Irish Speed Test Website

CptSternn

I frequently use the http://www.irishisptest.com/ website hosted by Blacknight to check my download speed and have noticed for a few months now the site has been hacked, yet no one @ Blacknight has bothered to fix it.

The speedtest website itself is vBulletin, which has a long list of security issues and admins must stay on top of. I help mod a few sites that use vBulletin, so I have seen this hack before.

The malicious code in question is on the default landing page and only kicks in when someone visits from a Google search and only kicks in once per IP address in a 24 hour period.

When a user searches for IRISH SPEED TEST or something to that effect in Google, then clicks the search result they will be redirected to a spam site, which is a pay-per-click site the hacker has setup and is using people looking for Irish Speed Test to pump up pay-per-clicks to this site.

Currently all users searching via Google are redirected to:

http://smartphonegalaxy.info/a-closer-look-at-the-lg-optimus-black.html

When they try to visit the speed test site.

Try Googling and clicking the link and see where you end up.

This means hackers control the site. They have root access and can modify the actual code on this site so chances are no ones account information is save.

Just a heads up.

Anyone else out there noticed this? I sent an email to the admins back in November about this, but got no reply from the actual site. I thought if I posted it here someone might pick up on it and sort it out, seeings how this sort of thing is supposed to be reported under EU law and all...

mneylon

CptSternn wrote: »

I frequently use the http://www.irishisptest.com/ website hosted by Blacknight to check my download speed and have noticed for a few months now the site has been hacked, yet no one @ Blacknight has bothered to fix it.

That's neither true nor reasonable.
We were made aware of an issue on there a few months ago with a redirect and we fixed it. If that issue has come back we will look into it and resolve it.

CptSternn wrote: »

This means hackers control the site. They have root access and can modify the actual code on this site so chances are no ones account information is save.

Access to a redirect does not equate with "root access" - they are two totally different things.

We will look into this today, but if you had genuine concerns why didn't you simply contact me directly?

CptSternn wrote: »

Anyone else out there noticed this? I sent an email to the admins back in November about this, but got no reply from the actual site.

Where did you send an email to?

If it had gone to either the Blacknight support desk or our sales desk it would have been replied to
All our contact details are on the site, so it's not that hard to contact our technical support team if you have serious concerns.

Also, several of our staff are active on Boards.ie, we're also on Twitter, Facebook and there's phones, email etc.,

CptSternn

Blacknight wrote: »

That's neither true nor reasonable.
We were made aware of an issue on there a few months ago with a redirect and we fixed it. If that issue has come back we will look into it and resolve it.

The site which is doing the redirect is:

http://file2store.info/download.php?id=D4063E2D

That is the same one as before. You say you fixed it, but then, how did it get hacked again and with the exact same redirect site?

Access to a redirect does not equate with "root access" - they are two totally different things.

If they have the ability to modify the code on your website, that box is compromised. I can show you a dozen ways to root a box if you have file write access on the web server.

We will look into this today, but if you had genuine concerns why didn't you simply contact me directly?

I posted on the forums @ Irish Speed Test and my post was deleted - I logged in today to check. Dunno if someone there did it or possibly whoever hacked your site did it, but it is no more.

Where did you send an email to?


If it had gone to either the Blacknight support desk or our sales desk it would have been replied to
All our contact details are on the site, so it's not that hard to contact our technical support team if you have serious concerns.

Also, several of our staff are active on Boards.ie, we're also on Twitter, Facebook and there's phones, email etc.,

I posted on the forums on the speed test site. If your site/forums are hacked, then there is a good chance it wouldn't go through. Since I went back and searched again and found no trace of my original post, I assumed the site was compromised and my post deleted, therefore posted here. I figured ye would find it here sure and hackers couldn't delete my post.

This is the talk to Blacknight forum, I merely posted here as I knew these forums were not hacked and ye seem to monitor them regularly.

SachaJ

Just had the same issue when I tried a speed test. Got redirected to another site.

Also getting a 404 from http://www.irishisptest.com/runmyspeed.php

robbok

This is still happening , clicked on blacknight link from google and was redirected to some spam site

CptSternn

I'm getting it as well. The install of their forum software has been hacked and there is a line at the top which is redirecting people when they come in from Google initially.

It appears security is not a strong point of Blacknight. No offense lads, but it has been months and ye haven't got the issue sorted, or did and were hacked so quickly again that no one noticed when it was fixed for a few minutes.

kingofslaves

Still not fixed, I get this when run it