What's going on at CPF?

161 posts / 0 new
Last post

Pages

Subterrestrial
Subterrestrial's picture
Offline
Last seen: 4 years 2 months ago
Joined: 09/25/2016 - 20:17
Posts: 56
Location: The Mountains (they were calling....)
What's going on at CPF?

Does anybody know what happened to CPF? It was working fine this morning and now when I try to access it Firefox says it’s a reported web forgery. When I proceed to the site they have this message up:

Quote:
CPF is currently closed. Thank you for your patience and support. ~Greta

I hope it wasn’t a security breech. We’ve had enough password-grabbing lately on the web as it is.

dchomak
Offline
Last seen: 3 years 5 months ago
Joined: 03/17/2012 - 20:10
Posts: 4122
Location: Connecticut

Different browsers report different results

Chrome

Opera

Explorer

FireFox

Notice that the 2 CPF looking pages are asking for EMails and Passwords.
Could me a malicious redirect

Subterrestrial
Subterrestrial's picture
Offline
Last seen: 4 years 2 months ago
Joined: 09/25/2016 - 20:17
Posts: 56
Location: The Mountains (they were calling....)

New message up:

Quote:
CPF is currently closed. You can go to “The CPF Facebook Group“https://www.facebook.com/groups/CandlePowerForums/ to hang out and for available updates in the meantime. Thank you for your patience and support. ~Greta
stephenk
stephenk's picture
Offline
Last seen: 5 hours 58 min ago
Joined: 01/30/2016 - 05:09
Posts: 1856
Location: Australia

Looks like it might be down for a few days for upgrades whilst the redirect issue is sorted out. There were a few giveaways that were to be drawn today – will have to wait now!

LeafSamurai
LeafSamurai's picture
Offline
Last seen: 2 years 2 months ago
Joined: 04/27/2015 - 18:47
Posts: 23
Location: Christchurch, NZ

It’s definitely a malicious redirect. It started yesterday or the day before. Anyway, update on CPF group on Facebook by Kelly (CPF admin):

“As most of you have noticed and reported, there is some kind of redirect issue with CPF. I’ve found some information about it but still not sure how, what, why, etc.

Anyway… it would seem the timing for this is good as I have nothing but free time for the next couple of days. Therefore, I’m going to take this opportunity to do some long overdue maintenance and a software upgrade. I’m not even going to give any of you a timeline for this. It will be done when it’s done and CPF will be back online when it’s back online.

I’ll try to keep you all updated as much as possible here.

AND – all of you who are already members of the group have the ability to approve others requesting to join the group. It would be helpful to me if you could approve them when you see them.

Thanks much!”

Will just have to wait and spend more time on BLF.

Subterrestrial
Subterrestrial's picture
Offline
Last seen: 4 years 2 months ago
Joined: 09/25/2016 - 20:17
Posts: 56
Location: The Mountains (they were calling....)

Probably the same type of person who initiates a DDoS attack. Sad and pathetic. I hope this isn’t the hot new hobby for bored script kiddies.

Thanks for re-posting updates everyone!

Bob_McBob
Offline
Last seen: 11 hours 27 min ago
Joined: 08/14/2016 - 04:53
Posts: 646
Location: Canada

Copying my reply from another thread:

For the last few days, Google search result links to CPF have randomly been redirecting to a sketchy download page on a site called “MyFilestore”. Today Chrome and Firefox started identifying it as a suspicious site. There was a thread about it in on the forum where a bunch of idiots were being extremely productive by reporting it to Google as inaccurate. The admins then took down the site and posted a link to their Facebook page with no further information, and now the forum is down completely. They just posted on Facebook they have no idea what is wrong and will be working on it for the next few days with no ETA.

tekwyzrd
tekwyzrd's picture
Offline
Last seen: 1 day 23 hours ago
Joined: 11/14/2015 - 01:15
Posts: 1340
Location: Northeastern Ohio

Maybe someone got peeved after being censored and/or banned and decided to retaliate.

Nothing travels faster than the speed of light with the possible exception of bad news, which obeys its own special laws. – Douglas Adams

stephenk
stephenk's picture
Offline
Last seen: 5 hours 58 min ago
Joined: 01/30/2016 - 05:09
Posts: 1856
Location: Australia

Well I hope CPF is able to get up and running again as soon as possible. I’m surprised by the lack of Surefire and Zebralight threads from the CPF refugees so far!

