Jump to content


Photo

weird/fishy red thread games search result


  • Please log in to reply
31 replies to this topic

#1 sunrose

sunrose

    Rubber Ducky

  • Member
  • Pip
  • 9 posts

Posted 16 March 2015 - 12:42

Hello!

I was searching for the phrase "read thread games legal" (misspelled it, but works with the correct spelling too) when I was looking for information about if gameplay videos of their games are okay. Strangely, the first result in google, is to a page about viagra. I thought I'd post about it here because its rather strange, as the url to that site is the same (redthreadgames.com). Perhaps someone has any idea of why this is? I'm guessing red thread does not want to have that linked to them, I sure wouldn't.

Here's a screenshot if the google results:

 

2isjwnp.png

 

I have not clicked the link as I'm afraid it might contain viruses, so I don't know what the page looks like.

Thought it might be a good idea to report this in case it isn't known already.


  • khh and GistOfSpirit like this

Need Help With Dreamfall Chapters Puzzles? Check Out My Video Tutorials


#2 Lee-m

Lee-m

    Harbinger of the Balance

  • Vestrum
  • PipPipPipPipPipPip
  • 1866 posts
  • LocationYorkshire, England

Posted 16 March 2015 - 12:47

wordpress exploit ?

#3 Tina

Tina

    RTG Forum Moderator

  • Moderator
  • 2878 posts
  • LocationOslo, Norway

Posted 16 March 2015 - 13:01

Tried myself and actually found another fishy link as well. I've tweeted Ragnar a link to this post, thanks for mentioning it.

(I also didn't click, because ugh)
Tina: RTG fangirl and forum moderator.

#4 sunrose

sunrose

    Rubber Ducky

  • Member
  • Pip
  • 9 posts

Posted 16 March 2015 - 13:04

No problem.

I'ts very curious though, how they can get away with using the same url address. I thought that would only be possible if they'd hack the website that is attached to the domain name.


Need Help With Dreamfall Chapters Puzzles? Check Out My Video Tutorials


#5 Tina

Tina

    RTG Forum Moderator

  • Moderator
  • 2878 posts
  • LocationOslo, Norway

Posted 16 March 2015 - 13:08

Yeah I really have no idea, but that hacking possibility was why I felt I needed to tell RTG about it asap. But I don't know enough about computers to know how it works.
Tina: RTG fangirl and forum moderator.

#6 Ragnar

Ragnar

    Archduke of Redthread

  • RTG Staff
  • 925 posts
  • LocationOslo, Norway

Posted 16 March 2015 - 13:11

Checked the link and there's no page there. I can't see any evidence of anyone hacking or inserting code into our website — so why that link shows up, I really have NO idea. We'll look into it more, but for the time being it does look like a mistake of some sort.

 

Weeeeeeird. If anyone has any tips, please let us know!

 

EDIT: The odd thing is that if you click the link in Google, you get a Viagra page…but if you go to that website address manually, there's only a 404 page there. This could be some brand new, freaky phishing thing. We're looking into it right now. Thanks for alerting us!


  • Tina, khh and Crowboy like this

#7 Lee-m

Lee-m

    Harbinger of the Balance

  • Vestrum
  • PipPipPipPipPipPip
  • 1866 posts
  • LocationYorkshire, England

Posted 16 March 2015 - 13:14

It wont be a targeted attack, just some sort of bot that roams the web looking for a vulnerable site to exploit. In this case it might be a wordpress attack. The last time I checked thats what RTG use along with most other websites to manage the content.

That is just a guess on my part, I could be wrong. Should be a fairly easy fix once its been identified. So it was the right thing to report it.

#8 Lee-m

Lee-m

    Harbinger of the Balance

  • Vestrum
  • PipPipPipPipPipPip
  • 1866 posts
  • LocationYorkshire, England

Posted 16 March 2015 - 13:15

Checked the link and there's no page there. I can't see any evidence of anyone hacking or inserting code into our website — so why that link shows up, I really have NO idea. We'll look into it more, but for the time being it does look like a mistake of some sort.
 
Weeeeeeird. If anyone has any tips, please let us know!

I checked the link with fireox and got a sort of shop for the pills in question. I didnt dig any deeper than that.

It does a redirect (might be browser dependent)
to here:

Spoiler



#9 Tamahome

Tamahome

    Arcadia Native

  • Vestrum
  • PipPipPip
  • 191 posts

Posted 16 March 2015 - 13:15

You sure you aren't selling some cheap viagra on the side? You know we won't judge, you do need to pay the bills somehow. :P


  • Moto200 likes this

#10 urzagc13

urzagc13

    Vestrum Herald

  • Drachkin
  • PipPipPipPipPip
  • 1052 posts
  • LocationGreece

Posted 16 March 2015 - 13:17

You sure you aren't selling some cheap viagra on the side? You know we won't judge, you do need to pay the bills somehow. :P

 

Probably that's what Vamon is using! <_<  :rolleyes:  :o  :P  


  • Edreamer Jamil, Lee-m, Brita and 3 others like this

Giorgos Chrysikopoulos - Dream Traveller

 

Check out the unofficial (headcanon) backstory of my Europolis Most Wanted Dreamfall Character: meet the "The Scientist Thief"!

 


#11 Tamahome

Tamahome

    Arcadia Native

  • Vestrum
  • PipPipPip
  • 191 posts

Posted 16 March 2015 - 13:19

Probably that's what Vamon is using! <_<  :rolleyes:  :o  :P  

 

Red Thread Viagra - Guaranteed nigari (? I am awful at spelling) steel hardness.


