UU was hacked last night - help us fix!

rayan

Ukulele Underground Staff
UU+
Joined
Nov 25, 2007
Messages
2,391
Reaction score
56
Location
Kauai HI
Hey everybody. Got some not so great news.

Last night, UU was hacked. It looks like the vulnerability was in our ad server. We've rolled back all the files on our site and taken down all advertising for now.

We need your help though. If you see any thing suspicious, get a warning from your browser etc, could you please screenshot and email it to ukuleleunderground(at)gmail.com

I'm doing the best I can trying to fix it and make sure everyone is safe.

It's probably not necessary but I would recommend everyone change their password just to be on the safe side. Especially if you use a skeleton password.

Sorry about all of this.
 
I was going to ask because I couldn't get in this morning. I tried to send an e-mail and it was taking forever so I just shut everything down. Glad to hear you're on top of it, good luck. I don't know what I would do without UU!
 
Hmm, that explains why I couldn't access the forum until now. I'll report anything out of the ordinary, just pleased we're mostly back up and running! :)
 
Thank you guys for understanding.
 
We have reports of malware being installed on one one user's computer during the short time our server was compromised. Please run your spyware sweeper and virus scan as soon as possible if you're running a PC.

If you have any problems and malware did make its way to your computer, post your problem here and we'll try to fix it together.
 
Last edited:
When I tried posting to the Mya Moe thread I couldn't access the forum. I tried on my iphone and it popped up with some weird page. I quickly quit but it looked like it was trying to load something. I haven't been on a pc in a while but the page looked like the... not the preferences but... i think it's called the control panel. It said it was accessing my c:/ drive and it had a loading bar but obviously it wasn't because it's an iphone. When I saw that I quickly shut the page down. Hopefully it didn't do anything. I don't know if this helps at all but it is what I saw.
 
When I tried posting to the Mya Moe thread I couldn't access the forum. I tried on my iphone and it popped up with some weird page. I quickly quit but it looked like it was trying to load something. I haven't been on a pc in a while but the page looked like the... not the preferences but... i think it's called the control panel. It said it was accessing my c:/ drive and it had a loading bar but obviously it wasn't because it's an iphone. When I saw that I quickly shut the page down. Hopefully it didn't do anything. I don't know if this helps at all but it is what I saw.

Yeah if you were on your iphone, it should be ok. This warning is more for the PC people, especially those running XP.
 
when i tried to click on my notifications (from my macbook) a file began to download that my computer said was an application. i immediately stopped the download and reset my safari and deleted the download
 
when i tried to click on my notifications (from my macbook) a file began to download that my computer said was an application. i immediately stopped the download and reset my safari and deleted the download
Do you remember what the program name was?
 
Thanks everybody for helping during this really crappy situation. Aaron drove down to my place pretty early in the morning and knocked on my door til I woke up. Been working on it every since. We're really sorry for any UU member that was affected by this.
 
Just to be clear though,

the UU store (ukeunderground.bigcartel.com), UUU classes and registration, and Ukulele Uprising are all hosted on different servers so they were all unaffected. It was only the main page, the forum and our ad server
 
We have reports of malware being installed on one one user's computer during the short time our server was compromised. Please run your spyware sweeper and virus scan as soon as possible if you're running a PC.
When I first tried to access the forum this morning, I was barraged with some kind of "your computer is infected, click here" type of malware. I got a screenshot, but was unable to dismiss the pop-up alerts that were coming fast and furious (I know better than to click on them) so I had to reboot without a chance to save the screenshot.

I know for a fact that it was UU, because I have UU set as my homepage in FF (since the formatting is whack in IE8) and had just launched FF and not gone to any other pages.

After rebooting, I updated and ran both MSE and Superantispyware and came up clean. (Well, SAS always finds lots of cookies it doesn't like, but that's par for the course.)
 
When I first tried to access the forum this morning, I was barraged with some kind of "your computer is infected, click here" type of malware. I got a screenshot, but was unable to dismiss the pop-up alerts that were coming fast and furious (I know better than to click on them) so I had to reboot without a chance to save the screenshot.

I know for a fact that it was UU, because I have UU set as my homepage in FF (since the formatting is whack in IE8) and had just launched FF and not gone to any other pages.

After rebooting, I updated and ran both MSE and Superantispyware and came up clean. (Well, SAS always finds lots of cookies it doesn't like, but that's par for the course.)

Thanks for the update. Is it all clear now?
 
