someone used a cheesey tactic to refresh browser content and hence redirect to the above location.
basically a poor man's hack.

Sorry, i corrected it as soon as i was able to do so. thanks to all those who have let me know :)

Poor man's hack, maybe. It was nevertheless a successful xss-attack (http://en.wikipedia.org/wiki/Cross_site_scripting). Shouldn't really be possible on a quality forum like this. Have you reported this to Jelsoft?

Quote from karl

someone used a cheesey tactic to refresh browser content and hence redirect to the above location.
basically a poor man's hack.

Sorry, i corrected it as soon as i was able to do so. thanks to all those who have let me know :)

How did you correct it?

I moved the thread into a junk subforum, hidden from the vast majority of users. I've been reporting it to pertinent groups so they can ban the pertaining IP address and keep an eye out etc.
Again, apologies for the distruption. Usually I'm on top of spam and such, but this caught me in my hours of sleep.

Yes, it has been reported to Jelsoft in the appropriate area, and other groups too (google adsense being one ;) )

Quote from karl

I moved the thread into a junk subforum, hidden from the vast majority of users. I've been reporting it to pertinent groups so they can ban the pertaining IP address and keep an eye out etc.
Again, apologies for the distruption. Usually I'm on top of spam and such, but this caught me in my hours of sleep.

Yes, it has been reported to Jelsoft in the appropriate area, and other groups too (google adsense being one ;) )

Which thread? I was getting it on the main page. How did you figure out which post/thread was causing the problem?

Quote from zenpriest

Which thread? I was getting it on the main page. How did you figure out which post/thread was causing the problem?

Prior to even knowing of it, I collected my emails - which include any private messages from this board.
As it was, I had three members reporting this problem via PM and Bola, being the first, also kindly gave me a direct link to the relevent thread. Hence, the first link I clicked took me straight to it, so I just moved it from my mini-moderation panel below each thread.

So really, the techy questions should be directed to him LOL as he found it.

In that, there had only been a small amount of posts between me going to bed and getting up, so it wouldn't have taken too long to locate it. But that doesn't detract any gratitude I have to bola, yourself and Brad for having informed me of the issue.

Much appreciated :D

Quote from karl

I moved the thread into a junk subforum, hidden from the vast majority of users. I've been reporting it to pertinent groups so they can ban the pertaining IP address and keep an eye out etc.
Again, apologies for the distruption. Usually I'm on top of spam and such, but this caught me in my hours of sleep.

Yes, it has been reported to Jelsoft in the appropriate area, and other groups too (google adsense being one ;) )

Any chance of your finding out who the offending party is? I'd be interested to know if there was a political motivation.

Turkish scum.
When I was a CHANOP for AOL chatrooms, the vast majority of troublemakers and spammers were Turkish origin... I guess some things don't change.

BTW, it's also fairly easy to spot the offending posts... just look for thread topics that hold basic HTML commands and it's almost definately that post.

I knew it was some prat up to no good,
Shows we are hitting some sciatic nerves though does it not?

Luckily, I'm fairly well versed with most web applications and that gives me some advantage. I located information about this hack being used on forums such as this and found that it can only be used when in conjunction with a plugin for the forum. Although the specific plugin mentioned wasn't the same as I used here, I have uninstalled the 'top 10 stats' as that was the most likely culprit. Hence, this should not be happening again, hopefully :)

What the cracker did was: place a "meta refresh" tag in the subject line of the post, and somehow, with some xss voodoo, bypass the forum's html filter. Since the stats plugin lists all the latest subject lines, the "meta refresh" tag redirected the browser as soon the stats were loaded.

Since my IE is set to safe mode (never use IE normally), I could see the offending post without being redirected.

It's a pity the stats were sacrificed, Jelsoft should really update their xss filter. I hope you will be able to put it back later, they were useful.

The author of the stats plugin has been notified by myself, and at least a few others. Jelsoft have also been informed by myself and many others :)
The one group using it were themselves using the same forum software as here, and when i informed jelsoft I did enquire if their license would be revoked due to the nature of the abuse. Also, I informed google adsense as they're (the hakcers) are using unorthadox methods of creating page impressions/pageloads.

turksecurity.org (or whatever) were using vbulletin? That's how they knew the code. Good idea to inform google and jelsoft.

I don't think the problem lies with the plugin though, the input should be filtered when a post is submitted and that's clearly vbulletin core code. But filtering against xss is very difficult.