Archive for myfreeforum.org Before posting please check the "stickies" in the support forums.
Please ask questions in real English and not "txt". You will get a better response.
Please do not ask support questions via PMs.
 


       myfreeforum.org Forum Index -> What's new? Announcements!
myff admin

myfastforum.org problem

It seems that an unauthorized change of DNS servers has happened at our dotster registrars.

I have changed them back and changed passwords, but this is obviously a worry.

Forums effected should be back to life soon.
Michael Crane

Thank goodness.

Do you know what's happened?

Could it have been a malicious attack?
NeuralDream

Still no change for me.
myff admin

There is no doubt that this is a malicious attack performed at the registrars.

Given our password there is secure and unique, there is a big question mark on how,

recovery will be erratic, nameserver changes can take 24 hours at this level
Bradbury

Some of my members are back on, but I still can't.
~Olly~

still out here as well

Bad Virus, needs a good smack..  

http://desertislandbookclub.myfastforum.org/index.php
myff admin

rebooting may sort it for individuals.
Bradbury

myff admin wrote:
rebooting may sort it for individuals.


Just tried that but it didn't work.  
Bradbury

One other thing ...

When I get the error under "The domain that you are trying to use does not exist. Please click on one of the links below to help find your site" is box which has "Search the Web: and a box next to it ... when I click on the box it has a drop down which gives my two myfastforum login names - how has it got both of them!
myff admin

I'm not sure what you are seeing, remember though your browser probably has some memory of forms, and wherever you are ending up may be trying to take advantage of that.
Be careful! this is a criminal attempt to do nasty things.
Bradbury

This is what I see (screenshot) ... and if I click in the search  it was bringing up my forum name and my editor name as drop down options ... (not sure if it means anything to you, but just in case)

I have now cleared all my cookies, history and passwords just to be safe.


Click to download file
Mis

I've just lost
thechattery.myfastforum.org and thefluffybunny.myfastforum.org again

The domain that you are trying to use does not exist. Please click on one of the links below to help find your site.
myff admin

opendns is now mostly right on its results.

google dns is still wrong.
NeuralDream

Still not in.
adesalis

I changed my DNS to opendns earlier and was then able to access the airfixtributeforum, but it has just fallen back to the malware site. Good luck sorting the nasties out.

Just to reiterate to everybody - do not click on any of the links on the "Domain does not exist" page!
myff admin

its all very strange, access to the registrar is controlled our end by a secure password system, and nothing in the audit logs shows an issue.
All PCs accessing the registrars are Linux and thus fairly safe from malware, and for that matter the registrar has not been accessed in months.
We have been promised an investigation, meanwhile there are still problems out there I am seeing slight improvements but it is plain that there are systemic problems on the internet when it comes to recovering from this sort of thing.
myff admin

google dns now seems right.

dotster are saying they have no audit trail as to what happened

That is a serious bad mark against them, they were my recommended registrar, but domains are something that need a serious level of security. Them allowing a nameserver change or them being hacked without any trail is just useless at that level of importance.
Bradbury

Still can't get on  
Bradbury

If I use a Free Proxy site and plug in my forum address I can view it. Whatever has been done it looks as if they are blocking IP addresses.
Mis

I was able to post on http://thechattery.myfastforum.org half an hour ago and now it's gone again.
Mis

Mis wrote:
I was able to post on http://thechattery.myfastforum.org half an hour ago and now it's gone again.
And now it's back.
~Olly~

still got no access this morning

any idea if and when it can be fixed pretty please

http://desertislandbookclub.myfastforum.org/index.php
myff admin

Unfortunately we are not in charge of the internet.

I'm seeing the same issue myself with my ISP getting to the highjacked domain.

As we can do is what has been done which is to secure the domain to the right DNS and wait.

As posted before, sometimes the PC itself will cache the bad result. But the basic fact is that at the moment I can detect that the issue is still there in the wild as well, so that may not work for you.

I'm really sorry about this from every perspective   and there is a very big question of where this happened.
adesalis

DNS changes can take up to 48 hours to propagate to the far flung corners of the internet (this is unusual, it's normally a few hours). If you're still having problems with your internet provider's DNS servers, you can manually override them.

Have a look at this Microsoft article for Windows 7 on how to change them (you need to select IPv4, then step 6 to set DNS), if you've got another WinOS it should direct you to the relevant instructions. Most people are probably already using IPv4, so you're unlikely to need to install it (as it notes at the bottom of the page)...
http://windows.microsoft.com/en-gb/windows7/change-tcp-ip-settings

The IP addresses for OpenDNS are 208.67.222.222 and 208.67.220.220. OpenDNS was the first one for me to get back on last night and is resolving correctly this morning.

