The PokéCommunity Forums

The PokéCommunity Forums (https://www.pokecommunity.com/index.php)
-   Feedback & Support (https://www.pokecommunity.com/forumdisplay.php?f=4)
-   -   Issue Members being blocked from Forum! (https://www.pokecommunity.com/showthread.php?t=254612)

k23time June 13th, 2011 2:49 PM

Members being blocked from Forum!
 
I have strong reason to believe that a recent update to the Pokemon Game Editor created by member Gamer2020 has purposely created a simple hosts file within the Windows\System32\Drivers\Ect\ folder that blocks all access to the PokeCommunity website. Moving or deleting this file will allow access again, but if you've been blocked, you obviously can't read this post. =/ So I request that a moderator please send out a email message detailing this problem in case someone else has downloaded this game that can be found through this forum.

I've sent a report to the moderators and a pm to one, but haven't gotten any replies yet, so I'm posting this here in case someone else wants to get a hold of them and let them know, or has friends who are currently blocked because of this.

And I urge all members to refrain from downloading anything from Gamer2020. This time it wasn't dangerous, just annoying (and difficult for members if they don't get help from someone), but next time it might be worse.

EDIT:
I just confirmed that installing Gamer2020's Pokemon Game Editor program will create this file. On his forum he has posted the following in response to my statements:
"Oh wow LOL
I haven't even been programing lately. PGE does no such thing...
I can still access PC so idk what the problem could be =/
I know I didn't write anything like that into my program. It just edits ROMs."

So either he's lying and he did put it in there, or one of the programs within his collection created it, but given his known hatred for the way this place is moderated, I'm more likely to believe he put it in there purposely.

Spinor June 13th, 2011 3:22 PM

Quote:

Originally Posted by countryemo (Post 6691855)
...Pretty sure its just you.
I havent downloaded yet though. How do you know other members are banned?
You probably just messed up :.


...Pretty sure its just you.
I havent downloaded yet though. How do you know other members are banned?
You probably just messed up :/

What he means is that the application edits the 'hosts' file in system32. That file has a list of a sort of 'redirects' associating web sites with some other IP addresses. It has nothing to do with whether one is banned or not.

And this is a semi-rational concern, really. Although now the problem would be that the application is technically a virus, since it edits system files without user permission.

k23time June 13th, 2011 3:40 PM

Quote:

Originally Posted by AdvancedK47 (Post 6691868)
What he means is that the application edits the 'hosts' file in system32. That file has a list of a sort of 'redirects' associating web sites with some other IP addresses. It has nothing to do with whether one is banned or not.

And this is a semi-rational concern, really. Although now the problem would be that the application is technically a virus, since it edits system files without user permission.

Yeah it doesn't "ban" anyone, it just blocks any entry to the website, can't even look at it. So unless you've memorized how I said to fix it, I suggest you not go and download it to try it. You can't download it unless you join his forum anyway, which I think it only linked in his signature, so you have to actually try if you want it, but I think some people will (just as I did). I'm just trying to prevent others from falling into the trap and help save people who already have. There's no way to tell if someone has been blocked, because they can't post here. The only way is to email everyone, and I don't think I can do that. We need a moderator.

The 100 Mega Shock June 13th, 2011 3:40 PM

Quote:

Originally Posted by countryemo (Post 6691855)
...Pretty sure its just you.
I havent downloaded yet though. How do you know other members are banned?
You probably just messed up :.

He perhaps talked to over people via communication other than on PC, and following on from the recent case of someone mysteriously finding PC in their hosts file? Don't be so quick to brush this off.

Anyway, shouldn't something like this require a UAC prompt to be permitted on Windows Vista or 7? People should be wary of a program such as this requesting that kind of unnecessary permission.

k23time June 13th, 2011 3:48 PM

Quote:

Originally Posted by The 100 Mega Shock (Post 6691886)
He perhaps talked to over people via communication other than on PC, and following on from the recent case of someone mysteriously finding PC in their hosts file? Don't be so quick to brush this off.

