This is not a new issue. It was reported many months ago. I personally saw it
on a friend’s AT&T iPhone. Can’t duplicate on any of my devices.
I doubt there is anything a WordPress admin can see. If the site is corrupted
it is at a lower level than the WordPress admin view. Especially since the
corruption is only observed on some devices.
Can’t rule out device or even ISP proxy server corruption.
I suspect Tanner will have to rebuild the server and reload the web pages with
new usernames and passwords. Not much anyone else can do.
If you see the problem, report it to Tanner and include a screen capture and
your device type, browser, and Internet Service Provided at the very least.
Dave
From: ncrockets-bounce@xxxxxxxxxxxxx <ncrockets-bounce@xxxxxxxxxxxxx> On Behalf
Of Michael Monteith (Redacted sender "michael_r_monteith" for DMARC)
Sent: Tuesday, July 10, 2018 10:54 AM
To: ncrockets@xxxxxxxxxxxxx
Subject: [ncrockets] Re: Web site hack? Please check website
I have an Android phone and pulled the site up and saw nothing out of the
ordinary. Have the person having the issue try again. If they are still
seeing and issue have them clear their cache and cookies.
Michael
_____
From: Scott Schnegelberger < <mailto:scott@xxxxxxxxxxxx> scott@xxxxxxxxxxxx>
To: <mailto:ncrockets@xxxxxxxxxxxxx> ncrockets@xxxxxxxxxxxxx
Sent: Tuesday, July 10, 2018 9:58 AM
Subject: [ncrockets] Re: Web site hack? Please check website
No one’s ignoring it – I jumped on it quickly last night and reviewed the site
for several hours. Two of us that are admins have looked and see nothing amiss
– our views of the website on desktop and mobile both are clean, and the
screenshots that have been shared, at least /I/ can’t replicate, even on my own
Android mobile devices.
Not discounting that we’re missing something, possibly… but I have a stronger
belief that certain mobile devices themselves may have been compromised rather
than the site, from what I see so far. I can’t speak for the other admins, but
the ID/password I use for NCrockets.org is entirely different from anywhere
else, and I have actually changed the password already, just as a precaution.
(KeePass for the win.)
From: <mailto:ncrockets-bounce@xxxxxxxxxxxxx> ncrockets-bounce@xxxxxxxxxxxxx <
<mailto:ncrockets-bounce@xxxxxxxxxxxxx> ncrockets-bounce@xxxxxxxxxxxxx> On
Behalf Of Bradley Pearce
Sent: Tuesday, July 10, 2018 9:46 AM
To: <mailto:ncrockets@xxxxxxxxxxxxx> ncrockets@xxxxxxxxxxxxx
Subject: [ncrockets] Re: Web site hack? Please check website
Hi.
I’ve only been to one launch and only lurk here. As someone who used to own and
operate a web hosting company, I strongly advise against ignoring the problem
because it might “make things worse”. They pretty much the absolute worse thing
you can do.
I would shut that server down now. Change all passwords and start a security
audit until the hole is found. It could be an issue outside of the server,
such as an admin using the same password as other services or an admin’s
personal computer compromised. Don’t ignore and hope for the best.
Best regards,
Bradley Pearce
On Jul 9, 2018, at 9:37 PM, Alan Whitmore < <mailto:acwhit@xxxxxxxxx>
acwhit@xxxxxxxxx> wrote:
Brian,
The site is only hacked for users of hand-held devices, maybe
only Android users. If you check in through a standard desk-top or lap-top,
everything is fine.
It would be nice to have it fixed, but how to proceed? If the
person who originally hacked the site were to wait several months for the
malodorous results of his or her villainy to stink the place up, and then come
in and offer to fix it, and in the process compromise the internet security of
every single person on this list, that would be a bad thing. What I and every
one else on this list would like to do is not make things worse than they
already are.
A
From: <mailto:ncrockets-bounce@xxxxxxxxxxxxx> ncrockets-bounce@xxxxxxxxxxxxx <
<mailto:ncrockets-bounce@xxxxxxxxxxxxx> ncrockets-bounce@xxxxxxxxxxxxx> On
Behalf Of Brian Higgins
Sent: Monday, July 09, 2018 8:43 PM
To: <mailto:ncrockets@xxxxxxxxxxxxx> ncrockets@xxxxxxxxxxxxx
Subject: [ncrockets] Web site hack? Please check website
Looks like the site fot hacked. Let me know I can help clean up if needed.
Brian