Jump to content


Photo

Forums got infected


  • Please log in to reply
7 replies to this topic

#1 HSishi

HSishi

    Yin and Yang

  • EQ Member
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 655 posts
  • Gender:Male
  • Location:Kassel, Germany
  • EQ1: Hsishi

Posted 26 December 2012 - 10:15 AM

Hello.

I PM'ed already to Vektrath about a serious virus problem within these forums. My browser protection software recognized a php script coming from
http://directagain.net/in.php
using different php parameters as malware 'HTML/IFrame.apo' . I heard from others it opens popups.

I didn't find out how browsers can be set to reject this and similar files from certain web sites. At the moment my browser protection is set to "Automatically deny access" to recognized malware files.

If you get such popups, review and / or update your virus software so it recognizes those scripts to prevent more damage to your PC.

Merry XMas.

//Hsishi

1345847.png


#2 Aurelio

Aurelio

    There you go: "?ber"

  • EQ Member
  • PipPipPipPipPipPipPipPipPip
  • 162 posts
  • Gender:Male
  • EQ1: Aurelio

Posted 26 December 2012 - 11:24 AM

There is also a java script pointing to a russing website. This looks suspicious.

You should install the add-on no script to disable java script for this website.

#3 Vektrat

Vektrat

    a kawaii vekchan :3

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 567 posts
  • Gender:Male
  • Location:Barcelona
  • XBOX Live: Vektrat

Posted 26 December 2012 - 12:32 PM

Hitem already communicated me by PM yesterday a swell.

I don't have access to update the whole forum, so I just hotfixed an XSS exploit manually, though I don't know if this was the reason of the warnings...

I removed old skins that seemed to give some trouble and reconfigured caches.

Let me know if you get more warnings, I couldn't even see them in the first place


Thanks :)

Btw the russian pointer looks indeed suspicious but I think it is harmless, I think I removed it aswell

fss.png


#4 Hitem (Ariania)

Hitem (Ariania)

    The Nameless

  • RIFT Officer
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 592 posts
  • Gender:Male
  • Location:Swe
  • RIFT:Hitem / Ariania
  • EQ1: Ariania
  • VG: Ariania

Posted 26 December 2012 - 02:25 PM

Great work!
the dark theme is gone (qq) but everything looks fine atm - no warnings - no scripts running and no connections are being made.
I have the nod32 report and ill do some digging into it.

cheers!
:cheers:
Posted Image
Climb upon my trusty steed! | Darkwind raid videos | "by Hitem -79 seconds ago"

#5 Vektrat

Vektrat

    a kawaii vekchan :3

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 567 posts
  • Gender:Male
  • Location:Barcelona
  • XBOX Live: Vektrat

Posted 26 December 2012 - 03:12 PM

I thought the skins were deprecated, I'm sorry Ari :(

Will see if in a future I can get back the dark theme

fss.png


#6 Abbye

Abbye

    Godlike Poster

  • EQ Officer
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 796 posts
  • Gender:Female
  • Location:Edinburgh, Scotland
  • EQ1: Abbye, Curley
  • WOW: Abbey
  • WAR: Abby, Jinnx

Posted 26 December 2012 - 04:03 PM

All fine for me too, thanks for your efforts Vek.

2416699.png

 


#7 HSishi

HSishi

    Yin and Yang

  • EQ Member
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 655 posts
  • Gender:Male
  • Location:Kassel, Germany
  • EQ1: Hsishi

Posted 26 December 2012 - 06:01 PM

For the moment it seems the suspicious actions are gone; no actual reports from my Antivir Browser protection.

Ah, I'll miss the dark theme ... I can't get a hang on those bright white themes :( .

Anyway, thanks for your efforts.

//HSishi

1345847.png


#8 Vektrat

Vektrat

    a kawaii vekchan :3

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPipPip
  • 567 posts
  • Gender:Male
  • Location:Barcelona
  • XBOX Live: Vektrat

Posted 26 December 2012 - 06:39 PM

For the moment it seems the suspicious actions are gone; no actual reports from my Antivir Browser protection.

Ah, I'll miss the dark theme ... I can't get a hang on those bright white themes :( .

Anyway, thanks for your efforts.

//HSishi


I don't remember which was the old one but here you go :p

But dark themes are suspicious if at work ;)

fss.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users