Latest Diablo 3 News
DiabloWiki Updates
Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 59
  1. #11
    IncGamers Member Varyafirion's Avatar
    Join Date
    Jul 2005
    Posts
    252

    Re: Virus through site?<****** src=http://www.spiderwebforums.com/mlm/yahoo.html widt

    The forum's definitely been messed with. The ****** seems to have been injected into everything (it's escaped in the posts themselves, but appears parsed elsewhere). It links to a java applet containing exploit code. I had virustotal check it out: https://www.virustotal.com/file/70b7...5b8a/analysis/ . Looks like it's exploiting the "new" exploit in Java, so many people who don't have updated browser plugins are vulnerable to it. The forum needs to be taken offline imo.

  2. #12
    IncGamers Member Diab's Avatar
    Join Date
    Jun 2003
    BattleTag Diab-1350
    Posts
    3,823

    Re: Virus through site?<****** src=http://www.spiderwebforums.com/mlm/yahoo.html widt

    Quote Originally Posted by NBarnes View Post
    Is this related to the <****** src=http://www.spiderwebforums.com
    html that's being appended to everybody's forum posts?
    Just got this again with the same java thing but with this new url:
    (do not click)
    h ttp://www.spiderwebforums.com/mlm/Orz.class
    (do not click)

  3. #13
    Administrator Rushster's Avatar
    Join Date
    Jun 2003
    BattleTag Ruhster1234
    Posts
    782

    Re: Virus through site?

    There is a problem which we are working on now but it takes time to check everything. We are watching it very closely though and hopefully we'll have it fixed up shortly.
    Rushster - Admin,
    IncGamers.com

  4. #14
    Europe Trade Moderator krischan's Avatar
    Join Date
    Aug 2003
    Location
    Hamburg, Germany
    Posts
    33,199

    Re: Virus through site?

    Every URL about a thread here had that ****** thingy. Maybe somebody wanted to draw the attention to spiderweb.com or launch a DoS attack on them... or just make that impression. Nothing is certain.

    Whatever, the issue seems to be solved now. Firefox still seems to report incgamers as an attacking site, however. It might need some time to get that changed back.

    Java is currntly switched off on my browser. Whatever might need it, it will currently not receive the 1001 blessings of my presence .
    D3 Trading Forums: Europe - America
    Diablo Wiki / Arreat Summit / ATMA / Forum Rules / Adria
    You know I'm born to lose / and gambling is for fools / but that's the way I like it, baby / I don't want to live forever!

  5. #15
    IncGamers Member
    Join Date
    Nov 2010
    Location
    Boston
    Posts
    77

    Re: Virus through site?

    Is there anything those of us who have been visiting the forums need to worry about? (In terms of having picked up any malware?)

  6. #16
    Administrator Rushster's Avatar
    Join Date
    Jun 2003
    BattleTag Ruhster1234
    Posts
    782

    Re: Virus through site?

    Wanted to give everyone an update. We have been pouring over server logs and poking around the servers. I can say that the servers are all fine. However, after looking over the logs (which we are still doing) we think this is an intentional attack aimed at this community.

    If you are running any sort of virus protection then you will have been OK, same for Chrome users who got an alert bar at the top of the page. However, to be on the safe side I would advise anyone to give their machine a scan, always better to be safe than sorry.

    It is only these forums that have been affected, not the main Diablo site homepage or any other incgamers website.

    Our investigations are ongoing on this and we have got our co-location hosts involved as well as we are not happy about this attack which is obviously malicious aimed at this Diablo community.

    I will be updating this thread as I know more. As of writing this post, the site is clean, despite the google.FF warnings. These will dissappear when FF and Chrome get their act together and remove the warning. I do not know how long they take to update their records so you may get their alerts for a little while longer.
    Rushster - Admin,
    IncGamers.com

  7. #17
    IncGamers Member
    Join Date
    Aug 2011
    Location
    Amsterdam, Netherlands
    Posts
    173

    Re: Virus through site?

    i can now enter forums again without report from google that this is attack site... i have noscript enabled though to be sure. sorry i posted on main page earlier, but was only place safe to report it!

  8. #18
    Administrator Elly's Avatar
    Join Date
    Feb 1997
    Location
    Velvet pillow eating bon bons
    BattleTag Elly-1983
    Posts
    4,337

    Re: Virus through site?

    thanks for update. So google takes about 8 hours to update their records. Thought it would have been quicker.
    Elly - Admin,
    Diablo: IncGamers on Twitter on You Tube on Facebook
    DiabloNut.Com (Diablo 3 database) - Blue Post Tracker - Diablo3Ladders.Com

    New to Diablo 3? Read this great primer.



    Your beliefs don't make you a better person, you behaviour does.

  9. #19
    IncGamers Member Varyafirion's Avatar
    Join Date
    Jul 2005
    Posts
    252

    Re: Virus through site?

    If it was an intentional, non-automated attack, then it wasn't very smart. Putting the ****** into posts which are very likely to be escaped. Also just as a note, it seems the navigation bar (e.g. Forum > Diablo: IncGamers, Diablo Wiki & DiabloNut.com >Feedback, Suggestions & Support >Virus through site?) did not look like it escaped html tags. You probably have enough on your plate as it is, just putting it out there Also, FF no longer blocks the forums. And any info on whether credentials were compromised will be nice too. Good luck!

  10. #20
    Administrator Rushster's Avatar
    Join Date
    Jun 2003
    BattleTag Ruhster1234
    Posts
    782

    Re: Virus through site?

    Regarding credential, there is certainly no evidence of that from our log checking and scans.

    Just as another update, an external audit of the server is running at the moment which will also help us see what was up.
    Rushster - Admin,
    IncGamers.com

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •