Post new topic    
Page 1, 2  »
Super Slime
Send private message
Site hacked 
 PostTue Mar 04, 2014 4:01 am
Send private message Reply with quote
Slime Salad was hacked today. Malicious scripts were inserted throughout the site. I am in the process of correcting it, but until further notice, do not browse the site with JavaScript enabled. You should also run a malware scan to determine if you have been affected.
Mega Tact v1.1
Super Penguin Chef
Wizard Blocks
Super Slime
Send private message
 
 PostTue Mar 04, 2014 5:22 am
Send private message Reply with quote
I've removed the malicious scripts across the entire site. It is now just as safe as it ever is to run with JavaScript enabled. Let this be a reminder of the dangers of incautious web browsing.

As far as I can tell, the included script had no effect, because it included HTML that would have prevented parsing of the JS code. Many browsers would have blocked the script due to cross-domain policy anyway. I have no way of knowing whether the contents of the malicious include have changed. Even so, it is not a bad idea to change your password, both here and on any other sites that share a password with your SS account.
Mega Tact v1.1
Super Penguin Chef
Wizard Blocks
Blubber Bloat
Send private message
 
 PostTue Mar 04, 2014 1:59 pm
Send private message Reply with quote
joy...
dOn'T MiNd mE! i'M jUsT CoNtAgIoUs!!!
Play Orbs CCG: http://orbsccg.com/r/4r6x V
Liquid Metal King Slime
Send private message
 
 PostTue Mar 04, 2014 3:08 pm
Send private message Reply with quote
Ouch! Well I am glad you were able to solve it quickly.

I remember a few years back when something like that happened to all the php files on hamsterrepublic.com.

After that I wrote a script that checks daily to see which files have changed since yesterday and mails me the results. Far from a perfect defence, but it would be good early-detection for a thing like this.
Super Slime
Send private message
 
 PostTue Mar 04, 2014 4:11 pm
Send private message Reply with quote
Bob the Hamster wrote:
After that I wrote a script that checks daily to see which files have changed since yesterday and mails me the results. Far from a perfect defence, but it would be good early-detection for a thing like this.


This is more or less how I ended up checking what had changed. It was a really unsophisticated script someone had run; every file with ".js" in the name had been appended with a few lines. This included ".json" files, for example.

I'm not sure how soon I would've noticed it, except I was getting malware alerts. In the end, I don't think the hacking actually accomplished anything. Seems like a lot of effort for the payoff (well, except that I'm sure it was all automated somewhere).
Mega Tact v1.1
Super Penguin Chef
Wizard Blocks
Blubber Bloat
Send private message
 
 PostTue Mar 04, 2014 4:22 pm
Send private message Reply with quote
Why in the world, and how in the world, is slime salad such a prime target for hackers and spambots? It's not like this place is ultra famous or anything.
dOn'T MiNd mE! i'M jUsT CoNtAgIoUs!!!
Play Orbs CCG: http://orbsccg.com/r/4r6x V
Metal Slime
Send private message
 
 PostTue Mar 04, 2014 5:34 pm
Send private message Reply with quote
Mogri wrote:
Even so, it is not a bad idea to change your password, both here and on any other sites that share a password with your SS account.

Done.
Meowskivich wrote:
Why in the world, and how in the world, is slime salad such a prime target for hackers and spambots? It's not like this place is ultra famous or anything.

Maybe someone gave their game a bad review? XD
"One can never improve enough nor should one stop trying to improve."
Super Slime
Send private message
 
 PostTue Mar 04, 2014 6:10 pm
Send private message Reply with quote
Meowskivich wrote:
Why in the world, and how in the world, is slime salad such a prime target for hackers and spambots? It's not like this place is ultra famous or anything.


It's no more a target than anywhere else. This is the first time that the site was actually hacked, and spambots are ubiquitous, especially on phpBB.
Mega Tact v1.1
Super Penguin Chef
Wizard Blocks
Metal King Slime
Send private message
 
 PostTue Mar 04, 2014 6:24 pm
Send private message Reply with quote
I don't handle anonymous, outside threats very well... can we all agree to blame Spoonweaver for this?
Liquid Metal King Slime
Send private message
 
 PostTue Mar 04, 2014 9:52 pm
Send private message Reply with quote
V
Blubber Bloat
Send private message
 
 PostTue Mar 04, 2014 10:29 pm
Send private message Reply with quote
He admits it! Let's go down to Floride and string him up at town rectangle for all to ignore!
dOn'T MiNd mE! i'M jUsT CoNtAgIoUs!!!
Play Orbs CCG: http://orbsccg.com/r/4r6x V
Red Slime
Send private message
 
 PostThu Mar 06, 2014 12:02 pm
Send private message Reply with quote
Meowskivich wrote:
Why in the world, and how in the world, is slime salad such a prime target for hackers and spambots? It's not like this place is ultra famous or anything.


I can almost 90% guarantee it was an automated attack. Just a bot searching for phpbb installs and then using a suite of attacks against it until something works.

phpBB has gotten so bad with this lately, we don't allow phpBB anywhere in deployments or on any servers. Not worth the headache anymore.
Slime Knight
Send private message
 
 PostTue Sep 16, 2014 2:51 am
Send private message Reply with quote
Hate to update this topic, but it appears superwalrusland has been compromised in a similar manner. More specifically, the C. Kane wiki page had the same redirector virus that hit Slime Salad, although the page with the C. Kane pdf manual did not trigger the virus alert and I downloaded the manual safely.(I probably should delete it anyway just to be safe.) I have no idea if parts of this virus still linger within Slime Salad's hyperlinks or is on Superwalrusland itself. (I clicked on the links on Slime Salad's C. Kane page and got the virus.)
Super Slime
Send private message
 
 PostTue Sep 16, 2014 6:27 am
Send private message Reply with quote
That doesn't sound like the same thing. There was probably no virus involved with the earlier attack.
Mega Tact v1.1
Super Penguin Chef
Wizard Blocks
Metal King Slime
Send private message
 
 PostTue Sep 16, 2014 12:24 pm
Send private message Reply with quote
Did you contact Surlaw?

It looks like a link to a nonexistent page on a Spanish travel site is getting inserted on every page. That site itself isn't suspicious but the link obviously is. I am almost certain that that site (viajespirineoainsa.com) was also broken into and used to host a malicious script, which has now been removed (hence the almost-clean rating). I also ran the C.Kane .zip and Windows installer .exe files through Virus Total, and they are clean, and haven't been modified. (Interestingly someone else ran them through VT in the past).

These kinds of attacks usually exploit some flaw in popular software like Mediawiki in order to modify the webpages, but don't actually allow directly modifying files on the compromised site. Sadly, hosting a blog, site, or forum can be a big hassle...
Display posts from previous:
Page 1, 2  »