I left the forum open on my computer last night, this morning when I refreshed the page, I could only see the stickies at the top, and when I clicked on them nothing happened. So I went to the root site, ukuleleunderground.com, to see if someone had posted an explanation as to what was going on. I immediately got a java pop-up that there might be a problem with the website, warning me of malware on the site. This was interesting, as I'm running Ubuntu, and I don't have any software installed to warn me of malware. Instead of clicking the Ok, or the Cancel buttons, I clicked the little red X in the upper right corner. I was immediately redirected to a new web page designed to look like a Virus scan interface with a Windows My Computer look, complete with the windows defender shield logo and little green scan progress lines climbing towards completion (again, less than effective in my case, because I'm not running windows). When the the completion bars complete, the site declares your computer to be infected, and another java pop up loads, instructing you to click Ok to download the software to clean up your computer. Again I clicked neither of the buttons presented me, and instead clicked the little close prompt X in the corner, and the software started downloading anyway. Ubuntu asked me if I wanted to save the download and I said no. It was a pretty slick setup, though, and I could see somebody (my mom) clicking Ok. The first trojan horse of this nature I encountered some years ago eventually tried to sell me software to clean up the mess that it had made. And it won't let your browser(s) search for a solution to the problem (or anything else) either. You just keep getting redirected. Frustrating as hell.
 
I don't know if this might help rayan but when I tried to navigate the forum, it was pointing to some files like bt93 said before. I couldn't download it because I'm on a macbook but.. I've seen the code like when you try to download some app in your browser and you don't have any association on your OS. I guess it was a snippet or something like that...
 
I left the forum open on my computer last night, this morning when I refreshed the page, I could only see the stickies at the top, and when I clicked on them nothing happened. So I went to the root site, ukuleleunderground.com, to see if someone had posted an explanation as to what was going on. I immediately got a java pop-up that there might be a problem with the website, warning me of malware on the site. This was interesting, as I'm running Ubuntu, and I don't have any software installed to warn me of malware. Instead of clicking the Ok, or the Cancel buttons, I clicked the little red X in the upper right corner. I was immediately redirected to a new web page designed to look like a Virus scan interface with a Windows My Computer look, complete with the windows defender shield logo and little green scan progress lines climbing towards completion (again, less than effective in my case, because I'm not running windows). When the the completion bars complete, the site declares your computer to be infected, and another java pop up loads, instructing you to click Ok to download the software to clean up your computer. Again I clicked neither of the buttons presented me, and instead clicked the little close prompt X in the corner, and the software started downloading anyway. Ubuntu asked me if I wanted to save the download and I said no. It was a pretty slick setup, though, and I could see somebody (my mom) clicking Ok. The first trojan horse of this nature I encountered some years ago eventually tried to sell me software to clean up the mess that it had made. And it won't let your browser(s) search for a solution to the problem (or anything else) either. You just keep getting redirected. Frustrating as hell.

Sorry Matt, is everything ok now? or has the damage been done? Thanks for posting your experience. It will probably be helpful to others,.
 
Oh wait, now I remember my firefox spazzing out at one point. Like, it started to bring up all these blank tabs and stuff and it kept switching between my current tabs, it was really weird. Whenever something happens with my computer that I'm not controlling I often turn it off immediately. I don't remember if this was last night or the night before though =/

Also, who would make the effort to hack a ukulele forum? Go hack a Rolex forum or something, might be more beneficial.
 
Ryan - I got a hit this morning when I tried to go to the UU main page. Here's the URL of the site that Avast hit on (jpg so it won't hotlink):

virushit.jpg
 
I left the forum open on my computer last night, this morning when I refreshed the page, I could only see the stickies at the top, and when I clicked on them nothing happened. So I went to the root site, ukuleleunderground.com, to see if someone had posted an explanation as to what was going on. I immediately got a java pop-up that there might be a problem with the website, warning me of malware on the site. This was interesting, as I'm running Ubuntu, and I don't have any software installed to warn me of malware. Instead of clicking the Ok, or the Cancel buttons, I clicked the little red X in the upper right corner. I was immediately redirected to a new web page designed to look like a Virus scan interface with a Windows My Computer look, complete with the windows defender shield logo and little green scan progress lines climbing towards completion (again, less than effective in my case, because I'm not running windows). When the the completion bars complete, the site declares your computer to be infected, and another java pop up loads, instructing you to click Ok to download the software to clean up your computer. Again I clicked neither of the buttons presented me, and instead clicked the little close prompt X in the corner, and the software started downloading anyway. Ubuntu asked me if I wanted to save the download and I said no. It was a pretty slick setup, though, and I could see somebody (my mom) clicking Ok. The first trojan horse of this nature I encountered some years ago eventually tried to sell me software to clean up the mess that it had made. And it won't let your browser(s) search for a solution to the problem (or anything else) either. You just keep getting redirected. Frustrating as hell.

I'm not the person to ask about these situations, but I always try to find a way to close the window without touching it. I'm PC so often I will open up my task manager and either end the window, or find it's process and end that. Sometimes I can also just right click on the task bard and hit Close
 
Top Bottom