The Miller
The Miller's picture
Offline
Last seen: 2 years 2 days ago
Joined: 12/14/2015 - 12:08
Posts: 9908
Location: Charente France

Nice they fix it and do an upgrade, it was very slow for many weeks now so let’s hope it will be faster afterwards Wink

southland
southland's picture
Offline
Last seen: 2 weeks 23 hours ago
Joined: 11/04/2012 - 07:15
Posts: 3205
Location: Georgia, USA

Who cares about CPF, the moderators suck.

Suncoaster
Suncoaster's picture
Offline
Last seen: 3 weeks 5 hours ago
Joined: 02/22/2012 - 07:14
Posts: 2192
Location: Where the girls are green and the grass is pretty.

Where ?

"In the land of the blond the one eyed man is king."

*This message is protected with ROT26 encryption.Old Lumens

Wrathbringer27
Wrathbringer27's picture
Offline
Last seen: 2 days 5 hours ago
Joined: 03/02/2015 - 09:00
Posts: 2131
Location: Singapore GMT +8

LOL barkuti recently complained about being banned…. Grad

Hahah im just kidding but i feel indifference ro cpf. They just aren’t that great

Words can be broken,
so can bones.

chasm22
Offline
Last seen: 1 year 10 months ago
Joined: 01/18/2015 - 17:08
Posts: 22
Location: NorCal

Wow. Just wow. This could prove to be much more costly than someone might initially think.

This type of thing can be hard to track down and identify. And it can be very time consuming. Even more important is the fact that Google won’t take action like that without proof that your website is causing a problem. And they won’t lift the warning until you clean up your site.

OTOH, as far as I know, Google will let you through to the website. The warning though will rightfully scare away hordes of people as well as, ahem, advertisers who can’t be too happy with the shutdown or the warning.

Anyways, if anyone is interested, Google lets you run the url of any website to see if it is suspect. This could be a help if you are unsure of a certain website. Go here . And yes, Candlepowerforums is still listed a partially dangerous.

There is also an lots of information for webmasters. Hopefully someone at
CPF is on top of this. These two paragraphs from
Google caught my eye.

“Webmaster response time
We measure how quickly webmasters clean up their sites after receiving notifications that their site has been compromised.”

“Webmaster reinfection rate
Even after a site has been cleaned, it can become reinfected if an underlying vulnerability remains. We measure the reinfection rate for these sites.”

And in case you’re thinking mistake by Google there is this under the FAQ’s,

“How accurate is this information?”

“We work very hard to maintain accurate information and have had very few false positives.”

This could be a long winter at CPF.

sb56637
sb56637's picture
Offline
Last seen: 1 hour 53 min ago
Joined: 01/08/2010 - 09:29
Posts: 7095
Location: The Light

chasm22 wrote:
Wow. Just wow. This could prove to be much more costly than someone might initially think.

This type of thing can be hard to track down and identify. And it can be very time consuming.

That sure is true.

Let’s not gloat over their misfortune. I sure wouldn’t want to be in the shoes of their admin right now, and I sure hope she is managing to sleep periodically while sorting everything out.

Sometimes I get requests for a certain forum feature that the BLF forum engine just simply doesn’t support, and like any forum software ours does have its idiosyncrasies. And more often than not when discussions about missing features or glitches come up, somebody suggests vBulletin. Well, this latest CPF outage reinforces my position on vBulletin. It’s proprietary, insecure, poorly supported garbage. Unless the redirection is/was happening due to high level internet infrastructure manipulation such as DNS spoofing (highly unlikely), it was most likely a vBulletin vulnerability. It’s possible that they might not have kept current with their security patches, but even there I’m willing to give them a pass; it’s also all too common for well-administered, completely up-to-date vBulletin forums to get majorly hacked.

So best wishes to CPF, I hope they can pull through this, and I feel their pain.

Budget Light Forum ...where Frugal meets with Flashlight!

