Parse error: syntax error, unexpected $end in F:\Inetpub\wwwroot\clubcobra\forums\includes\functions.php(5723) : eval()'d code(17) : eval()'d code on line 3
this site has been hacked - Page 3 - Club Cobra
Club Cobra Keith Craft Racing  

Go Back   Club Cobra > Cobra Talk Areas > ALL COBRA TALK

Welcome to Club Cobra!  The World's largest non biased Shelby Cobra related site!

  •  » Representation from nearly all Cobra/Daytona/GT40 manufacturers
  •  » Help from all over the world for your questions
  •  » Build logs for you and all members
  •  » Blogs
  •  » Image Gallery
  •  » Many thousands of members and nearly 1 million posts! 

YES! I want to register an account for free right now!  p.s.: For registered members this ad will NOT show

Keith Craft Racing
MMG Superformance
Main Menu
Module Jump:
Nevada Classics
MMG Superformance
MMG Superformance
Advertise at CC
Banner Ad Rates
MMG Superformance
Keith Craft Racing
Keith Craft Racing
MMG Superformance
August 2017
S M T W T F S
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31    

Kirkham Motorsports

Like Tree22Likes

Reply
 
LinkBack Thread Tools Display Modes
  #41 (permalink)  
Old 12-16-2016, 09:34 AM
moore_rb's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Aug 2015
Cobra Make, Engine: Unique 289usrrc, early comp car styling
Posts: 796
Not Ranked     
Default

Quote:
Originally Posted by twobjshelbys View Post
I use Firefox on my phone. No such directory on my phone.
The hack is in the native Android browser (which all the other 3rd party browsers actually use to interact with your phone's OS)- I only tested it with Chrome, and removing the goAdSDK folder helped. It must put its scripts in a different location with Firefox.

try closing all apps on your phone, then open your native Android browser (the one with the Globe icon). If the bogus warning pages instantly appear (or if it opens a Play Store window to some bogus ad blocker) before your home page loads, then you are still infected - at which point you can open the settings in the native browser, and clear the cache and all temporary data (this shouldn't impact your firefox cache at all) Then, set your native browser's homepage to a safe destination with a public certificate (https://google.com for example), and restart your phone one more time.


after this 2nd restart - open your phone's native browser again, and try to navigate to club cobra from the native browser... click some links, and see if the issue is cleared up. If it is, then go try club cobra from Firefox, too...
__________________
- Robert
Reply With Quote
Sponsored Links
Sponsored Links
  #42 (permalink)  
Old 12-16-2016, 09:59 AM
cycleguy55's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Feb 2014
Location: White City, SK
Cobra Make, Engine: West Coast, 460 CID
Posts: 1,462
Not Ranked     
Default

Quote:
Originally Posted by twobjshelbys View Post
I use Firefox on my phone. No such directory on my phone.
Ditto, no GOADSDK folder on my phone. That's clearly not the common thread.

Looking my mobile browser history, it appears to originate with a re-direct to serve.popads.net, then the advertisement, warning, etc. pops up. The domain registration for popads.net ( Whois popads.net ) is in Costa Rica and looks like a one-man or small shop (TOMKSOFT S.A.) owned by TOMASZ KLEKOT.

I have reported abuse by popads.net to abuse@enom.com, the "Registrar Abuse Contact Email". The policies posted on the registrar's Web site ( eNom - domain name, web site hosting, email, registration ) look good - but action is quite another matter. We'll have to wait and see if anything changes.
joyridin' and moore_rb like this.
__________________
Brian
Reply With Quote
  #43 (permalink)  
Old 12-16-2016, 10:11 AM
cycleguy55's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Feb 2014
Location: White City, SK
Cobra Make, Engine: West Coast, 460 CID
Posts: 1,462
Not Ranked     
Default

Quote:
Originally Posted by moore_rb View Post
The hack is in the native Android browser (which all the other 3rd party browsers actually use to interact with your phone's OS)- I only tested it with Chrome, and removing the goAdSDK folder helped. It must put its scripts in a different location with Firefox.
My native browser is Chrome and, again, no goAdSDK folder on my phone.

BTW, I just checked again and I'm no longer getting pop-ups or re-directs.
__________________
Brian

Last edited by cycleguy55; 12-16-2016 at 10:21 AM..
Reply With Quote
  #44 (permalink)  
Old 12-16-2016, 11:12 AM
joyridin''s Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Feb 2009
Location: Cleveland, OH
Cobra Make, Engine: Arntz
Posts: 1,234
Not Ranked     
Default

The browser I use on my Ipad is Mercury. No such folders. The bogus ads appear after the page is loaded and when I go to a forum or to sign in.

