Jump to content
C4 Forums | Control4

When trying to access the forum via Firefox on Android phone...

Recommended Posts

Same thing happening here from an android phone and tablet. Its redirecting to an Indian pornography site.. The part that has me smacking myself is that I've nuked my phone three times thinking that i had a redirect virus. :)

Link to comment
Share on other sites

  • 2 weeks later...

Yep, this web server has been compromised. Depending upon what device you use to access this site, you will either not notice anything unusual or you will be redirected to a russian porn site via waptools.su. I've noticed that if you present an iphone user-agent string or an intel-based Mac string, you'll get in just fine. However, PPC-based Macs and Androids get redirected. It's known as an http 302 hijack.

This is me pretending to be an android phone:

jhsLaptop:~ shoe$ curl -A "Mozilla/5.0 (Linux; U; Android 0.5; en-us)" -I -L www.c4forums.com
HTTP/1.1 302 Found
Date: Sun, 18 Mar 2012 21:11:59 GMT
Server: Apache/2.0.64 (Unix)
Location: http://waptools.su/go.html?a=25
Connection: close
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 302 Found
Date: Sun, 18 Mar 2012 21:12:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Server: Jino.ru/mod_pizza
Set-Cookie: PHPSESSID=c7dcb427990eb115be9dec7a270fba16; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://1h5fy.in/porno/index.php?dir=4

HTTP/1.1 200 OK
Date: Sun, 18 Mar 2012 21:12:06 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze3
Vary: Accept-Encoding
Connection: close
Content-Type: text/html

"HTTP/1.1 302 Found" is a redirect code which takes me to waptools.su which replies with another 302 redirect which takes me to 1h5fy.in, a porn site, plus who knows what else.

This is me pretending to be an intel-based Mac:

jhsLaptop:~ shoe$ curl -A "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5" -I -L www.c4forums.com
HTTP/1.1 200 OK
Date: Sun, 18 Mar 2012 21:20:03 GMT
Server: Apache/2.0.64 (Unix)
X-Powered-By: PHP/4.3.11
Expires: Thu, 21 Jul 1977 07:30:00 GMT
Last-Modified: Sun, 18 Mar 2012 21:20:03 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=ISO-8859-1

"HTTP/1.1 200 OK" is what you expect to see returned from a typical request,

I wasn't intending for this to be my first post, as I just joined here because I just bought a house that's full of Control4 stuff and I'm hoping to learn a lot more about it.

Hopefully the server admins will see this and take action. If they're all on intel-based Macs and iPhones, it possible they've never been redirected.

--Jim Shoemaker

--Montgomery, Al

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.