The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I've been away for a week and just come home and turned my PC on - seems FREEOLA has been hit by "b00gle" a hijack virus - three of my sites were hit at 00.22 on Friday 4th June.
The index page gets changed adding an IFRAME linking to:
http://www.b00gle.com/fa/?d=get (DON'T VISIT THIS LINK WITHOUT CURRENT VIRUS PROTECTION!!!)
- after having a quick read this virus attempts to install various XXX type toolbars and popups!
Sorry if this is documented else where but thought I should post a warning ASAP...
I'll send some emails to FREEOLA staff as they don't seem to visit this forum very often?!
GWD.
The index page gets changed adding an IFRAME linking to:
http://www.b00gle.com/fa/?d=get (DON'T VISIT THIS LINK WITHOUT CURRENT VIRUS PROTECTION!!!)
- after having a quick read this virus attempts to install various XXX type toolbars and popups!
Sorry if this is documented else where but thought I should post a warning ASAP...
I'll send some emails to FREEOLA staff as they don't seem to visit this forum very often?!
GWD.
Page:
You cannot take something down you do not host without themselves breaking the law (i.e sending them Denial of Service Attacks), the only thing they can do is complaing and provide the evidence with it to whicher company is hosting them and the registrant agent, b00gle.com may have had nothing to do with this but it is certain the site affected every pc it went to with 4 java virus's 3 spyware applications including one containing a trojan. One big problem I can see is that its hosted on a service which allows to host from dynamic ips so site is probably being hosted somewhere very obscure.
Name Server: NS1.SMARTDNS.ORG
Name Server: NS2.SMARTDNS.ORG
Name Server: NS1.SMARTNIC.ORG
Name Server: NS2.SMARTNIC.ORG
As always you should have an up to date virus scanner if you don't get one or pop over to http://housecall.antivirus.com .
"Quick enough to send me the latest ps2 game offer."
You do realise Special Reserve and Freeola are two completely different services and therefore have different staff
Name Server: NS1.SMARTDNS.ORG
Name Server: NS2.SMARTDNS.ORG
Name Server: NS1.SMARTNIC.ORG
Name Server: NS2.SMARTNIC.ORG
As always you should have an up to date virus scanner if you don't get one or pop over to http://housecall.antivirus.com .
"Quick enough to send me the latest ps2 game offer."
You do realise Special Reserve and Freeola are two completely different services and therefore have different staff
It would be interesting to know what Freeola intend to do about this.
Apart from securing their systems and removing the offending link I think they should take action to close the b00gle.com site.
b00gle.com are listed on the whois server of www.directi.com
They seem to be based in India, but they seem to have registered through Esthost in San Francisco.
Apart from securing their systems and removing the offending link I think they should take action to close the b00gle.com site.
b00gle.com are listed on the whois server of www.directi.com
They seem to be based in India, but they seem to have registered through Esthost in San Francisco.
Do you reckon the engineering work is the reason why its taking ages to FTP up to my web space today?
i wondered where that, un-removable xxx toolbar came from.
thought i'd been a bad boy
thought i'd been a bad boy
The latest infection was around 21.30 last night - again it only seems to be affecting servers 7 and 8.
I have a number of domains that are on these servers so it's not very amusing :(
The FREEOLA status page hasn't been updated since Friday - http://freeola.com/support/networkstatus.php
The status page and recorded phone message both say staff are "enroute to our hosting centre" - it must be a long way away!
I have a number of domains that are on these servers so it's not very amusing :(
The FREEOLA status page hasn't been updated since Friday - http://freeola.com/support/networkstatus.php
The status page and recorded phone message both say staff are "enroute to our hosting centre" - it must be a long way away!
Can we all copmlain then until they do something about it?
When anyone visits the site that knows me or is not that used to computers their initial reaction is to ok things. This is doing damage to us and will reflect badly on Freeola.
Where is their statement - we are dealing with it?
Quick enough to send me the latest ps2 game offer.
When anyone visits the site that knows me or is not that used to computers their initial reaction is to ok things. This is doing damage to us and will reflect badly on Freeola.
Where is their statement - we are dealing with it?
Quick enough to send me the latest ps2 game offer.
Yeah happening to my XboxRules.com as well, glad to know it isnt just me :)
I have just found it in the 3 sites I have.
How did it get there ?
Apart from reloading the web pages are there any other files / directories to lookout for ?
Doesn't fill me with much confidence about the server security.
Any other info would be useful.
Thanks
How did it get there ?
Apart from reloading the web pages are there any other files / directories to lookout for ?
Doesn't fill me with much confidence about the server security.
Any other info would be useful.
Thanks
Update:
For any FREEOLA customers that had previosly repaired their sites - you should check again as the virus hit again this morning (11.30ish).
The virus targets index pages in the root and any directories you may have. Seems to be affecting accounts ending in 7 and 8.
Spoke to FREEOLA support today as they did not seem aware it had happened again.
Going through the Customer Sites links, I notice there are still many sites that are still infected...
Oh! - Thanks for your input monkey_man :P
For any FREEOLA customers that had previosly repaired their sites - you should check again as the virus hit again this morning (11.30ish).
The virus targets index pages in the root and any directories you may have. Seems to be affecting accounts ending in 7 and 8.
Spoke to FREEOLA support today as they did not seem aware it had happened again.
Going through the Customer Sites links, I notice there are still many sites that are still infected...
Oh! - Thanks for your input monkey_man :P
My site got the boogie virus - it couldn't stop dancing the jive for days, then it did jazz hands, echoed the word "Mammy", and deleted it from the root up. Again, I'd like FREEOLA to look into this, as I believe the ghost of Al Jolson is haunting SR towers.
Page: