main site infected?

Discuss anything not covered by any of the other categories.
drm_wayne
Posts: 232
Joined: Sat Feb 11, 2012 5:47 pm

main site infected?

Post by drm_wayne »

when going to inside3d.com i get a warning from my antivirus and something gets blocked, you should check this asap...
leileilol
Posts: 2783
Joined: Fri Oct 15, 2004 3:23 am

Re: main site infected?

Post by leileilol »

Definitely is some sql injection attack - the affected area is a Jan 1 2014 newspost, replaced with a XSS refresh attack.
i should not be here
Spiney
Posts: 63
Joined: Mon Feb 13, 2012 1:35 pm

Re: main site infected?

Post by Spiney »

leileilol
Posts: 2783
Joined: Fri Oct 15, 2004 3:23 am

Re: main site infected?

Post by leileilol »

RequestPolicy is a nice extension to have for these situations.
i should not be here
ceriux
Posts: 2230
Joined: Sat Sep 06, 2008 3:30 pm
Location: Indiana, USA

Re: main site infected?

Post by ceriux »

i entered the main page through my companys intranet o.O i hope its okay...
revelator
Posts: 2621
Joined: Thu Jan 24, 2008 12:04 pm
Location: inside tha debugger

Re: main site infected?

Post by revelator »

Hmm kaspersky not picking anything up but better safe than sorry.
Productivity is a state of mind.
Dr. Shadowborg
InsideQC Staff
Posts: 1120
Joined: Sat Oct 16, 2004 3:34 pm

Re: main site infected?

Post by Dr. Shadowborg »

Neither scar3crow or myself have access to that part of i3d, so unless we can get in touch with FrikaC or marv (atomicgamer), theres nothing that can be done. :/
ceriux
Posts: 2230
Joined: Sat Sep 06, 2008 3:30 pm
Location: Indiana, USA

Re: main site infected?

Post by ceriux »

get on irc
Dr. Shadowborg
InsideQC Staff
Posts: 1120
Joined: Sat Oct 16, 2004 3:34 pm

Re: main site infected?

Post by Dr. Shadowborg »

I did. FrikaC's not around, and I'm too scared to bug marv about it. (besides I don't know marv's e-mail!)
jjsullivan5196
Posts: 21
Joined: Sun Apr 21, 2013 10:50 pm

Re: main site infected?

Post by jjsullivan5196 »

I don't get why people do this kind of stuff, this is such a small website, why are we a target?

leileilol's recommendation of the plugin got me around that stupid redirect, but this is kinda unexpected.
revelator
Posts: 2621
Joined: Thu Jan 24, 2008 12:04 pm
Location: inside tha debugger

Re: main site infected?

Post by revelator »

Everyones a valid target this day.

Most users use the same passwords for several other sites and sometimes even for homebanking (very bad idea btw) not saying that was the intent here but be aware.
Productivity is a state of mind.
scar3crow
InsideQC Staff
Posts: 1054
Joined: Tue Jan 18, 2005 8:54 pm
Location: Alabama

Re: main site infected?

Post by scar3crow »

Problem appears to be resolved, it was made possible by compromised credentials, feel free to change your passwords. I haven't seen evidence the forum was compromised, but unlike Taylor Swift I am not a security expert, so don't rely on me for that.
...and all around me was the chaos of battle and the reek of running blood.... and for the first time in my life I knew true happiness.
leileilol
Posts: 2783
Joined: Fri Oct 15, 2004 3:23 am

Re: main site infected?

Post by leileilol »

If it were compromised i'd imagine a higher profile target also hosted would have a big issue raised about it.
i should not be here
revelator
Posts: 2621
Joined: Thu Jan 24, 2008 12:04 pm
Location: inside tha debugger

Re: main site infected?

Post by revelator »

Heh that plugin really reveals some scary stuff around the net :shock:
Productivity is a state of mind.
Spirit
Posts: 1065
Joined: Sat Nov 20, 2004 9:00 pm
Contact:

Re: main site infected?

Post by Spirit »

If you find that scary, try https://addons.mozilla.org/en-US/firefo ... lightbeam/
As far as Quake sites are concerned, you can start at http://www.quakeone.com , http://www.inside3d.com or http://www.quakewiki.net to get some tracking stuff down your throat...
Improve Quaddicted, send me a pull request: https://github.com/SpiritQuaddicted/Quaddicted-reviews
Post Reply