Anyway, shouldn't something like this require a UAC prompt to be permitted on Windows Vista or 7? People should be wary of a program such as this requesting that kind of unnecessary permission.

I actually just had the problem myself, and went searching for answer, which I found at Gamer2020's forum, as Pino19 over there had the problem too, but lucky for me he found the solution. It was then that I found the question: "Can only get on Pokecommunity through ip" that M4 posted.

And yes the UAC prompt does appear when installing the program, and I'm an idiot for allowing it.. >_< I'm just glad that's the only malicious thing the program seems to do right now. After a complete scan with Microsoft Security Essentials, I was notified that my computer is free of any viruses. And this problem is an easy fix, as long as you're able to find the info on how to fix it.

The 100 Mega Shock June 13th, 2011 3:58 PM

Are you running a 64-bit version of Windows, Team Fail? The attempt may not work on a 64-bit OS as Windows doesn't allow programs running in 32-bit (Which it may be) to access things like the hosts file.

e: wait you might wanna close and reopen your browser before declaring your hosts file unchanged

Rukario June 13th, 2011 4:29 PM

I STRONGLY suggest you not download / install this program at all.

We can not go emailing every user to inform a few that got burned by it, sorry.

If you are, or know someone who is having access issues, the best way to solve them is to email the webmaster, IM me at ppnsteve on aim or gtalk (on gtalk 24/7), by tweeting us at @pokecommunity

or use our contact form by going to http://174.133.255.180/sendmessage.php

provide an nslookup (dig) and tracert (traceroute) to pokecommunity.com in your message.

pass this on..

k23time June 13th, 2011 5:35 PM

Quote:

Originally Posted by Team Fail (Post 6691977)


I'm running a 32-bit version. And I restarted all my browsers. Nothing different. I'm still here.

It doesn't place it there when you install it. It places it there after you run the program and install the updates.

Quote:

Originally Posted by Rukario (Post 6691941)
I STRONGLY suggest you not download / install this program at all.
We can not go emailing every user to inform a few that got burned by it, sorry.

I really don't know anyone on this forum, but I thought that as moderators you would care to inform your people and care for the ones who would be hurt by attacks that were really directed at you. =/ Some who are affected by this may not have the intellect and searching skills to find out how to fix it, and they cannot contact anyone if they can't even reach this site, so they're helpless. A simple email could be ignored (or at least alert) those unaffected, but would be helpful for those who might be. I'm pretty sure most forums allow mass-emails to their members, right? Wouldn't be any effort at all.

After now having some knowledge of Gamer2020, witnessing his cheap attempts at denial, deleting posts of anything against him, and changing the names of users to "I_Have_a_Small_P****" (without the *'s), I've come to realize he is a child. Well, I've done my best at alerting everyone of this attack.

Rukario June 14th, 2011 12:36 AM

Don't misread my email statement as we don't care, in fact we take great strides to ensure PC is a safe environment. Its just not very practical to send out 120,000 emails to cover a few people.

there are ways to find access to PC.. we have other domains that point here.. Google search can get our others and IP to connect on, etc.

The 100 Mega Shock June 14th, 2011 6:32 AM

Quote:

Originally Posted by Team Fail (Post 6692059)


Even then, nothing has happened after what seems like a billion updates. And they don't stop coming.

Well you must have the world's most robust operating system because it does replace your hosts with one that resolves PC http and IP (or at least somebody's IP address, was this a new addition?) addresses to 127.0.0.1, I just tried it.

It also opens your browser to some hilarious tl;dr's about Pokémon (At least I presume they're hilarious - my eyes tend to glaze over long rants about Pokémon websites).

Gamer2020 June 14th, 2011 7:42 AM

I was in fact only notified of this yesterday and did not know anything about this. Someone just linked me to this thread a couple of minutes ago.

People should have asked me if there was something wrong with my program instead of just starting rumors. In any case I apologize for any inconvenience and I will get to the bottom of this.

I actually did release my source code yesterday to prove that I had nothing to do with this. Feel free to look through it.
{link removed}

Rules to using the source.