Once done, reboot your computer and you should be ok.
myff admin

OpenDNS provide the ability to reset their cache.

http://www.opendns.com/support/cache/

At the moment they seem entirely clean. But even that has been in and out a bit.

It was clean in the early hours, but there was a bad record at 9am.
~Olly~

adesalis wrote:
DNS changes can take up to 48 hours to propagate to the far flung corners of the internet (this is unusual, it's normally a few hours). If you're still having problems with your internet provider's DNS servers, you can manually override them.

Have a look at this Microsoft article for Windows 7 on how to change them (you need to select IPv4, then step 6 to set DNS), if you've got another WinOS it should direct you to the relevant instructions. Most people are probably already using IPv4, so you're unlikely to need to install it (as it notes at the bottom of the page)...
http://windows.microsoft.com/en-gb/windows7/change-tcp-ip-settings

The IP addresses for OpenDNS are 208.67.222.222 and 208.67.220.220. OpenDNS was the first one for me to get back on last night and is resolving correctly this morning.

Once done, reboot your computer and you should be ok.
So if I am reading correctly it could take 48 hrs for all the DNS servers to right themselves again?

Am only asking cos some of my members are not that tech savvy at all and don't want to give them that link if I don't have to.. I am a bit techy but not great  and don;tw ant them to try to make changes then mess their machines up.. one of my members can blow their machine up by just brushing past it

if we are likely to be ok and up and running again by tomorrow then that is ok til then. .there's only a few of us and we have FB for most but not all and tis not ideal. .we like our cosy forum home . .
adesalis

It's not something I've experienced before, someone must be injecting it at a fairly high level somewhere for it to propagate like that. I also had intermittent issues with opendns last night but it appears stable this morning for airfixtributeforum. Famous last words!

Did you notice the links on the malpage all pointed to areasnap? Who are they? I can't find much on the net, quite a few DNS hijack reports for that site linked to other affected sites in a similar way (saw one dated back to 2011).

And to Olly, yes, it may take some time for this to clear up, providing that the injection has been stopped. The manual DNS change is a bit techie, it's difficult as well because there are so many operating systems out there, the instructions are all basically the same but are a bit overwhelming for the average user. It's probably not worth posting the link on your forum, when people see it, they will be working properly again anyway. People on the main ISPs should get back to normal quickest. I feel for you, I also missed my cosy forum home
~Olly~

Thank adesalis. .if only I could post it on my forum... I've put the link on a Fb message we have going..  but am worried that it is too techy for some of them.. one friend in France only has to walk past her PC and it blows up..

Would it be better to change a router to use open DNS rather than the PC's TCP/IP settings. . after all it goes thru the router anyway. .or am I losing the plot. .got a headache already this morning.. .too early for this sort of talk


having said that another friend did post late last night as I got a notification thru but they've just gone on their hols are were in southern France so on a completely different IP than they'd usually use.. just a shame none of us can get in to see what they said
Michael Crane

adesalis wrote:
...... I feel for you, I also missed my cosy forum home

It's like having a sick child and there's nothing you can do except say, "there, there."  
Requoil

Hi guys, falconowners forum is also still off, and I get a message saying that the forum does not exist. Though I have become the main admin for the forum, I know very little about computers and viruses. I have been contacted by other members asking what is going on, and other than saying there may be a maleware problem, I have no idea how to rectify the issue. Any help would be VERY MUCH appreciated :- )

By the way, we no longer have a true "main admin" who has access to "log actions" or "log config", so as the original founder cannot be contacted, how to I gain access to the logs?

I am happy to leave my email contact details.

Oh, this is the screen shot that my Avast anti-virus puts up when I try to login at the falconowners forum.


Bradbury

I am on using a secure Proxy SSL site - seems using their IP address gives me access. Not a long term fix, but at least I am on.
Michael Crane

Bradbury wrote:
I am on using a secure Proxy SSL site - seems using their IP address gives me access. Not a long term fix, but at least I am on.

I wish I knew what you were talking about. Sometimes I regret not studying computers more after purchasing my very first ZX81.  
Haydn

Mine is still down.

http://renaultsport.myfastforum.org/
Hawk

My site has been down for over 24 hours, and nobody can access it
myff admin

the virgin ISP nameserver which I am on, are now erratically reporting the right addresses. Which is a step up from always being wrong.

as I have said, there is nothing we can do to speed things up and all you can do is either wait or change nameservers which is either within you technical abilities or not and liable to give you more problems.

even opendns are still sporadically giving the wrong address out
Hawk

So what you are saying...is just be patient and things will fix themselves sooner or later?
Michael Crane

myff admin wrote:
the virgin ISP nameserver which I am on, are now erratically reporting the right addresses. Which is a step up from always being wrong...(

I am with VM. I am in Lincoln, possibly via Nottingham . . . and I can't access any forums, mine or the others reporting the same issue.
~Olly~

thanks for keeping us informed...

