I went to my friend's food sculpture site and right after the home page opened I got this:

[forums.macresource.com]

It forces you to accept notifications, "not now" doesn't work, clicking on it gets you to a notice to download the latest Adobe Flash player. Not suspicious at all.
The site is [jimvictormariepelton.com]
if anyone wants to look.

---

And we should consider every day lost on which we have not danced at least once.
—Friedrich Nietzsche
Western Massachusetts



Edited 1 time(s). Last edit at 07/10/2019 02:22PM by blooz.

wtf?? the URL doesn't match the one in the image and neither matches the URL I get when I click your link. When I refuse, it jumps to another URL with the same request. That's nasty.

"Compromised web site?"

Yes, compromized.

Seems fine now. LOTS of web sites get compromised by a variety of malware attacks. Even big corporate ones. Constant vigilance is required.

Quote
cbelt3
Seems fine now. LOTS of web sites get compromised by a variety of malware attacks. Even big corporate ones. Constant vigilance is required.

nope - just loaded it again and it went through 5 redirects before telling me that I need to upgrade my flash player.

Yep, that's pretty bad.

An older version of the source from Archive.Org seems to imply WordPress and Ajax. My first guess would be an exploit of the template or CRM program used to create the site, second would be a HTML injection, a small chance it could be something like a poisoned DNS cache.

The admin needs to: 1) contact the hosting company, 2) wipe the site, 3) read up on WP exploits and recent patches, 4) rebuild the site using the newest version of the tools and upload it.

---

In tha 360. MRF User Map