PDA

View Full Version : Back in Business



YellowAdmin
09-18-13, 07:43 AM
Saving to Suitors Club was hacked - but now were back!! (Yeah, I know that is pretty corny.)

Many of the features of this site have been disabled, and will remain so until it is determined how security was breached.

My apologies for the temporary loss of enjoyment!

sheepdog33
09-18-13, 08:39 AM
Saving to Suitors Club was hacked - but now were back!! (Yeah, I know that is pretty corny.)

Many of the features of this site have been disabled, and will remain so until it is determined how security was breached.

My apologies for the temporary loss of enjoyment!

i was trying to figure it out while the site was down.

what they did seems pretty common to all vbulletin hacking. its basic sql injection to php somewhere on the forum. that php kicks back an error containing most if not all of the accounts and login information sometimes containing contact info. they then log in as admin and delete/change/or lock the site.

there are videos on youtube about it. good luck David thanks for the site i am enjoying it nicely

Carl James

loveunderlaw
09-18-13, 11:45 AM
I kept being redirected to : http://bacforum.info/indexsite.html

<META http-equiv="refresh" content="0;URL=http://bacforum.info/indexsite.html">


I reported those scums to Microsoft ! I also found out that the website is located in Phoenix Arizona

http://www.geobytes.com/IpLocator.htm?GetLocation&IpAddress=192.241.145.139


I'm just glad they didn't bring down the site for good:)

David Merrill
09-18-13, 12:09 PM
Thank you all! I appreciate you sticking with the concept of remedy regardless of the medium you utilize.

These items were key to my developing the process of making demand for lawful money.

Are You Lost at C? (http://friends-n-family-research.info/FFR/Merrill_AreYouLostAtSea.pdf)

Abolish the Fed. (http://www.silverbearcafe.com/private/convincing.html)


Sometimes a good purge will work out well. It is like opening infected wounds (if you have no antibiotics). This gives us the opportunity to take what we have learned and clear out some misconstructions, promoting proper healing and forgiveness.

The Are You Lost at C? precept leads us into a probate distributions model based in canon law - Prosbul of 1666 - cestui que vie (Sadie Kway Viy) trust law. Basically this means that if no living soul is making appearances for seven (adult) years then the estate reverts to State ownership. Once Title (MSO) is registered for a specific motor vehicle under this Torrens System for example, the State can destroy that Title after only two years and continue to register Certificates of Title to the beneficiaries of the State's cars and trucks. This system leaves the State responsible for their vehicles so for budgetary reasons the general assembly then legislates insurance coverage requirements back to the beneficiary "driver/operators".

Here is how the admiralty process appears in the recourse process for the trustee/beneficiary:



http://friends-n-family-research.info/FFR/Merrill_Diagram1.jpg

YellowAdmin
09-18-13, 05:30 PM
Note: With this latest upgrade to vBulletin comes a new "mobile" theme that makes it a lot easier to browse StSC from your smart phone.

Give it a try, let me know what you think.

John Howard
09-20-13, 04:12 PM
I kept being redirected to : http://bacforum.info/indexsite.html

<META http-equiv="refresh" content="0;URL=http://bacforum.info/indexsite.html">


I reported those scums to Microsoft ! I also found out that the website is located in Phoenix Arizona

http://www.geobytes.com/IpLocator.htm?GetLocation&IpAddress=192.241.145.139


I'm just glad they didn't bring down the site for good:)

This was my experience as well. I was afraid that my computer had picked up a virus, apparently the powers that be can only resort to dirty tricks in an effort to slow down remedy. Keep up the good work!

lorne
03-25-17, 07:17 PM
Looks like the site is under attack again. After loading the STSC website, clicking anywhere on page will bring up an unwanted background window. Issue is happening on Chrome and Firefox browsers on three different devices. Doesn't happen with Brave browser.

lorne
03-27-17, 05:01 PM
Firefox is now showing the site as "Deceptive" likely due to the malware hosted on STSC server.