For now I have told my members to hold off until tomorrow and if it still persists we'll find a way that I can talk them thru in simple baby steps what to do to get in..  that also providing I can get in myself
Michael Crane

~Olly~ wrote:
.... we'll find a way that I can talk them thru in simple baby steps what to do to get in.. ...

Send me the instructions via PM, will you?

Thanks.
Hawk

Michael Crane wrote:
~Olly~ wrote:
.... we'll find a way that I can talk them thru in simple baby steps what to do to get in.. ...

Send me the instructions via PM, will you?

Thanks.


I could sure use those instruction's myself
~Olly~

haha I've not done it myself yet. when I have I'll convert it to baby steps for you all. .for now am waiting until tomorrow and just hoping it will all sort itself out..

I am wondering if the router I use could be set up to connect via an open source DNS rather than VM one.. but the new super hub allows you to do less than the old ones did. . plus I have an XP desktop and Win 7 lappy so slightly different baby steps. .


i may also be talking a load of rubbish too .. . but it looks techy
Hawk

~Olly~ wrote:
haha I've not done it myself yet. when I have I'll convert it to baby steps for you all. .for now am waiting until tomorrow and just hoping it will all sort itself out..

I am wondering if the router I use could be set up to connect via an open source DNS rather than VM one.. but the new super hub allows you to do less than the old ones did. . plus I have an XP desktop and Win 7 lappy so slightly different baby steps. .


i may also be talking a load of rubbish too .. . but it looks techy


Thxs Olly in advance, any help would be appreciated....Lets just hope the Web Master sorts things out for us......He's a genius, and I never understand what he's talking about  
Hawk

I would like to add, when I try and open my site, my security system says, we have successfully blocked a malware site.
leo

My forums are still down too.
Let's just be patient...it's the weekend anyway,isn't there anything else to do than being online?  
~Olly~

leo wrote:
My forums are still down too.
Let's just be patient...it's the weekend anyway,isn't there anything else to do than being online?  
Not if you're agoraphobic and your world is online
leo

...gone are the old days when kids went outside to play and adults sat down a read a book........        

The real world is still out there I think.
Michael Crane

leo wrote:
...gone are the old days when kids went outside to play and adults sat down a read a book.........

You've got a long memory, that hasn't happened for a generation!  
~Olly~

my forum is a bookclub :p

Well it is also a chat place too
Michael Crane

I read a lot . ..  but nowadays it's on the Kindle or Kindle app on the iPad.
leo

~Olly~ wrote:


Well it is also a chat place too


we've already hijacked this thread....
leo

Michael Crane wrote:
leo wrote:
...gone are the old days when kids went outside to play and adults sat down a read a book.........

You've got a long memory, that hasn't happened for a generation!  


Go ahead do your thing and just call me "old"..  
Michael Crane

Can you top 65 next January?  
leo

Certainly not.

Can you?
Michael Crane

Can't top it . . . but I wil be able to match it.  
~Olly~

in the meantime we are all still unable to get into our forums still?

I know I still can't get into mine  
leo

~Olly~ wrote:
in the meantime we are all still unable to get into our forums still?

I know I still can't get into mine  


Yup,it's still the same problem.

Good thing this forum works.
Bradbury

My ISP is TalkTalk (Tiscali) and I have just got access  
Requoil

falconowners forum now back on. Thank you for the help.
~Olly~

One of my members got in on her ipad an hour ago. . she uses VM as do I but I still can't get in
Bradbury

Apparently Sky ISP users are back on too.
leo

My forums are back on too....yay.....    
myff admin

It is all "you mileage may vary" I have just driven down to where we live in the week mostly, and that has done the trick for me  

But changing towns is a bit drastic, when we set out virgin were still mostly wrong, here is sky and seems all right.
~Olly~

Just curious to know how you found out Virgin was mostly wrong... is there a place you can go to check. . can you tell us or is it a secret :ninja:

just being nosey while I wait for mine to come back...
myff admin

on linux you just type in:

dig myfastforum.org

at the command line.
Windows I'm sure has an equivalent somewhere.
We don't run any windows systems, which is why I don't think this was malware our end. Linux is very safe in that regard.
leo

I'm in the US and have nothing to do with your UK phone/Inet providers.

