Skip to main content

Gearslutz Exploit Warning!

Looks like Gearslutz.com has been exploited by a P O R N ring today. They are running very vulnerable software and modifications so its to be expected.
Never the less, stay clear of it until its resolved otherwise you pose risk of your computer getting viruses or your ip being harvested. Most likely ip harvesters are mining ips's. That means its like surfing **** sites when you go there. Bad for studio computers !

Be Warned.

cross reference
http://recording.org/studio-lounge/52204-gearslutz-hacked.html

Comments

antiuser Thu, 03/01/2012 - 16:30
Yeah, if it was a DNS exploit then it will depend on whose DNS servers you're using. I'm also in the Pacific NW and I did not see anything wrong at the time of my posting. Clearing your browser cache wouldn't do anything, you need to wait until your DNS server receives the update from gearslutz's hosting company with the IP change.

audiokid Thu, 03/01/2012 - 23:15
The danger visiting any P O R N site is they harvest ip addresses so they can send you inappropriate content in forms of spam. Each computer has its own ip address so this means they know where you are once you visit them. Having all the GS members was a gold mine for them. Depending on what they do with your IP is unknown. Most of the time its spam and the worst case its getting access to your computer for other reasons.

Thats it in a nut shell. Its a very bad thing that happened to Gearslutz.

Member Fri, 03/02/2012 - 05:19
Typically, you can reboot your home router which *should* give you a new IP address (a great deal of ISP's, at least in EU, refresh the issued IP when the router boots up).

Providing you have some form of security (more applicable to Windows machines than Macs but don't ignore security software), you shouldn't see too many problems from this IMHO. Just annoying for anyone who might've been looking for opinions on gear last night :-)

antiuser Fri, 03/02/2012 - 16:01
audiokid, post: 385446 wrote: The danger visiting any P O R N site is they harvest ip addresses so they can send you inappropriate content in forms of spam. Each computer has its own ip address so this means they know where you are once you visit them. Having all the GS members was a gold mine for them. Depending on what they do with your IP is unknown. Most of the time its spam and the worst case its getting access to your computer for other reasons.

Sorry but this is not at all correct.


1. Pørn sites will log your IP address, yes. In fact any site will. Even the one you're looking at right now. And they can tell your geographic location sometimes down to a zip code based on your IP address, but they cannot send spam to an IP address. They have no way of knowing your email address unless you type it somewhere on the site.


2. Each computer doesn't necessarily have its own IP address. For instance, if you have 3 computers in your house which are all connected to the internet via a router (be it wireless or wired), they will have internal IP addresses, but there is no way for a site to collect those. All the site can see is your network's IP address, not the individual computer.


If you're on a Mac, there is very little danger to your computer save for a few pesky ads and popup windows. If you're on a PC, you should be running a firewall and anti-malware software. The only thing they can do with your IP address is try to connect to open ports on your computer which might let them run services remotely. Most consumer-level cable modems and routers will have built-in firewalls which, unless you specify you want port X to forward to computer Y, will automatically close those ports and disallow connections.


In short: Unless you have entered your personal information somewhere on the spammer's site, you will not be the target of spam. You might be infected with malware if you're running Windows and should run an anti-malware scan with the program of your choice.

(Note to the moderator: I forgot I wasn't signed in the first time I tried to post this, so disregard the unregistered post)

antiuser Fri, 03/02/2012 - 16:03
And also, if this was a DNS exploit rather than an actual site hack, the Gearslutz database shouldn't have been affected or compromised at all, which means the member data might be safe, but that's sort of a stretch... if someone can get into the DNS settings they should be "good" enough to get into the host.

audiokid Fri, 03/02/2012 - 17:52
I've been asked to comment a few times since this was posted.

As much as I hope this is only a DNS typo for you, I hardly doubt it now or later when the next big exploit happens. GS is a sitting duck. There have been ample warning about the vulnerability with some gearslutz mods including the use of your old and dated vbulletin version. Although I see you are using the lastest vbseo version. I would bet money that gearslutz is very vulnerable because of how you've allowed so much crap , global registered users from spam countries and uploading of really stupid signature pics etc. Big topic.
You couldn't pay be enough to do what you are going to have to go through this next year. GS is so dated and IMHO, using really risky add-ons that you are locked into. You've built a site around dated hacks and hacks that will not be supported if you upgrade to a secure board.

It ain't looking good IMO.

best wishes.

antiuser Fri, 03/02/2012 - 17:55
Are you talking to me? I don't work at gearslutz and have no affiliation with them. All forum software has exploits. If they don't keep theirs updated, they may well be hacked and compromised. Someone posted on this same thread saying it was a DNS exploit and that's what I went off of. I never saw the "hacked" version of the site. I'm not sure how you went from that to thinking I'm affiliated with gearslutz, I was just trying to explain that some of the stuff you said is not really correct.

Tags

x