I can say that my android is not compromised. I would see other issues
that your site. I would roll back a few days, and make all new usernames
and passwords.
On Tue, Jul 10, 2018 at 9:58 AM Scott Schnegelberger <scott@xxxxxxxxxxxx>
wrote:
No one’s ignoring it – I jumped on it quickly last night and reviewed the
site for several hours. Two of us that are admins have looked and see
nothing amiss – our views of the website on desktop and mobile both are
clean, and the screenshots that have been shared, at least /I/ can’t
replicate, even on my own Android mobile devices.
Not discounting that we’re missing something, possibly… but I have a
stronger belief that certain mobile devices themselves may have been
compromised rather than the site, from what I see so far. I can’t speak
for the other admins, but the ID/password I use for NCrockets.org is
entirely different from anywhere else, and I have actually changed the
password already, just as a precaution. (KeePass for the win.)
*From:* ncrockets-bounce@xxxxxxxxxxxxx <ncrockets-bounce@xxxxxxxxxxxxx> *On
Behalf Of *Bradley Pearce
*Sent:* Tuesday, July 10, 2018 9:46 AM
*To:* ncrockets@xxxxxxxxxxxxx
*Subject:* [ncrockets] Re: Web site hack? Please check website
Hi.
I’ve only been to one launch and only lurk here. As someone who used to
own and operate a web hosting company, I strongly advise against ignoring
the problem because it might “make things worse”. They pretty much the
absolute worse thing you can do.
I would shut that server down now. Change all passwords and start a
security audit until the hole is found. It could be an issue outside of
the server, such as an admin using the same password as other services or
an admin’s personal computer compromised. Don’t ignore and hope for the
best.
Best regards,
Bradley Pearce
On Jul 9, 2018, at 9:37 PM, Alan Whitmore <acwhit@xxxxxxxxx> wrote:
Brian,
The site is only hacked for users of hand-held devices,
maybe only Android users. If you check in through a standard desk-top or
lap-top, everything is fine.
It would be nice to have it fixed, but how to proceed? If
the person who originally hacked the site were to wait several months for
the malodorous results of his or her villainy to stink the place up, and
then come in and offer to fix it, and in the process compromise the
internet security of every single person on this list, that would be a bad
thing. What I and every one else on this list would like to do is not make
things worse than they already are.
A
*From:* ncrockets-bounce@xxxxxxxxxxxxx <ncrockets-bounce@xxxxxxxxxxxxx> *On
Behalf Of *Brian Higgins
*Sent:* Monday, July 09, 2018 8:43 PM
*To:* ncrockets@xxxxxxxxxxxxx
*Subject:* [ncrockets] Web site hack? Please check website
Looks like the site fot hacked. Let me know I can help clean up if needed.
Brian