yyrkoon 250 Posted July 27, 2016 Share Posted July 27, 2016 I'd probably at minimum check if your server has been rooted. Should probably update your server though . . . http://energia.nu/img/LaunchPadMSP430G2553-v1.4.jpg Quote Link to post Share on other sites
chicken 630 Posted July 27, 2016 Share Posted July 27, 2016 ? Looks good to me. Quote Link to post Share on other sites
yyrkoon 250 Posted July 27, 2016 Author Share Posted July 27, 2016 ? Looks good to me. been fixed it guess. But it looked judging by the explicit language in the redirect link that the server had been exploited via php injection. Quote Link to post Share on other sites
LIJsselstein 9 Posted July 27, 2016 Share Posted July 27, 2016 Yeah, I got the explicit language error as well. Something with 'f*ck' a few times. Either a 'funny' admin or a hack.... Quote Link to post Share on other sites
energia 485 Posted July 27, 2016 Share Posted July 27, 2016 Thanks for the report. Hmm.. This site is hosted over @ Go Daddy and it is a shared hosting server which is maintained by them. They must have already corrected the problem. I'll send them a message and keep monitoring the site.. Please post in this thread if you see other "looks like the server has been hacked" oddities.. Thanks, Robert Quote Link to post Share on other sites
adrianF 43 Posted July 27, 2016 Share Posted July 27, 2016 @@energia I'm still seeing this on several pages... However, when I refresh the page, I am able to get past the error & get to the desired page... Specifically, I am seeing it here: http://energia.nu/guide/import-energia-sketch-to-ccsv6/ Adrian Quote Link to post Share on other sites
bluehash 1,581 Posted July 28, 2016 Share Posted July 28, 2016 @@energia I'm still seeing this on several pages... However, when I refresh the page, I am able to get past the error & get to the desired page... Specifically, I am seeing it here: http://energia.nu/guide/import-energia-sketch-to-ccsv6/ Adrian Looks like cached up pages are showing up. Give it a couple of days and it should go away. Unless energia can find a way to purge the cache server side. adrianF 1 Quote Link to post Share on other sites
LIJsselstein 9 Posted August 2, 2016 Share Posted August 2, 2016 Not sure if if its useful to report, but the foul language is back again at the Energia frontpage. Specifically the page: http://energia.nu. I get: Not FoundThe requested URL /wordpress/fuckfuckfuckfcuk-macroscopic.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache Server at energia.nu Port 80 Quote Link to post Share on other sites
energia 485 Posted August 5, 2016 Share Posted August 5, 2016 Has anybody seen this recently? I have updated Wordpress and scanned for any modified files. The scan comes up empty and no files have been modified. I personally have never seen this page so it is hard for me to reproduce. For those who have seen this issue, how often do you get the foul 404 page? If you are still seeing it then the only thing I can do right now is to take down energia.nu's wordpress and put up a replacement home page notifying everybody that energia.nu was compromised. Thanks, Robert Quote Link to post Share on other sites
LIJsselstein 9 Posted August 5, 2016 Share Posted August 5, 2016 I haven't seen the error every time between my two reports and did not see it again after my last report. I'm sure that I wasn't looking at a cached version of the site the second time: I cleared the browser cache and loaded the page on multiple devices, some of which hadn't visited energeia.nu before. Quote Link to post Share on other sites
SmokinGrunts 5 Posted August 25, 2016 Share Posted August 25, 2016 Seeing this by googling "energia" and clicking the link for energia.nu; I get the hacked page. When I type www.energia.nu in a new tab, it loads fine. I've cleared cache, used a fresh machine, etc. Hope this helps. Quote Link to post Share on other sites
chicken 630 Posted August 26, 2016 Share Posted August 26, 2016 @@energia I can reproduce the following on an iPad that never saw the hacked page: - go to Google, search energia project - Google shows a result energia.nu > project - when clicking on the result, a 404 error page will show, indicating that Google was sending me to wordpress/[fwordfwordfword]-macroscopic.php Looks like Google needs a nudge to completely reindex the site. PS: the same happens when searching for energia msp430, energia pinout, energia download, etc. etc. Quote Link to post Share on other sites
chicken 630 Posted August 26, 2016 Share Posted August 26, 2016 PS2: It actually only happens when accessing a page the first time via Google. When I go to energia.nu, browse to the page in question and then repeat the search experiment, I end up on the proper page. Probably needs some HTTP level debugging to figure out what is going on. Quote Link to post Share on other sites
energia 485 Posted August 26, 2016 Share Posted August 26, 2016 After a long search and debugging, I figured out that energia.nu was indeed hacked. Specifically the wordpress installation. I'll spare you the details but I think I have resolved the issue. It was actually quite sophisticated hack. Not only was code injected into .php files, the .htaccess file was also altered with a rewrite that rewrote the url depending on the user agent / referrer. Hence, the hack would only show up if the referrer was in the list. Hence you would see the foul language 404 page when going to energia.nu from google, bing, yahoo but not if you would go directly to energia.nu. All files have been cleaned, wordpress upgraded to the latest version and passwords changed. I have put up a temporary homepage for now so that I can do some more testing to make sure that the site is clean. My excuses for foul language showing up on energia.nu. Of course this was not our intention or doing. energia.nu should be up again shortly sans the foul language. Robert Quote Link to post Share on other sites
Rickta59 589 Posted August 26, 2016 Share Posted August 26, 2016 does that mean the binaries that i've download, like the compiler etc, might be unsafe? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.