PM

If it is the one that when completed acts like it's windows and needs to delete viruses it found,it is a bitch to get out of your system once installed and the picture shown above it EXACTLY what I'm talking about.

Good heads up by you guys. Looks like one of the trouble makers that got banned for stirring shit in her forum bought himself a new book at the Geek Convention last week.

Have A Great Day
Mr.Wags

Mulletsoda · 05-08-2010, 06:14 PM

99% of the time websites are compromised by automated attacks; there's rarely any type of human decision involved in this. It was most likely a bot that was systematically scanning entire ranges, looking for unpatched or open systems. If it was a targeted attack motivated by an angry desire for revenge, I would think they would deface the website instead of a minor exe drop. It's unfortunate, but actually pretty common.

05-08-2010, 06:20 PM

Yeah her website was compromised due to the computer used to access it. Whoever does her web admin work probably has a keylogger/trojan on their computer.

**Skip** · 05-08-2010, 06:42 PM

One of my sites was hit by this about six months ago.

EVERYONE NOTE: If you visited the LED site you MUST run an anti-virus with a ROOT KIT scan to get rid of it.

That means you must PAY for the anti-virus as few free ones will do that indepth a check of your computer!

If ever there was something worth paying for, it's a good antivirus program. I recommend Zone Alarm.

There is a cyberwar going on, and if you're not protected, you shouldn't be on the Net!

LEDGirl · 05-08-2010, 06:51 PM

We found out about the problem late last night and are working to resolve the issue. Someone obviously hacked our site, no doubt it was someone who had something to gain from it like one of our competitors (just so happens one of them called me on the phone 2 days ago more or less asking for a "truce"). Hopefully we will have the problem resolved today, and the culprits identified.

I will inform you when it's OK to visit the site again...

05-08-2010, 12:16 PM	#1
Phillthy Seven-Thirty Join Date: Nov 2008 Location: Somewhere nice and padded. Posts: 7,798	website compromised tried to click your banner. your website is compromised. __________________ “A question that sometimes drives me hazy: am I or are the others crazy?” - Albert Einstein
	Quote

05-08-2010, 02:19 PM	#3
Mulletsoda Member Join Date: Jan 2010 Posts: 77	I second the compromised website, URL : https://www.hydrogrowled.com/ First time I visited I was redirected to www1.firesavez7.com, where I recieved a pop-up warning "Warning, your computer is at risk of malware attacks. We recommend you to check your system immediately. Press OK to start the process now", giving you only OK as a choice. Then it lands on https://www1.firesavez7.com/?p=p52dcW...Oppomwm5h2bHFs, where it acts like it's doing a scan of my Windows computer ( Hm... I'm running linux, so how does my My Documents folder have viruses?? ), finding several. Then it tries to force a download of : https://www1.savemypc1.xorg.pl/mak107...k7XJx5qpb2c%3D ... here's the VirusTotal result from the .exe that got dropped : https://www.virustotal.com/analisis/1...938-1273320112 This only happens the first time I visit the main site, repeated visits do not trigger this behavior. Clearing my cache and cookies, then revisiting the site, does result in the download being dropped again. This isn't unusual, websites are compromised every day, it's not a super big deal. Contact the person who manages the site, it's something that needs to be taken care of. Nice site, though providing a Wikipedia link to back up your claims isn't the most credible source. ;-) Off this topic, though... do your lights use PWM? I have yet to look deep into LED grows, but from my experience with LEDs, you can get much more out of them with a 20-30% current increase on a 10% duty cycle. Is that something that would make a difference, has it already been implemented? I know that modifying the amount of current flowing through the LED can effect the output wavelength, too... I'm curious as to what conclusions you've reached on that topic. LEDs are definitely on my todo list; I'm watching, I believe in LED technology. __________________ Dude, I'm cheesing my f-ing brains out right now! https://code.google.com/p/atmega328growcontroller/
	Quote 3 members found this post helpful.