4808

and confirmed by Google here:
https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=savingtosuitorsclub.net

ag maniac
03-28-17, 09:18 AM
......easy does killer.........my chrome shows everything A-OK.....

lorne
03-28-17, 01:47 PM
No. Similar behavior on Chrome except adware shows in new tab not background window. Did you start that other Saving To Suitors forum?

4809

YellowAdmin
03-30-17, 01:23 AM
Someone probably reported this site to Google as one that is infected with malware. This indeed was true when STSC was under attack.

Unfortunately, this site is now listed with Google as being unsafe.

I've requested of Google to review this site to see that it is not dangerous, and to remove STSC from its list.

Google's review period takes several days. So we just sit back and wait.

I'll keep everyone posted.

YellowAdmin
03-30-17, 03:04 PM
STSC has been removed from Google's malware list. No longer should site visitors see that scary malware warning.

lorne
03-31-17, 01:30 PM
STSC still serving up adware here. Perhaps you're using ad-blocking software and don't see it?

Watch the lower left Status Bar on your browser as STSC website loads. You'll see it hit the various adware sites like onclkds.com, pub2srv, etc. Easily reproducible - go down to your local store and type in 'savingtosuitorsclub.net' into the demo computer for sale. Then click anywhere on page and watch what happens.

4810

David Merrill
03-31-17, 04:11 PM
I am still enduring popups too. I will try cleaning up my browser history and then rebooting...

george
03-31-17, 05:10 PM
FWIW vBulletin® Version 4.2.2 before the 'upgrade' to vBulletin® Version 4.2.3 did not seem to suffer these issues. never had any problems accessing this site on vBulletin® Version 4.2.2 either.

they are now upto at least vBulletin® Version 4.2.5 Beta 3 which is stable for https://forums.mydigitallife.info and Daz there is an ace on the subject who is easily accessible, live in their real time chat room.

switching to HTTPS could help prevent some of this stuff aswell, no?

David Merrill
03-31-17, 05:13 PM
I just got a bogus facebook invitation to start a new account!!

David Merrill
04-06-17, 08:19 AM
So far so good.

If you are still getting popups clear your browser data.

Thank you IT guys.

george
04-14-17, 03:51 AM
FWIW inside info on VB from a former Dev:


Internet Brands only has 1 developer maintaining vBulletin 3 and 4, but they're getting rid of him on May 26th. So other than the software being very old it's now been given a death sentence too. There will be no new features, no support and patches for vulnerabilities won't be a priority.

David Merrill
04-15-17, 08:35 AM
Thank you for that news George. We are on it around here.

george
04-15-17, 09:22 AM
Thank you for that news George. We are on it around here.

youre welcome. mydigitallife forum management has decided to switch to xenoforo software: https://xenforo.com/

which speaks volumes of the VB situation as that membership is reasonably high tech. i am familiar with a couple of other forums that use it now and made the switch early on when the development at VB started slacking.

xenoforo is alright but kinda has that childish, facebook feel to it with the like buttons and such but im sure those options could be disabled, it is fully functional and has all the expected features a forum software should have though.

MDL will be switching over next week starting on the 18th in case you want to check out how that goes. (link in previous post) they expect a couple of days downtime (offline) but it could be more or less however they will be doing extensive customizations to the software that are not required.

lorne
08-08-17, 07:56 PM
Website still infected with adware five months later. Video recorded today showing erased iPhone, setup as new (nothing in browser cache), connecting to WiFi then going to SAVINGTOSUITORSCLUB.NET
http://www.dailymotion.com/video/x5wco0b

http://www.dailymotion.com/video/x5wco0b
Each time you click anywhere on site will bring up a popup ad.


What is the significance of this?

ag maniac
08-09-17, 05:14 PM
Sorry lorne, don't see what you're seeing

Win Vista
Chrome v49
no A/V, but run a HOSTS file -- http://someonewhocares.org/hosts/

lorne
08-09-17, 08:01 PM
there are several observations.

