CSG website(?)

[TLH]

Hi All,

I've done some surveying in the past and know (ish) what i'm doing when it comes to surveying etc. but I thought i'd check out the Cave Surveying Group website.

When Googling I hovered the top link and all seemed good, showing cavesurveying.org.uk. I clicked, and this then took me to a captcha page which I thought was prior to letting me onto the site. It asked me to click 'allow' notifications to check I wasn't a robot, but to me that was very fishy as i'm almost certain that's not how it works. I didn't click it and back out of the site.

Anyway, I just wondered if this redirect is dodgy and something that everyone would come across if they accessed via Google? When going into the page via BCRA website, it's fine.

Tom

 

[langcliffe]

I repeated your actions, but didn't reach a captcha page, just a very old (2012) web page with internal and external links. The internal ones didn't work.

 

[TLH]

I repeated your actions, but didn't reach a captcha page, just a very old (2012) web page with internal and external links. The internal ones didn't work.

Interesting. Thanks for checking.

Might just be me then. Yes, I can't get many of the links working and the captcha that popped up looked far too modern compared to the actual page.

Tom

 

[andrewmcleod]

Weirdly I _did_ get a spam site the first couple of times I went to cavesurveying.org.uk. But now I seem to go through to the right website.

Odd, definitely odd...

 

[JohnMCooper]

TLH

Not just you. I did exactly the same and tried the link with that same icon on. Norton Security kicked in warning of a dodgy redirect.

The third time I tried it went through OK.

 

[langcliffe]

There's no Javascript hack in the source. I wonder if .htaccess (or its equivalent) has been hacked on the web server?

 

[ChrisB]

I've just tried it. Typing the url took me straight to the site, and I was able to view the page source - a basic html site from 2012, no content management system or resizing scripts, in fact no scripts of any type, so no hidden redirects.

The link from Google took me to the same place.

I am using Malwarebytes Pro and it didn't react. It usually tells me if there anything dodgy rather than just avoiding it.

I haven't tried to access it before, and I'm using a Windows PC without 'datasaver' or any other proxies I'm aware of. I wonder if it has been infected in the past and is now clear but some of you are being served a cached version with an infection? Or it's just been infected and my ISP is doing some caching I'm not aware of!

 

[pwhole]

I'm using Malwarebytes Pro and Duck Duck Go as a search engine - first time I clicked on the link I went to a completely different address called 'link-chat' or something dodgy, so I hit Back. Clicked it again and this Malwarebytes blocked it due to 'malware'. So I typed in the correct address into the browser address window in a new tab, and it went straight to the correct site. So I then clicked on the link in the previous tab again, and this time it went through to the correct site. Hmmmmm.....

 

[andrew]

Unfortunately it appears to have been hacked, well another site on the same service was used carelessly by someone and it has spread to the other sites.
Wookey is aware and hopefully will clean it up soon

Andrew
CSG secretary

 

[ChrisB]

Wookey is aware and hopefully will clean it up soon

Thanks. Would it be possible to identify the nature of the hack, so that those of us here who have accessed it can check that their devices are not infected? I'm guessing it's a server infection, not downloading, but it would be good to have that confirmed.

 

[alastairgott]

I informed wookey on Saturday night. Use your normal fightbacks should you click on any dodgy sites and I’m sure you’ll be fine (ie stop visiting it for the meantime and run antivirus software). We’re only 120 hours total since he was made aware and wookey is a volunteer. I’m sure in due time wookey will be able to let you know the problems with it.