IPB

Welcome Guest ( Log In | Register )

 Forum Rules 
> Hacked :(
Mata
post Feb 17 2011, 04:08 PM
Post #1


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,172
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



So, this site (and every other site that I host) was hacked in the past twelve hours. It might be a good idea to run a virus check on your machine.

Sorry about this - my site became hosted by a new company about six months ago and there seem to be a lot more breaches since this new company took over.

The telltale sign of a hack is often a tiny square, just a few pixels wide and tall, usually at the very top or the very bottom of the screen. If you see one of these then please let me know immediately.


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
2 Pages V   1 2 >  
Start new topic
Replies (1 - 24)
Moosh
post Feb 17 2011, 04:11 PM
Post #2


I plug directly into my computer
************

Group: Established Members
Posts: 3,643
Joined: 18-November 04
From: Manchester
Member No.: 1,488
Gender: Male



I did wonder why AVG went mental at me when I tried to come on here last night, but I assumed it was something to do with Rob's site again. Poor show by your hosting company.


--------------------
QUOTE (Peter Griffin)
Math, my dear boy, is nothing more than the lesbian sister of biology.
Go to the top of the page
 
+Quote Post
Hobbes
post Feb 17 2011, 04:53 PM
Post #3


Advice for the young at heart
************

Group: Moderators
Posts: 2,706
Joined: 26-February 03
From: Essex, UK
Member No.: 33
Gender: Male



AVG shouted at me at home, and at work today, when accessing the site.

Just as a heads up: at work, AVG (fully updated) spotted the threat, but for some reason still seemed to let it do its dirty work. I used Malwarebytes' Ant-Malware program to help get rid of it, since AVG wasn't defeating it. So you might wanna run through a couple of scans with alternative software just in case? Particularly as the virus in question is a relatively new one.


--------------------
Go to the top of the page
 
+Quote Post
mooooooooooopo
post Feb 17 2011, 05:31 PM
Post #4


: P>
************

Group: Moderators
Posts: 2,355
Joined: 5-March 04
From: Derby
Member No.: 991
Gender: Secret



Google Chrome gave me a full screen warning about it as soon as I tried to come near the site earlier today.


--------------------
I am Candice's asw emo e-husband, real life actual husband and all around awesome person, Funked)Out_Frogg's e-paramour. Snugglebum's harem slave. Candice and gothictheysay are my e-pimps.
Go to the top of the page
 
+Quote Post
Moosh
post Feb 17 2011, 05:49 PM
Post #5


I plug directly into my computer
************

Group: Established Members
Posts: 3,643
Joined: 18-November 04
From: Manchester
Member No.: 1,488
Gender: Male



Just came on with Chrome and it's still warning me about comic.matazone.co.uk specifically.


--------------------
QUOTE (Peter Griffin)
Math, my dear boy, is nothing more than the lesbian sister of biology.
Go to the top of the page
 
+Quote Post
Hobbes
post Feb 17 2011, 06:16 PM
Post #6


Advice for the young at heart
************

Group: Moderators
Posts: 2,706
Joined: 26-February 03
From: Essex, UK
Member No.: 33
Gender: Male



QUOTE (CheeseMoose @ Feb 17 2011, 05:49 PM) *
Just came on with Chrome and it's still warning me about comic.matazone.co.uk specifically.


I haven't had any problems elsewhere, or here, since Mata took action. Could it be a cached version of the page that Chrome is getting angry with?


--------------------
Go to the top of the page
 
+Quote Post
mooooooooooopo
post Feb 17 2011, 06:23 PM
Post #7


: P>
************

Group: Moderators
Posts: 2,355
Joined: 5-March 04
From: Derby
Member No.: 991
Gender: Secret



QUOTE (Hobbits @ Feb 17 2011, 06:16 PM) *
QUOTE (CheeseMoose @ Feb 17 2011, 05:49 PM) *
Just came on with Chrome and it's still warning me about comic.matazone.co.uk specifically.


I haven't had any problems elsewhere, or here, since Mata took action. Could it be a cached version of the page that Chrome is getting angry with?


I'm getting the same warning as moosh and wasn't earlier so doesn't seem related to cacheing. :/


--------------------
I am Candice's asw emo e-husband, real life actual husband and all around awesome person, Funked)Out_Frogg's e-paramour. Snugglebum's harem slave. Candice and gothictheysay are my e-pimps.
Go to the top of the page
 
+Quote Post
Mata
post Feb 17 2011, 06:44 PM
Post #8


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,172
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



I've just registered the site in Google's webmaster tools and that site is listing the site as having no malware, so hopefully that means it will have the all-clear again very soon. This is very annoying since I'm about to draw tomorrow's comic and I can't be sure if anyone's going to read it...