1) The experiment with clean iPhone indicates malware resides on the STSC server. The webhost is the source of the adware, not the user or the user's browser (Chrome, Safari, etc). This experiment is reproducible. In fact Google search result on SavingToSuitorsClub states "This site may be hacked."

2) With all the members and daily views, only David Merrill and myself have mentioned any malware problem with this website... five months running.

3) David Merrill tells us to clear browser cache to fix the issue (it won't).

4) We have two users denying any issue.

Why are these significant?

David Merrill
08-10-17, 03:29 AM
Thank you Lorne. I will make inquiries.

David Merrill
08-11-17, 01:38 PM
I believe that these attacks are getting more sophisticated; I do not get any popups. All is well according to me, here.

David Merrill
08-12-17, 05:30 AM
there are several observations.



Why are these significant?

Those of you following my echo chamber exploits may have noticed that the "New Technology" involves indicting TRUMP as Executive, and as appointing the federal judges involved in "bond-dodging" as I point it out. You might also recall as I executed a directive for TRUMP to halt Executive Orders, at least on the premise of Abraham LINCOLN's 153-year war (April 15, 1861). The Trading with the Enemy Act, upon that same Extraordinary Occasion has been "Omitted" from the Bankers' Code and the Index of the EO's on the Federal Register was very disrupted for about five weeks while it looked like the Directive was causing severe Oval Office conflict.

I chronicled all that but show you a highlight that pales any Russian hacking; remember you are looking at the Index to the Federal Register - the backbone of American Jurisprudence in action:

4942

My method of besmirching the good faith and credit of the USA is a bit more of a chess endgame than I originally anticipated. Unlike my $20M Lien with the Colorado Secretary of State, where I published a Notice of Lien in BRICS national newspapers, affecting the Point System from 5 to 4 for a brief time I am helping several suitors implement the "New Technology" and this is building an indictment of negligence and malfeasance against TRUMP as the deviant oaths of office continue to be ignored, day after day - week after week.

This is really quite exciting for me, and is turning into an amazing adventure.

But I am revealing this in order to explain the gut feeling about these malicious-looking popups. For one thing, they seem only for show; to discourage new registration and diminish interest. However, there has been no slump in human readers, so I do not get alarmed that there is any real effect. People have been demonstrating that the tools are here on StSC to grow into a proper execution of remedy and redemption, even without paying me for the Lesson Plan. That is very gratifying.

The level of sophistication is revealing. I have not seen any popups for weeks and the iphone video indicates that the malware is indeed within the CODE of StSC, but that it avoids me; making it nearly impossible for me to troubleshoot. I suppose I can find somebody and borrow their computer, or maybe just their WiFi and try to find problems. Another solution might just be to keep writing in monologue like this post.

So I will leave you with a thought, that I hope you find provoking. There was never any whisper in the media about hacking, on a level that seems much more alarming than anything alleged by the Russians. Yet there it is!



4943

marcel
08-14-17, 11:42 PM
2) With all the members and daily views, only David Merrill and myself have mentioned any malware problem with this website... five months running.

No, I told em about the popup ads back in April http://savingtosuitorsclub.net/showthread.php?1405-Get-Your-Billions-Back-America-2014&p=23651&viewfull=1#post23651
and hack continued for a long time. Seems fine today though. I would expect nothing less than hacking attempts here considering the gravity of the information presented. I mean when people like me can get enough info to write a letter http://savingtosuitorsclub.net/attachment.php?attachmentid=4799
that deletes a $5000 frivolous filing threat and causes the IRS to zero my account...
they gotta try to stop folks from repeating my success.

David Merrill
08-15-17, 05:39 PM
Exactly! I think we are free of malware and the IT guys are learning.

Interestingly the Registration process was not reporting or even sending out the response emails. Now we have over four hundred new Registrants since yesterday! They were all stacked up in the queue I guess. So this place may liven up a bit. Get ready for a bunch of new posters!!

But one thing, if you see any generic - "I really love this post." with a link. Please be wise enough to grasp a real new interested seeker, and linked malware. Discern bots from real people who are interested in our kind of fun here.

