# Who Is mcrime And Why Are They Trying To Run A Script On This Site?



## FranJan (Jun 3, 2012)

Seems every time I've been coming here this weekend some script called "mindcrime.in" keeps trying to run. Happens only on this site from what I've noticed. More little hacker boys and their toys?

Shields Up, Bitches!


----------



## Admin (Jun 3, 2012)

which pages are you seeing this on ?


----------



## FranJan (Jun 3, 2012)

I see it on every page I go to on RIU today. Noticed it yesterday but didn't think anything of it at first. It does not show up at any other sites I've been to today, i.e. Amazon, Ebay, Reddit, Google. Hope this helps.


----------



## obijohn (Jun 3, 2012)

Just saw the xact same post here..word for word. http://royalqueenseeds.net/2012/06/03/who-is-mindcrime-in-and-why-are-they-trying-to-run-a-script-on-this-site/


----------



## FranJan (Jun 3, 2012)

^^^^^What the???????

Just went there and saw this post which I was just reading:
*https://www.rollitup.org/indoor-growing/533558-early-topping.html*

If you click on their link you just get brought to the topic here.
*http://royalqueenseeds.net/2012/06/03/early-topping-2/*

Who is royalqueenseeds.net?


----------



## Admin (Jun 3, 2012)

That is a site that just scrapes all our content and posts it on theirs, I have informed the tech team and they will be stopping it. 

FranJan I have scanned everything in the site and nothing is coming from that domain. Anything else you can tell me so I can investigate further ?


----------



## Admin (Jun 3, 2012)

if you have firebug installed for firefox open it and click Net it should show everything that is downloading.


----------



## obijohn (Jun 4, 2012)

By the way, all my googling of mindcrime, aside from the link above, refers to the movie Inception


----------



## FranJan (Jun 4, 2012)

Sorry. When I gotta go I gotta go . 

Inception? I kept getting Queensryche. I so hated them back in the day .

Anyway it appears it's me and I should keep up on my security updates with Tor. I upgraded Tor at work and the script wasn't there and it's still trying to run here on my computer. Let's update and see if it goes away. BRB


----------



## FranJan (Jun 4, 2012)

Yup it's gone now. The funny thing is Tor wouldn't let me update until I deleted it and reinstalled (re-unzipped ? ), so I'm not too sure what happened, yet. So thanks for the help and sorry about being paranoid. Guess it kinda happens around here, no ? And +rep to our admin for me making him/her/them work on a Sunday .


----------



## potroastV2 (Jun 5, 2012)

You're welcome, Bro! We try to check out every credible problem, and Rollie is always working to optimize the site.

A lot of spammers use an India domain (.in) so it sounds like it was something like that.


----------



## SnoCap (Jun 28, 2012)

my noscript extension for firefox is still reporting mindcrime.in as trying to run a script on all of the RIU pages I have visited today. So the problem was not specific to the OP and has not been solved yet. Just a heads up. Thanks for your help!


----------



## F A B (Jun 28, 2012)

admin said:


> That is a site that just scrapes all our content and posts it on theirs, I have informed the tech team and they will be stopping it.
> 
> FranJan I have scanned everything in the site and nothing is coming from that domain. Anything else you can tell me so I can investigate further ?


yep royalseeds thats the one i found by doing a google search for my posted awhile back and wondered what the deals was and reported it 
fucking thieves need to make their own forum and not jack are posted makes it appear im a member there and never heard of them till i found this out


----------



## FranJan (Jun 28, 2012)

Yup it started again last week, then disappeared, and now it's back. Here's some web info from Noscript's tool.

http://www.google.com/safebrowsing/diagnostic?site=mindcrime.in
http://www.wmtips.com/tools/info/?url=mindcrime.in
http://hosts-file.net/default.asp?s=mindcrime.in


From Google;
*
"What happened when Google visited this site?*

Of the 11 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-06-24, and the last time suspicious content was found on this site was on 2012-06-24.This site was hosted on 1 network(s) including AS24940 (HETZNER).
​ *Has this site acted as an intermediary resulting in further distribution of malware?*

Over the past 90 days, mindcrime.in appeared to function as an intermediary for the infection of 2 site(s) including worstpreviews.com/, ngemu.com/."



​
​


----------



## FranJan (Jul 6, 2012)

And now it's gone again. Haven't seen the script trying to run in the last few days, though on Monday I saw it on my work computer.


----------



## FranJan (Jul 26, 2012)

And guess who's back today?


----------



## cannabineer (Jul 28, 2012)

Same here. Thank goodness for Noscript. cn


----------



## Admin (Jul 31, 2012)

Hey Guys,

Can you tell me which pages you are getting mindcrime from ?

RIU


----------



## FranJan (Jul 31, 2012)

Seems to be every page I visit. I just checked the forum page, my rollitup, my profile and this page and the script is trying to execute on every one of these pages.


----------



## Admin (Jul 31, 2012)

I cant seem to replicate this error at all still looking into it, any other help that you can offer would be appreciated.


----------



## FranJan (Jul 31, 2012)

OK now it's no longer trying to run on the myroillitup page, but it is on this and other pages. Let me do a little cleaning here. One moment.........


----------



## FranJan (Jul 31, 2012)

Here's something for you I hope; When I let the script "asset1.rollitup.org" run, the mindcrime.in script pops up on my list of scripts that are running/ that want to run in No Script 2.4.8. If I suspend "asset1.rollitup.org" then the mindcrime.in script disappears. Anything?


----------



## F A B (Jul 31, 2012)

FranJan said:


> Here's something for you I hope; When I let the script "asset1.rollitup.org" run, the mindcrime.in script pops up on my list of scripts that are running/ that want to run in No Script 2.4.8. If I suspend "asset1.rollitup.org" then the mindcrime.in script disappears. Anything?


well then dont do it


----------



## FranJan (Jul 31, 2012)

^^^ (Insert rim-shot here)


----------



## FranJan (Aug 2, 2012)

So during the "Lost Forum" issue mindcrime.in was nowhere to be seen. Guess who's back again? I hope you admins don't think I'm messing with you, but it's just something that won't go away.

Now it seems if I allow "www.rollitup.org" under No Script it tries to run. She's On The Move!


----------



## F A B (Aug 2, 2012)

FranJan said:


> So during the "Lost Forum" issue mindcrime.in was nowhere to be seen. Guess who's back again? I hope you admins don't think I'm messing with you, but it's just something that won't go away.
> 
> Now it seems if I allow "www.rollitup.org" under No Script it tries to run. She's On The Move!


wholly shit run for it


----------



## FranJan (Aug 15, 2012)

Well Mindcrime is gone again. Was here this morning and it disappeared after the upgrade. Let's see how long it is till the little rat bastard makes it's way back. And no F A B I'm not talking about you .


----------