1 - It is for learning purposes only.

2 - I am not responsible for what is done with it.

3 - Do not try to re-release these programs as your own.

Quote:

Originally Posted by k23time (Post 6692037)
It doesn't place it there when you install it. It places it there after you run the program and install the updates.



I really don't know anyone on this forum, but I thought that as moderators you would care to inform your people and care for the ones who would be hurt by attacks that were really directed at you. =/ Some who are affected by this may not have the intellect and searching skills to find out how to fix it, and they cannot contact anyone if they can't even reach this site, so they're helpless. A simple email could be ignored (or at least alert) those unaffected, but would be helpful for those who might be. I'm pretty sure most forums allow mass-emails to their members, right? Wouldn't be any effort at all.

After now having some knowledge of Gamer2020, witnessing his cheap attempts at denial, deleting posts of anything against him, and changing the names of users to "I_Have_a_Small_P****" (without the *'s), I've come to realize he is a child. Well, I've done my best at alerting everyone of this attack.

I only did that because I thought you were spreading a rumor to scare people. When one of my friends emailed me with the same issue I realized this was not the case. I apologize for that now.

Flashmeteor June 14th, 2011 7:51 AM

Gamer, it doesn't really make ANY sense how this could happen on accident. Somewhere along the lines you did something, and now you're trying to cover it up. Very smoothy I must add.

Gamer2020 June 14th, 2011 8:02 AM

Quote:

Originally Posted by Flashmeteor (Post 6692762)
Gamer2020, it doesn't really make ANY sense how this could happen on accident. Somewhere along the lines you did something, and now you're trying to cover it up. Very smoothy I must add.

I have barely been online the past week. I couldn't use my computer all weekend because HackMew was optimizing it. Also all of last week I was put with friends. I haven't done any programing in a while but I assure you I will figure this out. While I do not approve of how some people get treated on this site everyone does have the right to be able to visit it if they wish and I wouldn't take that away.

Also I'm pretty sure there are better ways to "block" PC if I wanted to.

Rukario June 14th, 2011 9:52 AM

lets give him a chance to find the issue..

also since the source is released, feel free to look through his code yourself.

Renii June 14th, 2011 10:13 AM

TRWTF is VB.net. The file is hosted on a server and everything is open to public :O. No index or htaccess at all.

And saying that somehow a file hosted on their own server magically changed to malicious code.

Gamer2020 June 14th, 2011 10:19 AM

Well I'm actually now thinking that one of my friends may have done it as a joke. I'm not the only one with FTP access FYI.

Xyrin June 14th, 2011 10:44 AM

A joke? If that's a joke that's a pretty bad one. And if it changes your host files that's considered a virus. That's not a joke.

Nice job trying to cover it up.

Gamer2020 June 14th, 2011 11:47 AM

Quote:

Originally Posted by Xyrin (Post 6693066)
A joke? If that's a joke that's a pretty bad one. And if it changes your host files that's considered a virus. That's not a joke.

Nice job trying to cover it up.

That doesn't necessarily make it a virus. Just wait till I find out for sure.

countryemo June 14th, 2011 2:14 PM

Yeah I'm also with Team Fail here. Sorry guys. I havent downloaded yet, because I dont hack much. I was going to, and now I will. :D
antivirus's doing their job, what.

The 100 Mega Shock June 14th, 2011 2:19 PM

Virus, trojan whatever either way it's specifically designed to be malicious and disrupt people's usage according to someone else's' instructions.

It's malware.

Quote:

Originally Posted by countryemo (Post 6693333)
[FONT="Times New Roman"]antivirus's doing their job, what.

While a program overwriting the contents of hosts is something that should probably be picked up on more closely by security applications, the user already gave the program express permission to modify the system via accepting the UAC popup, so that sort of makes it hard for such a thing to work like that.