It must have been a server problem.
~Olly~

myff admin wrote:
on linux you just type in:

dig myfastforum.org

at the command line.
Windows I'm sure has an equivalent somewhere.
We don't run any windows systems,which is why I don't think this was malware our end. Linux is very safe in that regard.
can't find an equivalent cmd for windows just loads of places saying to download software to run the linux dig cmd.. Don;t really want to got thru all that .. Google was not my friend that time
Yankale

I'm on again, but this was scary...
myff admin

Still is scary, it is so random and so incomplete. If this really is/was our account being compromised, why just myfastforum and why was I able to get back in and put things right so easily?

I'd like an answer here, if for example when I was in London on a hotels wifi a week ago I had logged into Dotster there would be a smoking gun... well actually there would not be, because (1) it did not happen and (2) the dotster login is https, but you see what I mean. I want to be able to point to something here.
~Olly~

two of my members have managed to get back in. .both at opposite ends of the country. .I still can't

http://desertislandbookclub.myfastforum.org/index.php
myff admin

virgin is still giving the wrong ips. I have sent a report to them. But ISPs are not exactly good as a rule on dealing.
~Olly~

oh that's  a pain but thanks for letting them know.. hope they get their finger out soon .. into second day of it now..
myff admin

I'm not saying this is over, but virgin have started serving the right ips.
Basically any legit ISP/nameserver will sort itself sooner or later.
But in the arcane world of DNS that process can be very erratic.

e.g. with virgin earlier today it went from wrong to 50/50 to actually looking worse than that, it is now for me at least for the moment looking 100% right.

But I would not stake anything that it will be the same for everyone and won't regress for a while.
~Olly~

still no joy here.  VM customer. .turned router off for a while and cleared cache/cookies etc on puter but still no luck.. .usually turn router off at night so am hoping I can get in tomorrow. .if not dunno what to do otehr than changing DNS servers in router to open source and am pretty sure Virgins new routers/hubs stopped allowing us access to that part. .
Michael Crane

OK, just logged onto my forum.

I hope it lasts.

Thank you Admin for all the hard work you've put in. I really appreciate it.
~Olly~

I managed to get in using coolnova browser but can;t with FF..

btw Michael we are a private forum ..a few of us girls having ladies things private chat.. so it has always been invite only sorry
~Olly~

rebooted and in on usual browser ..phew. . relief... thanks all
adesalis

Olly, sorry I've been out all day but to answer your earlier question about changing DNS settings on the router, that is fine and has the same effect. The change can be made on either your router or your PC, the machine closest to you will override any settings (i.e. if it's specified on your PC, that will override your router, and your router would override your ISP. All fairly academic now anyway as it sounds like the DNS is sorting itself out but might be useful to know in future.

Happy forum-ing everyone
adesalis

And to myff admin, agree it's a strange one. The only way I'm aware you can change the nameserver record is if you hold the tag, so it must have been done at dotster by someone gaining unauthorised access to their systems. Would be interested to hear if you do find out what happened. Thanks.
~Olly~

that's handy to know that the puter overrides the router as Virgin don't let you change the DNS to open source grrrrr . .

thanks for all your help . . head ready to explode form techiness overload.. na night :wave:
myff admin

Well virgin seem to have been fixed for close to a couple of hours now with no regressions that I have caught.

I'm hopeful that means 99% of people can be back if they reboot. The reboot is the annoying bit here as some browsers can be a pain in the neck caching the wrong addresses.
NeuralDream

Back in. Thanks you.
keith ball

http://yamahakeyboardkapers.myfreeforum.org/index.php

Getting this message on screen. Not sure what to do here.. Can you help please.

Please set DNS to 78.129.139.242 for access to your forum

myff admin

Sorry about that, it should correct shortly.
keith ball

Thank you. Seems to be sorted now  
symon

www.symonfield.co.uk
http://symon.myfunforum.org

Im also having problems and seeing this message

Please set DNS to 78.129.139.242 for access to your forum

however

http://symonfield.co.uk/help.html  (works ok so guessing its the www. that is broke and not the @
myff admin

both those seem ok to me.
symon

I`ve cleared cahche etc on firefox but on

www.symonfield.co.uk

i see this message

Please set DNS to 78.129.139.242 for access to your forum
keith ball

http://yamahakeyboardkapers.myfre...=6896c209ceec7307827db236a028cb55


Unfortunately my Forum is off again today. Did come back on for several hours yesterday but a few posts lost. Hope this can be sorted but I know you are doing your best with a very difficult situation..
keith ball

Seems to be sorted now with no problems. Been online for a few hours now. Thanks.

       myfreeforum.org Forum Index -> What's new? Announcements!
Page 1 of 1
Create your own free forum | Buy a domain to use with your forum