AlexGT
AlexGT's picture
Offline
Last seen: 2 hours 19 min ago
Joined: 06/07/2012 - 17:39
Posts: 4602
Location: Texas

Thank you for running BLF smoothly SB!!! Beer

raccoon city
raccoon city's picture
Offline
Last seen: 50 min 29 sec ago
Joined: 10/06/2010 - 02:35
Posts: 17282
Location: रॅकून सिटी Palm Desert CA USA

AlexGT wrote:
Thank you for running BLF smoothly SB!!! Beer

+1!

Turby3Pots
Turby3Pots's picture
Offline
Last seen: 9 months 1 day ago
Joined: 03/31/2013 - 20:51
Posts: 592
Location: Richmond va USA
sb56637 wrote:
And more often than not when discussions about missing features or glitches come up, somebody suggests vBulletin. Well, this latest CPF outage reinforces my position on vBulletin. It’s proprietary, insecure, poorly supported garbage.

Thank you for keeping a keen eye on that.

firedome
Offline
Last seen: 1 year 3 weeks ago
Joined: 01/16/2016 - 05:45
Posts: 602
Location: Skagen - Denmark

It seems that some bad guy was able to use CPF to infect anyone who visited him, it is logical that administrators take all the time to identify the problem and prevent it from happening again.

We can easily forgive a child who is afraid of the dark; the real tragedy of life is when men are afraid of the light --- Plato

arow55
Offline
Last seen: 5 hours 38 min ago
Joined: 04/24/2015 - 00:02
Posts: 458

My computer used to freeze up about 6 or 9 months ago when on their site. So I quit going there. About 2 month s ago started going back and had no problems. They have some serious security problem. Was never a member.

Illumenated
Offline
Last seen: 1 day 9 hours ago
Joined: 03/21/2016 - 13:45
Posts: 272
Location: Georgia, USA

This is really weird…

This morning I was on this Banggood thread. When I tried to click on another page in the thread it took me to that red page of death. Google Chrome said it was linking to a malicious site.

What’s weird is that the BLF thread page would be taking me to a CPF page in the first place. ? That seemed odd then I saw this thread about CPF being down. I don’t know what’s going on but why would it link me to CPF

Lithium
Lithium's picture
Offline
Last seen: 3 months 1 week ago
Joined: 08/18/2012 - 06:01
Posts: 260
Location: Brittany

Unfortunately the CPF admin seem to lack a bit of “admin” knowledge… CPF has always been slow, some data lost regularly, etc Sad

I wish CPF will be back online in no time, with all the issues solved.

MAD TM26
MAD TM26's picture
Offline
Last seen: 5 months 3 weeks ago
Joined: 05/09/2013 - 05:25
Posts: 343

firedome wrote:
It seems that some bad guy was able to use CPF to infect anyone who visited him, it is logical that administrators take all the time to identify the problem and prevent it from happening again.

Am I reading this right? How to verify if my pc is now infected?

we buy light for a brighter tomorrow

emarkd
emarkd's picture
Offline
Last seen: 11 months 1 week ago
Joined: 04/14/2015 - 22:04
Posts: 1608
Location: Georgia, USA

Let’s not get carried away here. There’s no indication that whatever happened to CPF could “infect” anybody. There was a malicious redirect of some sort which Google labeled a phishing attempt, nothing to indicate that anybody was “infected”. It wasn’t even a “virus”.

In order to have any sort of lasting consequences from this, you’d have had to visit CPF, see that you were redirected to some file sharing site instead, shrug your shoulders and just go ahead and put your private data into that strange site you’d never seen before and you weren’t looking for to start with. I hope that most (all?) of us would be smarter than that.

Muto
Offline
Last seen: 44 min 20 sec ago
Joined: 09/04/2012 - 16:42
Posts: 2681
Location: Southeast, PA

Illumenated wrote:
This is really weird…

This morning I was on this Banggood thread. When I tried to click on another page in the thread it took me to that red page of death. Google Chrome said it was linking to a malicious site.

What’s weird is that the BLF thread page would be taking me to a CPF page in the first place. ? That seemed odd then I saw this thread about CPF being down. I don’t know what’s going on but why would it link me to CPF

Happened to me also, not sure of the thread I was trying to open, but I opened it another tab and when that was opened it was red death. Closed it and did not try to repeat. Cleaned cookies right away.
Strange.
Hope it was a fluke.