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
SPEAKERfortheLOS...
post Feb 17 2011, 09:24 PM
Post #9


Transdimensional Traveler
************

Group: Established Members
Posts: 1,322
Joined: 20-August 04
From: Somewhere in the Ęther
Member No.: 1,244
Gender: Secret



And this is why I use Linux. I don't have to worry about these little headaches.


--------------------
It is by caffeine alone I set my mind in motion,
It is by the beans of Java that thoughts acquire speed,
The hands acquire shaking, the shaking becomes a warning,
It is by caffeine alone I set my mind in motion.


Jack of all trades, master of none,
though offtimes better than master of one.

Carpe Noctem, pro cras nos necemus
Carpe Diem, pro hodie nos mutiamo

Go to the top of the page
 
+Quote Post
MataTeachesMeLud...
post Feb 17 2011, 09:54 PM
Post #10


Member
**

Group: Established Members
Posts: 10
Joined: 8-January 11
Member No.: 16,804
Gender: Secret



Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

The message you probably received was the one that said that the website you are visiting is unsafe. This could basically mean the site would provide child pornography, viruses, or offer other stuff that can be regarded as unsafe.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

http://www.stopbadware.org/firefox?hl=nl&a...tazone.co.uk%2F
This is how you fix this. Read some stuff about it.

Worst-case scenario: Someone actually hacked your site and puts scripts on it for advertisement purposes. In this case you should deny ALL downloads coming from this website, close pop-ups and press cancel to everything it offers you. Don't use anything that requires input, which unfortunately includes the donate button (You would possibly donate to a random person in Nigeria all of the sudden). Mata, I suggest that you check if everything still links to where you want it to link, and possibly, get someone that does the technical stuff on this website for you.
Go to the top of the page
 
+Quote Post
Pikasyuu
post Feb 17 2011, 11:22 PM
Post #11


suggestive cupcake
*************

Group: Admin
Posts: 6,436
Joined: 21-April 03
From: Las Vegas, NV
Member No.: 260
Gender: Female



QUOTE (SPEAKERfortheLOST @ Feb 17 2011, 01:24 PM) *
And this is why I use Linux. I don't have to worry about these little headaches.


helpful!

anyway, i haven't seen the little pixel boxes myself and malware bites hasn't picked anything up. have you spoken with your webhost at all about their incompetence and/or submitted a ticket?


--------------------
i'm like oh kimosabe,
your body is my hobby






the official 'you bitch' count: a whole lot
last updated 11/05
Go to the top of the page
 
+Quote Post
mooooooooooopo
post Feb 17 2011, 11:39 PM
Post #12


: P>
************

Group: Moderators
Posts: 2,355
Joined: 5-March 04
From: Derby
Member No.: 991
Gender: Secret



QUOTE (MataTeachesMeLudology @ Feb 17 2011, 09:54 PM) *
Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

The message you probably received was the one that said that the website you are visiting is unsafe. This could basically mean the site would provide child pornography, viruses, or offer other stuff that can be regarded as unsafe.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

http://www.stopbadware.org/firefox?hl=nl&a...tazone.co.uk%2F
This is how you fix this. Read some stuff about it.

Worst-case scenario: Someone actually hacked your site and puts scripts on it for advertisement purposes. In this case you should deny ALL downloads coming from this website, close pop-ups and press cancel to everything it offers you. Don't use anything that requires input, which unfortunately includes the donate button (You would possibly donate to a random person in Nigeria all of the sudden). Mata, I suggest that you check if everything still links to where you want it to link, and possibly, get someone that does the technical stuff on this website for you.

Even if it can't download executables and run them (though I'm sure there are problems in older browsers that would allow that) they've clearly injected data into the page and from there it's a trivial step to scripting vulnerabilities that could give access to someone's MZ password and email, and from there access to their email if they've not been careful and used the same password for both. That's pretty bad.

My points is, it's best not to be complacent about security. Being condescending to people for worrying about such things is just going to discourage them from sensible computer security habits. It's a lot less harmful to just let them run the virus scan!