No such folder like that on mine either and it only happens on this forum.
Reply With Quote
  #45 (permalink)  
Old 12-16-2016, 03:36 PM
mrmustang's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Feb 2000
Location: Greenville, SC
Cobra Make, Engine: 69 GT500 fastback, mystery 2dr convertible
Posts: 11,273
Not Ranked     
Default

No issues on my Iphone or Ipads, three separate desktop/laptops, running two different versions of WIN, with four different browsers, no issue.


Then again, I have anti virus and anti malware up the wazoo on everything.......


Bill S
__________________
Instead of being part of the problem, why not be a part of a successful solution

Reply With Quote
  #46 (permalink)  
Old 12-17-2016, 04:22 AM
DanEC's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Apr 2009
Location: Central, AR
Cobra Make, Engine: ERA Street Roadster #782 with 459 cu in FE KC engine, toploader, 3.31
Posts: 3,589
Not Ranked     
Default

Interestingly I have a NOOK with internet capability and when I opened it to the Cobra Forum site last night and clicked on a post, the infected notice popped up. Lovely.
Reply With Quote
  #47 (permalink)  
Old 12-17-2016, 04:49 AM
mudhenk27's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Jul 2007
Location: Moultonboro, NH
Cobra Make, Engine: Prototype SPF#023, 289 Ford 1st USA Superformance Cobra...Hi-Tech 427 Comp by Craig Coombe
Posts: 303
Not Ranked     
Default

I'm guessin' it's President Putin trying to decide what Cobra to buy ;-)
Reply With Quote
  #48 (permalink)  
Old 12-17-2016, 06:38 AM
Blas's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Sep 2002
Cobra Make, Engine: SPF#0760
Posts: 2,910
Not Ranked     
Default

Still getting the pop-up when I log in on my iPad. "SeeSo" or something is what it says on the pop up. I have erased my cookies, etc. still happens.
__________________
Wiring Diagrams: SPF MKII, MKIII, GT40, CSX7000, CSX8000, and Shelby Sebring Tribute Cars.
Owner’s Manuals: SPF MKII, CSX7000, CSX8000, and Shelby Sebring Tribute Cars.

Large, easy to read and trace schematics with part numbers, wire colors, wire gauge, fuses, and electrical upgrade information. Trouble-shooting and replacement part numbers for those roadside repair adventures.
SPFWiringDiagrams@Comcast.net
Reply With Quote
  #49 (permalink)  
Old 12-17-2016, 06:51 AM
twobjshelbys's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Jan 2009
Location: Las Vegas, NV
Cobra Make, Engine: Shelby CSX4005LA, Roush 427IR
Posts: 2,922
Not Ranked     
Default

Yep, it happened last night at about 8:00PM PST. I didn't use the phone much yesterday though.

I also noticed that Firefox is asking me to allow Adobe Flash. I don't recall that the site used Flash in the past. Is this related to the problem?
__________________
Cheers,
Tony
CSX4005LA
Reply With Quote
  #50 (permalink)  
Old 12-17-2016, 08:25 AM
dcdoug's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Apr 2009
Location: Bethesda, MD
Cobra Make, Engine: CSX 6022, navy blue, period correct vintage 427 SO, standard bore/stroke
Posts: 2,119
Not Ranked     
Default

Quote:
Originally Posted by twobjshelbys View Post
Yep, it happened last night at about 8:00PM PST. I didn't use the phone much yesterday though.

I also noticed that Firefox is asking me to allow Adobe Flash. I don't recall that the site used Flash in the past. Is this related to the problem?
I have seen that FF warning on Flash on other sites. I don't think it is related to the CC site issue. Make sure that your FF is up-to-date though.
__________________
“There are only three sports: bullfighting, motor racing, and mountaineering; all the rest are merely games.”

www.partskeeper.com
(Place to find parts, keep part #'s & torque specs)
Reply With Quote
  #51 (permalink)  
Old 12-17-2016, 09:14 AM
twobjshelbys's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Jan 2009
Location: Las Vegas, NV
Cobra Make, Engine: Shelby CSX4005LA, Roush 427IR
Posts: 2,922
Not Ranked     
Default