Especially because a small, unknown application like this isn't going to trigger any scanning software if it doesn't contain any publicly known malware code or particularly blatant attempts to damage the system (above the scope of writing a new hosts file to the system)

(Heuristics doesn't really work that way anyway when we're only talking a small line of code embedded in a program to write one file)

The 100 Mega Shock June 14th, 2011 2:39 PM

Dude I saw it replace my hosts file with another one.

It's coded in Visual Basic so naturally it's so badly done that it doesn't even work half the time.

Gamer2020 June 14th, 2011 3:31 PM

Quote:

Originally Posted by The 100 Mega Shock (Post 6693340)
Virus, trojan whatever either way it's specifically designed to be malicious and disrupt people's usage according to someone else's' instructions.

It's malware.



While a program overwriting the contents of hosts is something that should probably be picked up on more closely by security applications, the user already gave the program express permission to modify the system via accepting the UAC popup, so that sort of makes it hard for such a thing to work like that.

Especially because a small, unknown application like this isn't going to trigger any scanning software if it doesn't contain any publicly known malware code or particularly blatant attempts to damage the system (above the scope of writing a new hosts file to the system)

(Heuristics doesn't really work that way anyway when we're only talking a small line of code embedded in a program to write one file)

And I wrote no such code. Go ahead and look at the source. Also the only reason it requires to be run as admin is because if it get's installed to the windows folder there will be errors when it tries to read the ini and start other programs.

Quote:

Originally Posted by Team Fail (Post 6693353)


Well, I looked at the address that was shown to have the modification (Windows\System32\Drivers\Ect\) and the last time anything was changed in that file was in 2010. It never did anything to my computer, besides it's intended purpose of modifying roms.

Is that the folder that file would be in for all operating systems? I'm going to see if I can fix whatever the program did, I just hope the file path would be the same every time.

Quote:

Originally Posted by The 100 Mega Shock (Post 6693368)
Dude I saw it replace my hosts file with another one.

It's coded in Visual Basic so naturally it's so badly done that it doesn't even work half the time.

VB.Net actually. Send me the version that replaces the hosts file cause the one I have installed doesn't do it obviously cause I can still access the site.

tlah June 14th, 2011 5:20 PM

I had (well, still have...) this problem. However, if it was in fact a purposeful virus, it obviously wasn't programmed to block subdomains of the website. I currently have this problem, and am writing this from the 'mail' subdomain of PC (mail.pokecommunity.com). The domain pokecommunity.mobi also works.

Renii June 14th, 2011 9:44 PM

Quote:

Originally Posted by Team Fail (Post 6693489)


That's what the OP said, so I checked the said folder.

Perhaps, did Mewthree9000 help with building/compiling this? Just a hunch I have.

Some anti-virus software do prevent software from changing the hosts file. I have, in the past been notified either by Avast or Avira that some software tried to replace my hosts file.

Ray Maverick June 15th, 2011 3:08 AM

Yeah the story so far makes me raise a few questions (???????????????????????)

a) If Gamer2020 is innocent, why troll the people who accused him on his forum?
b) Why is he acting so suspiciously?

Okay the last question was kind of generic, and I'm not going to give examples. Those who got what I'm saying should understand. Duh.

But.. we don't really have proof he did something, although he has a pretty good motive to block off people from PC (His own forum, he "doesn't like how people are treated here", etc. ).


All times are GMT -8. The time now is 11:05 AM.


Like our Facebook Page Follow us on Twitter © 2002 - 2018 The PokéCommunity™, pokecommunity.com.
Pokémon characters and images belong to The Pokémon Company International and Nintendo. This website is in no way affiliated with or endorsed by Nintendo, Creatures, GAMEFREAK, The Pokémon Company or The Pokémon Company International. We just love Pokémon.
All forum styles, their images (unless noted otherwise) and site designs are © 2002 - 2016 The PokéCommunity / PokéCommunity.com.
PokéCommunity™ is a trademark of The PokéCommunity. All rights reserved. Sponsor advertisements do not imply our endorsement of that product or service. User generated content remains the property of its creator.

Acknowledgements
Use of PokéCommunity Assets
vB Optimise by DragonByte Technologies Ltd © 2023.