Gavilan
08-16-17, 02:32 PM
No, I told em about the popup ads back in April http://savingtosuitorsclub.net/showthread.php?1405-Get-Your-Billions-Back-America-2014&p=23651&viewfull=1#post23651
and hack continued for a long time. Seems fine today though. I would expect nothing less than hacking attempts here considering the gravity of the information presented. I mean when people like me can get enough info to write a letter http://savingtosuitorsclub.net/attachment.php?attachmentid=4799
that deletes a $5000 frivolous filing threat and causes the IRS to zero my account...
they gotta try to stop folks from repeating my success.

I too mentioned the ads were popping up, I even reported it at lawfulmoneytrust.

ag maniac
08-16-17, 04:33 PM
Exactly! I think we are free of malware and the IT guys are learning.

Interestingly the Registration process was not reporting or even sending out the response emails. Now we have over four hundred new Registrants since yesterday! They were all stacked up in the queue I guess. So this place may liven up a bit. Get ready for a bunch of new posters!!

But one thing, if you see any generic - "I really love this post." with a link. Please be wise enough to grasp a real new interested seeker, and linked malware. Discern bots from real people who are interested in our kind of fun here.


.....beg pardon while I drive this truck thru the hole.....


http://i0.kym-cdn.com/photos/images/original/000/620/799/57a.jpg

David Merrill
08-16-17, 05:07 PM
Now that is obviously a horse saying that! I love horses, anywhere!

David Merrill
08-16-17, 08:20 PM
BTW - I am logged in on an old tablet, Windows 7, at the Whole Foods Store and getting no popups.

David Merrill
08-17-17, 04:16 AM
BTW - I am logged in on an old tablet, Windows 7, at the Whole Foods Store and getting no popups.
Old-timey cell phone though - saw one ad popup?

lorne
09-11-17, 12:35 AM
The infection was gone but has returned again. New iphone with no browser history getting popup ads today. And then there's the flood of new members with random-like names. And there's this email from webmaster a week ago:

Recently the Posts on StSC were replaced with a string of code. This problem has been corrected and I hope you will continue...

Seems someone is really trying hard here. I apologize for stating the obvious but doesn't this call into question the competence of your IT folks, or possibly they are complicit in the hack?

David Merrill
09-11-17, 03:45 AM
Thank you Lorne;

I will see if there is anything I can do to help participate in keeping the website clean.

David Merrill
09-15-17, 12:29 PM
This continuing attack is probably due to the new technology. These are live people registering, apparently a new industry where you litter up a website enough (malicious links) and it is tagged "Dangerous".

We are working on it.

marcel
09-21-17, 05:17 PM
Yes there does seem to be a concerted effort to disrupt this website. From one location I was getting this:

4947

lorne
09-22-17, 06:42 PM
I believe we've just witnessed how to takeout a forum without taking it offline. Infect the site with adware yet somehow make the owner/operators immune from it. Have a couple users say "working fine here" (blame the victim) and admin is convinced it's just a browser cache issue. Meanwhile Google tags the site Dangerous and it doesn't even appear as a result when searching "saving to suitors club".

Fascinating.

4948

Gavilan
09-22-17, 07:37 PM
I believe we've just witnessed how to takeout a forum without taking it offline. Infect the site with adware yet somehow make the owner/operators immune from it. Have a couple users say "working fine here" (blame the victim) and admin is convinced it's just a browser cache issue. Meanwhile Google tags the site Dangerous and it doesn't even appear as a result when searching "saving to suitors club".

Fascinating.

4948

I agree with you. This attack became even more intensive after David filed with the Court of International Trade.

YellowAdmin
09-23-17, 04:08 PM
StSC should come off of Google's black list within a few days.

Also, new protections have been put in place to prevent these hackings. Time will tell just how effective these protections are - we'll see!

YellowAdmin
09-29-17, 03:15 PM
Finally, StSC has been removed from Google's blacklist.