Quote:
Originally Posted by dcdoug View Post
I have seen that FF warning on Flash on other sites. I don't think it is related to the CC site issue. Make sure that your FF is up-to-date though.
Not in my case. I have flash disabled because it always wants to play videos automatically and nothing is more annoying when trying to read a site to have video moving (to distract the eyes) and sound (to distract the ears). So I turn off Flash by default and only let it play things I want to see. Now if I could figure out the same for HTML5 (which is what most sites are migrating to)
__________________
Cheers,
Tony
CSX4005LA
Reply With Quote
  #52 (permalink)  
Old 12-17-2016, 10:17 AM
Brent Mills's Avatar
Administrator
Visit my Photo Gallery

 
Join Date: Jan 1999
Location: Duvall, Wa
Cobra Make, Engine: KMP286, Shelby 482, Webers, 593HP
Posts: 4,129
Blog Entries: 3
Send a message via Yahoo to Brent Mills
Not Ranked     
Default

I'm still trying to figure out what if anything is going on from the site. I am not finding anything to this point.
Reply With Quote
  #53 (permalink)  
Old 12-17-2016, 11:52 AM
mrmustang's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Feb 2000
Location: Greenville, SC
Cobra Make, Engine: 69 GT500 fastback, mystery 2dr convertible
Posts: 11,273
Not Ranked     
Default

Quote:
Originally Posted by Brent Mills View Post
I'm still trying to figure out what if anything is going on from the site. I am not finding anything to this point.
I'm thinking it is 3rd party banner or embedded link/key word related, as I have yet to have an issue as stated in my other post above.

Looking at the coding (using seamonkey for that) for the main page as well as the main forum page do not show any malicious or out of place coding vs our sister site CHR. Then again, we are using a later version (4.1.3 on CHR vs 3.8.0 here) of the software package there. If memory serves me correctly, we had a similar issue there under an older version of the forum software about a year or year and a half ago.


Just thinking outside the box while looking for a solution or explanation.


Bill S.
__________________
Instead of being part of the problem, why not be a part of a successful solution

Reply With Quote
  #54 (permalink)  
Old 12-17-2016, 11:59 AM
mrmustang's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Feb 2000
Location: Greenville, SC
Cobra Make, Engine: 69 GT500 fastback, mystery 2dr convertible
Posts: 11,273
Not Ranked     
Exclamation

For those experiencing issues as above, this is what I recommend doing:

1: log out of the forum
2: Clear out your browser and system cache
3: remove the "cookies" for this site from your browser
4: do the same for any back ups you may have
5: make sure you are using the latest version of your browser
6: make sure you have all patches and updates for your operating system (PC, MAC, PHONE) and any anti virus or anti malware programs you may be running
7: reboot
8: log back in

Report back here

On CHR, 95% of the end user reported issues were cleared up with these simple 8 steps. 95%


Bill S
__________________
Instead of being part of the problem, why not be a part of a successful solution

Reply With Quote
  #55 (permalink)  
Old 12-17-2016, 12:17 PM
joyridin''s Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Feb 2009
Location: Cleveland, OH
Cobra Make, Engine: Arntz
Posts: 1,234
Not Ranked     
Default

Did all that. I was redirected 3 times in a row.
Reply With Quote
  #56 (permalink)  
Old 12-17-2016, 01:32 PM
twobjshelbys's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Jan 2009
Location: Las Vegas, NV
Cobra Make, Engine: Shelby CSX4005LA, Roush 427IR
Posts: 2,922
Not Ranked     
Default

Quote:
Originally Posted by joyridin' View Post
Did all that. I was redirected 3 times in a row.
Me too. I'm pretty sure that the problem is NOT on the client (reader) end but that this server is sending people off to the weeds. And that the problem is not local to the server but at some off-site link that is used to load ad content here. [This assumes that this site has been scrubbed for links to the sites I posted earlier.]
__________________
Cheers,
Tony
CSX4005LA
Reply With Quote
  #57 (permalink)  
Old 12-17-2016, 01:46 PM
mrmustang's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Feb 2000
Location: Greenville, SC
Cobra Make, Engine: 69 GT500 fastback, mystery 2dr convertible
Posts: 11,273
Not Ranked     
Default

Quote:
Originally Posted by joyridin' View Post
Did all that. I was redirected 3 times in a row.
Quote:
Originally Posted by twobjshelbys View Post
Me too. I'm pretty sure that the problem is NOT on the client (reader) end but that this server is sending people off to the weeds. And that the problem is not local to the server but at some off-site link that is used to load ad content here. [This assumes that this site has been scrubbed for links to the sites I posted earlier.]
You deleted all browser and system cache and temp files?

Are the two of you running any ad blocker, anti virus, or anti malware software?

