DCP infected?

[N.E. Brigand]

I've also noticed this problem for the past three weeks or so. If I'm not at my own computer, i.e., one without DCP bookmarked, I visit the site by Googling "Drum Corps Planet". That brings up a main listing for the DCP homepage, and six sublistings below, one of which is "Forums". If I click on that link, it leads me to another site. (So I go back to Google --which the other site doesn't want to let me do-- and select the DCP homepage and proceed from there to the forums.) It's happened in both Firefox and Explorer. But it doesn't happen all the time. It just happened to me now, which is why I came to the Member Service Center to see if anyone else noticed, but now I can't make it happen again in a separate tab or in the other browser. If it's not a problem at your end, is it possibly something that should be be brought to Google's attention?

[Jeff Zehner]

Yes, there seems to have been a problem at onetime in the recent past, perhaps with this site (forums) or their name servers (unlikely). Google cache files (the ones used for speedy searching) have http://www.drumcorpsplanet.com/forums/ pointing to a bogus url4short.info site. When searching for "DCP" on Google you will get an entry for dcp forums, and the first time you click the link you will see the re-direct page to a presumed trojan site (seemingly no longer there.) However once you go back and click on the Google provided search results, the 'real' Google search data will be used (no the cached version) and you will be directed to the correct URL; Http://www.drumcorpsplanet.com/forums/

I'm not sure how to remedy, as would require Google to update their cached search entries. Perhaps updating the keywords for the might prompt a change in a few days? Or if registered with adwords, maybe an update?

[Pete Freedman]

An update: This is apparently caused by a security problem with vBulletin, so if that's what DCP is using, then a configuration fix is necessary. Here is one of many sites describing the problem and solution:

http://abhisays.com/...short-info.html

The bad news is the author claims the intruder (human or computer) may have access to the sql database.

If this is not a vBulletin site, do a google search on whatever your forum software is, plus url4short.info or url2short.info (both seem to be redirect targets).

Usually in a case like this I would first suspect the users' computers to be infected, but this time it may actually be the server (DCP). Then again, it could easily be malware playing with the users' hosts files.

Good luck.

[JohnD]

Thanks for the info. We'll continue to be vigilant for these sorts of nasty bits. No - we're not running vBulletin.

[SFZFAN]

Some really strange behavior from DCP today. Asking me if I want to continue running a dangerous script when I try to bring up the forums. I've done full scans on my laptop so I know it's not me....

[JohnD]

I've just run a couple of scans on the site and can't find any problem with 'malware' or "dangerous scripts". If you'd like to send me a screen capture / more details - I'll be happy to investigate. support@drumcorpsplanet.com

[Jothcra]

Chrome keeps sending me to this page whenever I click any links to DCP or any links within DCP.

[JohnD]

Yep - looks like a problem with our Advertising Banner server including references to a "googlecodehosting.net" site, which is tagged as being a known 'malware distributor'.

I've taken our Banner server offline until I get it sorted out.

UPDATE: The Banner server has been restored to service after the offending references were removed, the system cleared, and scanned for malware.

[lindap]

I've had Java viruses on 2 workstations over the past few days both on Windows 7. I'll try to monitor and capture screen prints at both computers. It's intermitent and funky.

[jdmello]

I'm having the urlshortener.info problem that other people are having. Someone already mentioned similar issues above me too.

http://abhisays.com/tips-and-tricks/how-to-fix-forum-redirecting-to-url2short-info.html