05-08-2010, 02:46 PM	#4
Phillthy Seven-Thirty Join Date: Nov 2008 Location: Somewhere nice and padded. Posts: 7,798	mulletsoda described it to a T. __________________ “A question that sometimes drives me hazy: am I or are the others crazy?” - Albert Einstein
	Quote

05-08-2010, 02:49 PM	#5
Mulletsoda Member Join Date: Jan 2010 Posts: 77	https://img98.imageshack.us/img98/5001/screenshot4y.png Just remember, folks... no website will ever be able to tell you that you have a virus. Do not EVER believe if someone (something) both tells you there is a problem and offers to fix it. It makes me sad that so many people fall for these things every day... Any real, professional program will not contain grammatical errors or mis-spelled words like "Windows Web Security have detected Trojans and ready to remove them" "can gather information from user's computer throught Internet connection" Stay safe, and good luck!! PS LEDgirl (or whoever runs that site) your site has not yet been flagged by Google as a malware distributor, if you can get it fixed before then, it'll save you tons of work. https://giftbusinessowners.com/has-yo...mpromised.html https://www.stopbadware.org/home/security __________________ Dude, I'm cheesing my f-ing brains out right now! https://code.google.com/p/atmega328growcontroller/
	Quote 2 members found this post helpful.

05-08-2010, 03:59 PM	#6
mrwags ********* Female Seeds Join Date: Jun 2004 Posts: 3,493	If it is the one that when completed acts like it's windows and needs to delete viruses it found,it is a bitch to get out of your system once installed and the picture shown above it EXACTLY what I'm talking about. Good heads up by you guys. Looks like one of the trouble makers that got banned for stirring shit in her forum bought himself a new book at the Geek Convention last week. Have A Great Day Mr.Wags __________________ Never Argue With The Ignorant Because They Will Simply Pull You Down To Their Level And Beat You With Experience So the idea of spreading the love is the disease and making sure it's done is the cure TY all for allowing me to get my treatment
	Quote

05-08-2010, 06:14 PM	#7
Mulletsoda Member Join Date: Jan 2010 Posts: 77	99% of the time websites are compromised by automated attacks; there's rarely any type of human decision involved in this. It was most likely a bot that was systematically scanning entire ranges, looking for unpatched or open systems. If it was a targeted attack motivated by an angry desire for revenge, I would think they would deface the website instead of a minor exe drop. It's unfortunate, but actually pretty common. __________________ Dude, I'm cheesing my f-ing brains out right now! https://code.google.com/p/atmega328growcontroller/
	Quote 1 members found this post helpful.

05-08-2010, 06:20 PM	#8
tokinafaty420 Guest Posts: n/a	Yeah her website was compromised due to the computer used to access it. Whoever does her web admin work probably has a keylogger/trojan on their computer.
	Quote

05-08-2010, 06:42 PM	#9
Skip Let's Get Small! Join Date: Jan 2004 Posts: 5,456	One of my sites was hit by this about six months ago. EVERYONE NOTE: If you visited the LED site you MUST run an anti-virus with a ROOT KIT scan to get rid of it. That means you must PAY for the anti-virus as few free ones will do that indepth a check of your computer! If ever there was something worth paying for, it's a good antivirus program. I recommend Zone Alarm. There is a cyberwar going on, and if you're not protected, you shouldn't be on the Net! __________________ "America's freedom lies in cannabis." - feltonmuggs "Prohibition is the gateway to fascism." - Treewizard
	Quote

05-08-2010, 06:51 PM	#10
LEDGirl Banned Join Date: Oct 2009 Location: Washington Posts: 1,464	We found out about the problem late last night and are working to resolve the issue. Someone obviously hacked our site, no doubt it was someone who had something to gain from it like one of our competitors (just so happens one of them called me on the phone 2 days ago more or less asking for a "truce"). Hopefully we will have the problem resolved today, and the culprits identified. I will inform you when it's OK to visit the site again...
	Quote