The difference between Hoarding and Collecting is the illusion of Organization
.

“History doesn’t repeat itself, but it sometimes rhymes,” Mark Twain

After the Apocalypse there will be only 2 things left alive, Cockroaches and Keith Richards

JamesB
Offline
Last seen: 2 weeks 6 days ago
Joined: 08/24/2011 - 14:43
Posts: 1015
Location: France
Lithium wrote:
Unfortunately the CPF admin seem to lack a bit of “admin” knowledge…

That is quite the understatment, she has absolutly no clue as has been shown again and again in discussions subsequent to the crashes etc… and every benevolent advice/work knowledgeable and qualified people tried to offer were always received very defensively and dismissively.

richbuff
Offline
Last seen: 19 min 58 sec ago
Joined: 09/22/2015 - 20:38
Posts: 1026
Location: Prescott Az

CPF is currently accessible to read, but attempt to post results in a permissions error.

Rev 22:15

Lithium
Lithium's picture
Offline
Last seen: 3 months 1 week ago
Joined: 08/18/2012 - 06:01
Posts: 260
Location: Brittany
JamesB wrote:
That is quite the understatment, she has absolutly no clue as has been shown again and again in discussions subsequent to the crashes etc… and every benevolent advice/work knowledgeable and qualified people tried to offer were always received very defensively and dismissively.

That’s exactly what I thought when she disclosed the configuration of the CPF’s server…two hard drives, no RAID. Hum, no wonder there’s data loss from time to time…and probably also a reason why forum is so slow when there’s a peak in sequential access.

That’s really a shame because the early CPF was a very nice and friendly community, with flashlight addict meetings and tons of other friendly events, and this place turned into…what you know… over the years.

But to sound optimistic, I found the tendency has been reversed, and I found myself spending more and more time over there lately. Maybe because some mods retired, and/or because the admin is less aggressive with age? Lol!

MtnDon
MtnDon's picture
Offline
Last seen: 57 min 21 sec ago
Joined: 08/27/2015 - 18:25
Posts: 3918
Location: Canuk in NM

Muto wrote:
Illumenated wrote:
This is really weird…

This morning I was on this Banggood thread. When I tried to click on another page in the thread it took me to that red page of death. Google Chrome said it was linking to a malicious site.

What’s weird is that the BLF thread page would be taking me to a CPF page in the first place. ? That seemed odd then I saw this thread about CPF being down. I don’t know what’s going on but why would it link me to CPF

Happened to me also, not sure of the thread I was trying to open, but I opened it another tab and when that was opened it was red death. Closed it and did not try to repeat. Cleaned cookies right away.
Strange.
Hope it was a fluke.

When something like that happens I believe it would be of great help to +this +site’s admin to let him know just what you clicked on that went to the malicious site, or site warning. Then our admin could decide whether or not he would want to do something about removing the link or whatever. My 2 cents worth (as an admin on an unrelated forum).

Illumenated
Offline
Last seen: 1 day 9 hours ago
Joined: 03/21/2016 - 13:45
Posts: 272
Location: Georgia, USA
Quote:
When something like that happens I believe it would be of great help to +this +site’s admin to let him know just what you clicked on that went to the malicious site, or site warning. Then our admin could decide whether or not he would want to do something about removing the link or whatever. My 2 cents worth (as an admin on an unrelated forum).

Good advice; I just did what you recommended.

MtnDon
MtnDon's picture
Offline
Last seen: 57 min 21 sec ago
Joined: 08/27/2015 - 18:25
Posts: 3918
Location: Canuk in NM
Lithium wrote:
Sure. But CPF admin will just tell you to f*** off, because she knows everything Big Smile No kidding here, that’s more or less what happen…just before the thread is closed.

If that was directed at me, please re-read my post…. I was saying that if a link here +took you someplace bad or someplace where a warning appeared, maybe letting +this admin know. Then if this admin wanted to he could disable the link to the other place and save someone some possible grief, remove the doubt. The folks on the bad end of the link would have been notified anyhow… that is what happens when Google decides a warning is needed. I was simply stating that, as something I would want to know as an admin on an unrelated site.

Pages