--------------------
I am Candice's asw emo e-husband, real life actual husband and all around awesome person, Funked)Out_Frogg's e-paramour. Snugglebum's harem slave. Candice and gothictheysay are my e-pimps.
Go to the top of the page
 
+Quote Post
CrazyFooIAintGet...
post Feb 18 2011, 08:50 AM
Post #13


Has been kidnapped by gerbils and forced to post on here repeatedly
***********

Group: Established Members
Posts: 1,088
Joined: 18-September 03
From: London
Member No.: 606
Gender: Female



QUOTE (SPEAKERfortheLOST @ Feb 17 2011, 09:24 PM) *
And this is why I use Linux. I don't have to worry about these little headaches.

cool.gif

QUOTE (MataTeachesMeLudology @ Feb 17 2011, 09:54 PM) *
Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).
hmm. What about stuff that exploits vulnerabilities in the browser/java? Also: what moop said.

QUOTE

english translation
QUOTE
What is the current listing status for comic.matazone.co.uk?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 1 pages we tested on the site over the past 90 days, 1 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2011-02-17, and the last time suspicious content was found on this site was on 2011-02-17.

Malicious software is hosted on 1 domain(s), including gs34grsgdg.vv.cc/.

This site was hosted on 1 network(s) including AS33552 (FLUIDHOSTING).

[...]

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.


--------------------
Kung fu fighting from 25th April 2010
Go to the top of the page
 
+Quote Post
Mata
post Feb 18 2011, 09:01 AM
Post #14


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,172
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



And now my sites have been attacked again. The bastards.

I've GOT to find the vulnerability.


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
Phantom
post Feb 18 2011, 11:34 AM
Post #15


To Lame For A Member Title
*****

Group: Established Members
Posts: 193
Joined: 14-December 10
From: Behind you!
Member No.: 16,678
Gender: Female



<3 for my avast! doing a virus scan and a boot virus scan XD and protecting me well.. otherwise I just re-install windows anyway >.>


--------------------
facebook.com/EleanorUmbra
Go to the top of the page
 
+Quote Post
Mata
post Feb 18 2011, 12:02 PM
Post #16


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,172
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



We have McAfee on the university computers... Guess what I'm trying to clean up now.


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
Phantom
post Feb 18 2011, 12:27 PM
Post #17


To Lame For A Member Title
*****

Group: Established Members
Posts: 193
Joined: 14-December 10
From: Behind you!
Member No.: 16,678
Gender: Female



QUOTE (Mata @ Feb 18 2011, 01:02 PM) *
We have McAfee on the university computers... Guess what I'm trying to clean up now.



Me spamming one of my teachers... *looks innocent to the other way*


--------------------
facebook.com/EleanorUmbra
Go to the top of the page
 
+Quote Post
Mata
post Feb 18 2011, 10:08 PM
Post #18


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,172
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



It took about six hours, but I'm pretty sure I've got everything at last. My machine is clean (thanks Hobbes for the tip on Malwarebyte's software, it worked a treat http://www.malwarebytes.org/mbam.php ), my grading is done, and it's time for a beer.


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
Hobbes
post Feb 18 2011, 11:31 PM
Post #19


Advice for the young at heart
************

Group: Moderators
Posts: 2,706
Joined: 26-February 03
From: Essex, UK
Member No.: 33
Gender: Male



QUOTE (Mata @ Feb 18 2011, 10:08 PM) *
It took about six hours, but I'm pretty sure I've got everything at last. My machine is clean (thanks Hobbes for the tip on Malwarebyte's software, it worked a treat http://www.malwarebytes.org/mbam.php ), my grading is done, and it's time for a beer.


No problem, and sounds like a well-earned rest smile.gif


--------------------
Go to the top of the page
 
+Quote Post
SPEAKERfortheLOS...
post Feb 19 2011, 01:21 AM
Post #20


Transdimensional Traveler
************

Group: Established Members
Posts: 1,322
Joined: 20-August 04
From: Somewhere in the Ęther
Member No.: 1,244
Gender: Secret



I would suggest you look into changing ALL your site passwords with very strong ones (14+ characters including upper and lower case, numbers, and symbols). And I would update every bit of software on the server. After that, it would seem that it is a server issue and then you would have to move to a different host. If you want help with this, let me know.


--------------------
It is by caffeine alone I set my mind in motion,
It is by the beans of Java that thoughts acquire speed,
The hands acquire shaking, the shaking becomes a warning,
It is by caffeine alone I set my mind in motion.


Jack of all trades, master of none,
though offtimes better than master of one.

