InsideQC Forums

when going to inside3d.com i get a warning from my antivirus and something gets blocked, you should check this asap...

Definitely is some sql injection attack - the affected area is a Jan 1 2014 newspost, replaced with a XSS refresh attack.

http://i.minus.com/iWwp3hyUEHYyL.jpg
Yep...

RequestPolicy is a nice extension to have for these situations.

i entered the main page through my companys intranet o.O i hope its okay...

Hmm kaspersky not picking anything up but better safe than sorry.

Neither scar3crow or myself have access to that part of i3d, so unless we can get in touch with FrikaC or marv (atomicgamer), theres nothing that can be done. :/

get on irc

I did. FrikaC's not around, and I'm too scared to bug marv about it. (besides I don't know marv's e-mail!)

I don't get why people do this kind of stuff, this is such a small website, why are we a target?

leileilol's recommendation of the plugin got me around that stupid redirect, but this is kinda unexpected.

Everyones a valid target this day.

Most users use the same passwords for several other sites and sometimes even for homebanking (very bad idea btw) not saying that was the intent here but be aware.

Problem appears to be resolved, it was made possible by compromised credentials, feel free to change your passwords. I haven't seen evidence the forum was compromised, but unlike Taylor Swift I am not a security expert, so don't rely on me for that.

If it were compromised i'd imagine a higher profile target also hosted would have a big issue raised about it.

Heh that plugin really reveals some scary stuff around the net

If you find that scary, try https://addons.mozilla.org/en-US/firefo ... lightbeam/
As far as Quake sites are concerned, you can start at http://www.quakeone.com , http://www.inside3d.com or http://www.quakewiki.net to get some tracking stuff down your throat...