EPTScForAll unsafe... - Page 5
| Forum Index > BW General |
|
ceaRshaf
Romania4926 Posts
| ||
|
aKshun
Australia18 Posts
On September 30 2009 22:34 StorrZerg wrote: Hope so, but i'm waiting for a mod or someone to confirm that its safe lol Not sure what my word is worth. But the website is clean on a cookies-disabled browser. It also no longer has the offending code at the bottom of its page source. Was hit with neither False-Flash request or notification from my AV | ||
|
nicoaldo
Argentina939 Posts
| ||
|
PokePill
United States1048 Posts
Anyone have any clue how a site like this gets hacked so easily to the point where people can upload files and run scripts? Is it XSS or SQL injection from a poorly managed server database design or what? | ||
|
Integra
Sweden5626 Posts
On October 02 2009 03:06 PokePill wrote: Anyone have any clue how a site like this gets hacked so easily to the point where people can upload files and run scripts? Is it XSS or SQL injection from a poorly managed server database design or what? It was done from an add/message created by a third party on the website using javascript. | ||
|
Deleriux
10 Posts
On October 02 2009 03:06 PokePill wrote: Anyone have any clue how a site like this gets hacked so easily to the point where people can upload files and run scripts? Is it XSS or SQL injection from a poorly managed server database design or what? Its much simpler than that - the code is appended to the end of the main files. The attacker has write access to them. Normally thats due to stolen FTP credentials. How that happens - well - generally keyloggers on machines that have access to FTP on scforall.com. Most of the places one gets these keyloggers added to your system is through sites of a less than dignified nature  .These type of attacks are sourced from botnets (keylogger sends FTP details to a botnet, a few hours later the botnet logs in to add its malware to the site). In most cases what happens is the botnet keeps resubmitting its hacks to the site to reverse the affect where a webmaster has removed the bad lines of code from the website. I see this all the time in my line of work. I emailed the site maintainers with curative/preventative measures to help stop this - I gather that Artosis is not responsible for this - it appears he merely updates the site content via the in built control panels for the website. Needless to say if they dont clear out the malware on systems that have FTP access to this site the site will continue to get infected - regardless of how often they change the FTP password. So - be warned - the site might be OK now but infected again tomorrow. We'll just have to wait and get a reliable confirmation that the system that has caused all these problems is cleared and the problem is rectified. I'm not familiar with Korean ISPs but if they tend to hand out static IP addresses it makes it far simpler to just firewall off FTP access to scforall.com to only a list of authorized IPs. | ||
|
Eukarya
United States29 Posts
Is this coming up on any other SC sites? | ||
|
Flaccid
8887 Posts
Don't be a faggot Artosis. Take your site down and stop spamming links until you get this fixed. I'd rather get fucking Rick-Rolled. edit: here is what scforall installs on your computer and how to get rid of it | ||
| ||