Carpe Noctem, pro cras nos necemus
Carpe Diem, pro hodie nos mutiamo

Go to the top of the page
 
+Quote Post
MataTeachesMeLud...
post Feb 19 2011, 10:10 PM
Post #21


Member
**

Group: Established Members
Posts: 10
Joined: 8-January 11
Member No.: 16,804
Gender: Secret



QUOTE (moooooooooooooooooooooooooop @ Feb 18 2011, 12:39 AM) *
QUOTE (MataTeachesMeLudology @ Feb 17 2011, 09:54 PM) *
Fun-fact: Computers can't get viruses from websites unless you download something like an executable, or batch file (exe or bat).

The message you probably received was the one that said that the website you are visiting is unsafe. This could basically mean the site would provide child pornography, viruses, or offer other stuff that can be regarded as unsafe.

http://safebrowsing.clients.google.com/saf...matazone.co.uk/
This is why it has been reported.

http://www.stopbadware.org/firefox?hl=nl&a...tazone.co.uk%2F
This is how you fix this. Read some stuff about it.

Worst-case scenario: Someone actually hacked your site and puts scripts on it for advertisement purposes. In this case you should deny ALL downloads coming from this website, close pop-ups and press cancel to everything it offers you. Don't use anything that requires input, which unfortunately includes the donate button (You would possibly donate to a random person in Nigeria all of the sudden). Mata, I suggest that you check if everything still links to where you want it to link, and possibly, get someone that does the technical stuff on this website for you.

Even if it can't download executables and run them (though I'm sure there are problems in older browsers that would allow that) they've clearly injected data into the page and from there it's a trivial step to scripting vulnerabilities that could give access to someone's MZ password and email, and from there access to their email if they've not been careful and used the same password for both. That's pretty bad.

My points is, it's best not to be complacent about security. Being condescending to people for worrying about such things is just going to discourage them from sensible computer security habits. It's a lot less harmful to just let them run the virus scan!
Up-to-date browser USUALLY (as in, almost always, but there are small exceptions) does not allow applications to be stored on your computer under any circumstance without properly notifying the user about this. Next to that, the latest versions of Windows automatically detect whenever an application that is downloaded from the internet or is coming from a questionable source and notifies the user whenever that application is trying to run. This means basically that the user can deny the launch of any unwanted applications as well.

Java could do stuff to your computer, but you're properly notified of the fact that it's trying to do that by the Java application itself. Exploits could still happen, but is rather unlikely.

My point is, you're pretty safe as long as you know what you're doing. I've been running without a virus-scanner for quite some time now and I am doing fine, because I know what I can download and what not. But, as long as you're unsure about what to download, keep your virus-scanner on.

And next to that, injecting data into a page is useless, as it's stored on your own computer. You'd be doing nothing at all. You'd have to send something to the server.
QUOTE (SPEAKERfortheLOST @ Feb 19 2011, 02:21 AM) *
I would suggest you look into changing ALL your site passwords with very strong ones (14+ characters including upper and lower case, numbers, and symbols). And I would update every bit of software on the server. After that, it would seem that it is a server issue and then you would have to move to a different host. If you want help with this, let me know.
I'd only do this if Mata keeps your passwords stored without an hash. Which, by standards, he'll probably do. (I don't see him changing the source code of IPS, no offence)
Go to the top of the page
 
+Quote Post
mooooooooooopo
post Feb 19 2011, 11:03 PM
Post #22


: P>
************

Group: Moderators
Posts: 2,355
Joined: 5-March 04
From: Derby
Member No.: 991
Gender: Secret



QUOTE (MataTeachesMeLudology @ Feb 19 2011, 10:10 PM) *
And next to that, injecting data into a page is useless, as it's stored on your own computer. You'd be doing nothing at all. You'd have to send something to the server.

Are you quite sure of that? I was suggesting someone could inject some Javascript.

Did you realise that Javascript is perfectly capable of sending off asynchronous HTTP requests? There is protection against cross site requests in browsers but I can think of a few exploits where sending a request to the server on which the forum is hosted would be enough. I'm not going to post any details as I'm sure Mata wouldn't appreciate it.

I'm not going to change your opinion and I'm getting pretty tired of this argument. It seems like you're happy to be complacent about security and have decided you don't need the protection, but in the end you need to guard against all possibilities whereas an attacker need only consider one. Bear in mind that viruses and worms like to spread themselves around so by ignoring such things it is not just yourself you put at risk. I hope your friends don't get any fallout when you inevitably get an infection.

