Re: Virus through site?<****** src=http://www.spiderwebforums.com/mlm/yahoo.html widt
The forum's definitely been messed with. The ****** seems to have been injected into everything (it's escaped in the posts themselves, but appears parsed elsewhere). It links to a java applet containing exploit code. I had virustotal check it out: https://www.virustotal.com/file/70b7...5b8a/analysis/ . Looks like it's exploiting the "new" exploit in Java, so many people who don't have updated browser plugins are vulnerable to it. The forum needs to be taken offline imo.
Wanted to give everyone an update. We have been pouring over server logs and poking around the servers. I can say that the servers are all fine. However, after looking over the logs (which we are still doing) we think this is an intentional attack aimed at this community.
If you are running any sort of virus protection then you will have been OK, same for Chrome users who got an alert bar at the top of the page. However, to be on the safe side I would advise anyone to give their machine a scan, always better to be safe than sorry.
It is only these forums that have been affected, not the main Diablo site homepage or any other incgamers website.
Our investigations are ongoing on this and we have got our co-location hosts involved as well as we are not happy about this attack which is obviously malicious aimed at this Diablo community.
I will be updating this thread as I know more. As of writing this post, the site is clean, despite the google.FF warnings. These will dissappear when FF and Chrome get their act together and remove the warning. I do not know how long they take to update their records so you may get their alerts for a little while longer.
i can now enter forums again without report from google that this is attack site... i have noscript enabled though to be sure. sorry i posted on main page earlier, but was only place safe to report it!
If it was an intentional, non-automated attack, then it wasn't very smart. Putting the ****** into posts which are very likely to be escaped. Also just as a note, it seems the navigation bar (e.g. Forum > Diablo: IncGamers, Diablo Wiki & DiabloNut.com >Feedback, Suggestions & Support >Virus through site?) did not look like it escaped html tags. You probably have enough on your plate as it is, just putting it out there Also, FF no longer blocks the forums. And any info on whether credentials were compromised will be nice too. Good luck!