  • urzagc13 and Nancy Brown like this

#12 jlddodger

jlddodger

    Arcadia Native

  • Vestrum
  • PipPipPip
  • 228 posts
  • LocationLincoln, NE USA

Posted 16 March 2015 - 13:20

Yeah, I took the leap a clicked too.  I also get the page.

 

redthreadgames.com/is-ordering-cialis-legal/

 

leads to what looks like a base page for this:

 

www.worlds-pills.com/



#13 spyked

spyked

    Rubber Ducky

  • Vestrum
  • Pip
  • 23 posts
  • LocationBucharest, Romania

Posted 16 March 2015 - 13:21

Checked the link and there's no page there. I can't see any evidence of anyone hacking or inserting code into our website — so why that link shows up, I really have NO idea. We'll look into it more, but for the time being it does look like a mistake of some sort.

 

Weeeeeeird. If anyone has any tips, please let us know!

What web server are you using for hosting? The way it looks to me, there's fishy things occuring in the site's .htaccess or some other config file; more specifically some piece of code there might be "rewriting" that particular link to lead to another site. That, or Cross-Site Scripting (if that's even possible, I'm not familiar with the forum software).

 

The way I checked this was, I clicked the link and looked at the page's source. I saw the elements it downloads aren't from the original domain (redthreadgames.com), so at least very probably you're not hosting any of that stuff.



#14 Lee-m

Lee-m

    Harbinger of the Balance

  • Vestrum
  • PipPipPipPipPipPip
  • 1866 posts
  • LocationYorkshire, England

Posted 16 March 2015 - 13:24

What web server are you using for hosting? The way it looks to me, there's fishy things occuring in the site's .htaccess or some other config file; more specifically some piece of code there might be "rewriting" that particular link to lead to another site.

This is a good call. Makes sense.



#15 Ragnar

Ragnar

    Archduke of Redthread

  • RTG Staff
  • 925 posts
  • LocationOslo, Norway

Posted 16 March 2015 - 13:30

What web server are you using for hosting? The way it looks to me, there's fishy things occuring in the site's .htaccess or some other config file; more specifically some piece of code there might be "rewriting" that particular link to lead to another site. That, or Cross-Site Scripting (if that's even possible, I'm not familiar with the forum software).

 

The way I checked this was, I clicked the link and looked at the page's source. I saw the elements it downloads aren't from the original domain (redthreadgames.com), so at least very probably you're not hosting any of that stuff.

 

But the weird thing is that it doesn't redirect if you use the actual URL in your browser — ONLY if you click the link from Google. Which means there's some black magic happening somewhere; either on Google's side or (most likely) on our side. We're not hosting anything out of the ordinary, but it is possible someone's compromised our .htaccess files.

 

I did visit the links and there's nothing terribly nefarious there, aside from selling shitty Viagra, so it's probably not infected with horrible viruses…but you never know.


  • khh likes this

#16 jlddodger

jlddodger

    Arcadia Native

  • Vestrum
  • PipPipPip
  • 228 posts
  • LocationLincoln, NE USA

Posted 16 March 2015 - 13:30

Entering the URL directly into the browser gives me a 404 "Oops, This Page Could Not Be Found!".  It is only when I click through from Google that I get the "pills" page.

 

edit: Ninja Ragnar :ph34r:

 

----------------------------------------

 

I'm gonna go out on a limb and say it may be something in the google URL:

http://www.google.com/url?
sa=t&
rct=j&
q=&
esrc=s&
source=web&
cd=2&
ved=0CCcQFjAB&
url=http%3A%2F%2Fredthreadgames.com%2Fis-ordering-viagra-legal%2F&
ei=PckGVaeGEYbbsAT764K4AQ&
usg=AFQjCNFW5XTTUZypX46hiqmubPkLr1_RoA&
bvm=bv.88198703,d.cWc&
cad=rja

 

---------------------------------------------

 

Hmm, after some really quick reading, the URL looks "OK" to me.



#17 sunrose

sunrose

    Rubber Ducky

  • Member
  • Pip
  • 9 posts

Posted 16 March 2015 - 13:51

I decided to have a look at the cached version of the website. These are screenshots of it:

 

28k2gxj.pngg2mh5rh3.jpg


  • yodagreen3 and Elpiniki Kappa like this

Need Help With Dreamfall Chapters Puzzles? Check Out My Video Tutorials


#18 cerb998

cerb998

    Fringe Café Regular

  • Member
  • PipPip
  • 86 posts

Posted 16 March 2015 - 14:03

Powerfull, emotional, 90%!  :lol:


  • Elpiniki Kappa, Moto200 and Tomer like this

#19 Abbe

Abbe

    Fringe Café Regular

  • Member
  • PipPip
  • 110 posts
  • LocationSwitzerland

Posted 16 March 2015 - 14:13

For me, also the link from google is not working and just leads to a 404 page.

 

Might it be related to this, even though it's old? The description might fit: "This attack is very interesting because it is not visible to the normal user and the spam (generally about Viagra, Nexium, Cialis, etc) only shows up if the user agent is from Google’s crawler (googlebot)"

 

http://blog.sucuri.n...-wordpress.html


  • khh and ShadowNate like this

#20 Abbe

Abbe

    Fringe Café Regular

  • Member
  • PipPip
  • 110 posts
  • LocationSwitzerland

Posted 16 March 2015 - 14:20

To add, using the method advised by the above linked blog post, there are several such pages.

https://www.google.c...ames.com viagra

 

screen.jpg


  • khh likes this




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users