What devices are you on?
What version of the software (IE: MAC: IOS 9.5, or WIN 95)
What browser are you using? Version?
__________________
Instead of being part of the problem, why not be a part of a successful solution

Reply With Quote
  #58 (permalink)  
Old 12-17-2016, 02:33 PM
twobjshelbys's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Jan 2009
Location: Las Vegas, NV
Cobra Make, Engine: Shelby CSX4005LA, Roush 427IR
Posts: 2,922
Not Ranked     
Default

Quote:
Originally Posted by mrmustang View Post
You deleted all browser and system cache and temp files?

Are the two of you running any ad blocker, anti virus, or anti malware software?

What devices are you on?
What version of the software (IE: MAC: IOS 9.5, or WIN 95)
What browser are you using? Version?
Yes I know what I'm doing. This is an android phone (Samsung S7). All cache and stuff was cleared. On two different systems (phone and Nexus 9) each with two tries. Thanks for your help but most of us have already done all of this. We are in the 5% this doesn't help because it is not on our end.

Additionally, only mobile devices (both iOS and Android) are being attacked because their mission is to sell a store app.

Windows systems are excused this time. Furthermore, it will do no good to try each and every off-site link from a Windows system because it won't show anything. The HTML for this attack is using the platform identifier to trigger the rogue behaviour.
__________________
Cheers,
Tony
CSX4005LA

Last edited by twobjshelbys; 12-17-2016 at 03:11 PM..
Reply With Quote
  #59 (permalink)  
Old 12-17-2016, 03:15 PM
mrmustang's Avatar
CC Member/Contributor
Visit my Photo Gallery
Gold Star Contributor
 
Join Date: Feb 2000
Location: Greenville, SC
Cobra Make, Engine: 69 GT500 fastback, mystery 2dr convertible
Posts: 11,273
Not Ranked     
Default

Quote:
Originally Posted by twobjshelbys View Post
Yes I know what I'm doing. This is an android phone (Samsung S7). All cache and stuff was cleared. On two different systems (phone and Nexus 9) each with two tries. Thanks for your help but most of us have already done all of this. We are in the 5% this doesn't help because it is not on our end.

Additionally, only mobile devices (both iOS and Android) are being attacked because their mission is to sell a store app.

Windows systems are excused this time. Furthermore, it will do no good to try each and every off-site link from a Windows system because it won't show anything. The HTML for this attack is using the platform identifier to trigger the rogue behaviour.
Can't say anything about the Android as I do not have it, but I've now attempted it on 4 IOS mobile platforms of various versions, without an issue


Bill S
__________________
Instead of being part of the problem, why not be a part of a successful solution

Reply With Quote
  #60 (permalink)  
Old 12-17-2016, 03:43 PM
twobjshelbys's Avatar
CC Member
Visit my Photo Gallery

 
Join Date: Jan 2009
Location: Las Vegas, NV
Cobra Make, Engine: Shelby CSX4005LA, Roush 427IR
Posts: 2,922
Not Ranked     
Default

Quote:
Originally Posted by mrmustang View Post
Can't say anything about the Android as I do not have it, but I've now attempted it on 4 IOS mobile platforms of various versions, without an issue


Bill S

Not too unexpected. I got through all evening yesterday (6:00 to about 8:00) without a problem then at about 8:00PM last night it happened again. I tried camping on the "new posts" button since that is where it always happens, but I think there is (what appears to be a random) ad that shows up that is the trigger. I do believe there has to be "content" to load, so the empty page if there is no new content the default page doesn't count.
__________________
Cheers,
Tony
CSX4005LA
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 02:26 PM.


Powered by vBulletin® Version 3.8.0
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.6.0
The representations expressed are the representations and opinions of the clubcobra.com forum members and do not necessarily reflect the opinions and viewpoints of the site owners, moderators, Shelby American, any other replica manufacturer, Ford Motor Company. This website has been planned and developed by clubcobra.com and its forum members and should not be construed as being endorsed by Ford Motor Company, or Shelby American or any other manufacturer unless expressly noted by that entity. "Cobra" and the Cobra logo are registered trademarks for Ford Motor Co., Inc. clubcobra.com forum members agree not to post any copyrighted material unless the copyrighted material is owned by you. Although we do not and cannot review the messages posted and are not responsible for the content of any of these messages, we reserve the right to delete any message for any reason whatsoever. You remain solely responsible for the content of your messages, and you agree to indemnify and hold us harmless with respect to any claim based upon transmission of your message(s). Thank you for visiting clubcobra.com. For full policy documentation refer to the following link: CC Policy
Links monetized by VigLink