QUOTE (MataTeachesMeLudology @ Feb 19 2011, 10:10 PM) *
Up-to-date browser USUALLY (as in, almost always, but there are small exceptions) does not allow applications to be stored on your computer under any circumstance without properly notifying the user about this. Next to that, the latest versions of Windows automatically detect whenever an application that is downloaded from the internet or is coming from a questionable source and notifies the user whenever that application is trying to run. This means basically that the user can deny the launch of any unwanted applications as well.

Java could do stuff to your computer, but you're properly notified of the fact that it's trying to do that by the Java application itself. Exploits could still happen, but is rather unlikely.

It's all in the usually. That minority to which it doesn't apply are going to get screwed by your poor advice. The others won't be terribly inconvenienced so I still consider it a fairly irresponsible thing to say.

QUOTE (MataTeachesMeLudology @ Feb 19 2011, 10:10 PM) *
I'd only do this if Mata keeps your passwords stored without an hash. Which, by standards, he'll probably do. (I don't see him changing the source code of IPS, no offence)

Why must you get so uppity every time anyone offers people decent advice? I think speaker was talking about Mata's passwords for administering the server, rather than every user.

Why bother with this sentence if you're immediately going to point out that it's probably bad advice in the next? It doesn't impart any information and is just confusing.


--------------------
I am Candice's asw emo e-husband, real life actual husband and all around awesome person, Funked)Out_Frogg's e-paramour. Snugglebum's harem slave. Candice and gothictheysay are my e-pimps.
Go to the top of the page
 
+Quote Post
Mata
post Feb 20 2011, 10:14 AM
Post #23


'Trouble Down Pit' now online!
***************

Group: Admin
Posts: 10,172
Joined: 22-February 03
From: Southern UK
Member No.: 1
Gender: Male



MTML - Moop is a pretty hardcore coder and has been in the industry for many years. With all due respect, I'm going to take his advice on this. For example, having anti-virus software is just a sensible precaution given the various server tricks that can be played: advising people against this is a little on the foolhardy side, because you only need one slip and somthing will get through.


--------------------
Trouble Down Pit: Still updated every Monday and Friday
The Matazone Games blog
The Matazone Shop The Matazone Blog
The Matazone Corset Shop: Snobz corsets at 10% off their recommended price!
Go to the top of the page
 
+Quote Post
CrazyFooIAintGet...
post Feb 20 2011, 12:12 PM
Post #24


Has been kidnapped by gerbils and forced to post on here repeatedly
***********

Group: Established Members
Posts: 1,088
Joined: 18-September 03
From: London
Member No.: 606
Gender: Female



I'd like to add that Speaker's advice shouldn't be taken lightly. The attack surface presented to hackers by ubiquitous software like IPB & wordpress is pretty significant, so you do not want to be running old versions that have known security problems. And using strong passwords should be a no brainer anyway. It doesn't matter what security measures take place on the server has if someone can just guess it.


--------------------
Kung fu fighting from 25th April 2010
Go to the top of the page
 
+Quote Post
SPEAKERfortheLOS...
post Feb 20 2011, 01:27 PM
Post #25


Transdimensional Traveler
************

Group: Established Members
Posts: 1,322
Joined: 20-August 04
From: Somewhere in the Ęther
Member No.: 1,244
Gender: Secret



Thanks for agreeing. Working as the network administrator for a fairly large medical practice I come across this problem all the time. Unfortunately, before I came on board, the practice had an issue with data security and couldn't manage to get rid of the conficker worm/virus due to their issues. Its just amazing what out-of-date software and bad passwords can cause.

<pulpit>

The tenents of the Network Security religion are:
1. STRONG PASSWORDS
2. UP-TO-DATE SECURITY SOFTWARE
3. UP-TO-DATE APPLICATION SOFTWARE
4. MINIMAL USER RIGHTS
5. RTFM

</pulpit>



--------------------
It is by caffeine alone I set my mind in motion,
It is by the beans of Java that thoughts acquire speed,
The hands acquire shaking, the shaking becomes a warning,
It is by caffeine alone I set my mind in motion.


Jack of all trades, master of none,
though offtimes better than master of one.

Carpe Noctem, pro cras nos necemus
Carpe Diem, pro hodie nos mutiamo

Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



Lo-Fi Version Time is now: 3rd September 2014 - 02:06 AM
Use these links if you're going to shop at Amazon and a percentage of what you spend goes towards helping this site!