Also, so far I'm pleased with the new protections that have been put in place. Again, I say, time will tell!

Gavilan
09-30-17, 12:15 AM
Finally, StSC has been removed from Google's blacklist.

Also, so far I'm pleased with the new protections that have been put in place. Again, I say, time will tell!

Congratulations! Thank you for all your hard work!

David Merrill
09-30-17, 02:36 PM
This is indeed a very entertaining website chat. Thank you for your work.

Please remember the Donate Button. If you specify website maintenance for StSC funds will be forwarded where they are deserved for all the work. I suppose it is flattering that somebody has apparently paid live people to register and plant malware.

marcel
04-19-19, 04:41 PM
Am I the only user getting spam / malware links via private message?

lorne
04-20-19, 04:12 PM
No, I got this one from user "PhipDrelo" on April 18:

"??????????? ???? ?? https://vanna-professional.ru/restavratsiya-vann"

Gavilan
04-20-19, 09:37 PM
No, I got this one from user "PhipDrelo" on April 18:

"??????????? ???? ?? https://vanna-professional.ru/restavratsiya-vann"

Same, I deleted it without further action.

marcel
07-03-19, 01:37 PM
5509

I recently saw we had only 73 users when clearly we're paying for 250 user-bots. I'd say a refund is in order. How much does it cost to have a forum constantly hit with 250 click bots anyway?

David Merrill
07-03-19, 05:10 PM
I have an idea. We have quite a user base around here and I sometimes wonder if I can email everybody. I will write a Thread opening post about a response to a judge who filed her oath but a day after somebody she had arrested was inquiring at the Secretary of State. Then I will email all the users. If you read this, here or there please tell me if you get the email.

David Merrill
07-12-19, 07:51 AM
Please let us know if you get a User Broadcast about Dabney's new order and opinion? I am testing that out again.

Christopher Thomas
07-17-19, 02:43 AM
I did not receive anything new on that particular subject.

marcel
07-17-19, 01:43 PM
5529

On the Internet, nobody knows you're a dog.

Christopher Thomas
07-17-19, 01:53 PM
What is that supposed to mean bro?

Christopher Thomas
07-18-19, 12:07 PM
https://duckduckgo.com/install?t=hv

came across better technology for search engines

https://youtu.be/SrsCEbi5N7Y

marcel
10-30-19, 01:12 AM
Why am I getting this ...

5622

lorne
11-01-19, 06:40 PM
I would say it's due to the way this forum handles security, not necessarily a phishing attempt. Then again I'm using different security software than you.

If you open a browser and enter "savingtosuitorsclub.net" you will get the non-secure version (http) of the site and see the "Not secure" notice leftside of the location box:

5627

This indicates the site is either not using a security certificate, or using a self-signed certificate (https://en.wikipedia.org/wiki/Self-signed_certificate). A website doesn't always need a secure connection. For example if it's just presenting data: http://legacy.weeklyreader.com But if logging users in, entering passwords, making transactions, etc. then security (a private connection) is necessary.

If you manually enter "https://" as a prefix to "savingtosuitorsclub.net" to enforce a secure connection if available, you will see the "Not secure" change to the locked padlock icon indicating a secure connection!

5628

So it appears the site does own a valid security certificate signed by a certificate authority, it's just not enforcing its use.

TL;DR, website has a valid SSL certificate it's just mis-configured and not always using it.

marcel
11-03-19, 01:52 AM
Ok the https trick does work, thanks. However several times while navigating the site padlock switched to unlock.

And what do you think of this...

5630

lorne
11-05-19, 03:25 PM
I see what you did. Went to virustotal.com and did URL check for savingtosuitorsclub.net.

I think if the admins are so lackadaisical about site security then maybe they deserve the label... Phishing site.

David Merrill
11-06-19, 09:14 AM
I see what you did. Went to virustotal.com and did URL check for savingtosuitorsclub.net.

I think if the admins are so lackadaisical about site security then maybe they deserve the label... Phishing site.

Geopolitical social engineering.