Cosmic Echoes…by Rich Fleetwood

[ Reading time: 4 - 6 minutes ]

Hi friends,

Here is an update to the hack attack on SurvivalRing yesterday, as mentioned in the email below.

This hack attack seems to have darker overtones than I originally suspected.

While I believe the hack was as I stated yesterday ( a web bot spamming program, which gained access to the site via php script vulnerabilities), I’ve done a bit more research on the destination website that all the spam links were pointing to.

Every one of the nearly fifty hidden links point to a hacked website hosted in the middle east…

hxxp://qasweb.org/library/universe/online/?page=49 (link disabled on purpose)

A quick search found an arabic language based website is the home of

http://qasweb.org/

This is the Qatif Astronomical Society forum website…in Arabic.

You can view a mostly translated into english version here (google cache file)

Following the path of the hacked files, we see this…

http://www.qasweb.org/library/

which gives a directory listing of several ebooks on astronomy. Adding the next sub folder of the hacked site gives us this, and a few images

http://www.qasweb.org/library/universe/

again giving us info on the next location, the /online/ folder, which shows an update done to the folder at
02-Aug-2007 04:33

their time.

Clicking on the /online/ folder (DANGER>>>DON’T DO IT!) opens the folder, where there is contained an index.htm file, which automatically forwards you to

http://online-inform.biz/pharma/search.php?q=cialis

A spammers paradise…DO NOT CLICK ON ANYTHING THERE….don’t support this stuff.

Next, a google search for the Qatif Astronomical Society brings us to this page,

http://www.jas.org.jo/arab.html

Where we find that the Qatif Astronomical Society is based in Saudi Arabia…and
as you know by reading the daily news, the US has had a lot of issues with Islamacists
targeting US citizens, military, and interests, while either in Saudi Arabia, or near.

Whether or not the Qatif Astronomical Society is part of this, I can only say that
all the hidden links go to their website, to a hidden (and possibly overlooked folder on their site),
and then forward to the spam selling website.

I’ve been told my site is considered important (yes, really) in some mighty high places,
and just recently (this week)…from more than one source.

With these two pieces of information, the source of the problems originating from the
middle east, and the potential to wreak havoc with search engine standings for the
SurvivalRing website and therefore cause problems with Americans finding all the life
saving info on the site, it is very disconcerting.

If an orchestrated attempt HAS been made, rest assured I will be forwarding this info
to the proper authorities.

Again, thanks to all of you for your longterm support of SurvivalRing these past ten years.
Who knew that in 1997, when I started this website up, that we could have such a global reach
and help so many people in times (or before times) of need.

Look for any updates on this story at my blog, which can be found at

http://www.cosmicechoes.org

Rich

On 8/2/07, Rich Fleetwood wrote:
>
> HI Friends,
>
> Sometime after midnite this morning, Aug. 1st, SurvivalRing’s entire website was hacked by a bot program that added spam link code to over 110 directories into the index webpages. This is causing some pages and web sections to not load.
>
> The site should mostly work without issue but some pages may be slow to load. The issue is simply hidden links, not any kind of malicious software…simply a nasty rotten way to create links to a horrible website hidden on some poor slubs website, trying to sell crap like cialis. My site was not the only one affected on the server…and this issue has affected lots of folks.
>
> It’s a mess but it’s not a major disaster…but I’m going to be busy for most of the next couple of days, cleaning the code out.
>
> Sorry for the inconvenience…
>
> Rich

–