Item Search
     
BG-Wiki Search
+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 52
  1. #1
    New Merits
    Join Date
    Jul 2006
    Posts
    210
    BG Level
    4
    FFXI Server
    Leviathan

    RMT putting keyloggers on specific Dynamis websites now?

    Has this happened to anyone else?

    Our Dynamis linkshell i run Alttab on Leviathan recently seems to have a Trojan and Keylogger on the main page of the site. you don't even have to be logged in to get it. One of our members was immedietely stolen and transfered to hades server. She contacted POL quickly and they froze it and said they will roll it back for her. Two other members got viruses but deleted them in time and had no ill effects. I'm not sure where the virus is. I have not gotten anything bad but I have firefox and NoScript.

    Can anyone tell me where the virus is or what I can do to "remove" it?

    PLEASE DON'T CLICK THE LINK unless you have good security measures aka Firefox with NoScript. alttab.forumup.com

  2. #2
    Doctor Shantotto Supporter
    Join Date
    Apr 2006
    Posts
    132
    BG Level
    3
    FFXI Server
    Odin

    Re: RMT putting keyloggers on specific Dynamis websites now?

    It's not specific dynamis sites but any site related to FFXI, sites that use open-source codes especially outdated versions have a very high chance of being hacked into.

    This is because when a bug is found in a certain version of an open-source software, it's usually published on their website publicly. Thus anyone has easy access to the details about the problem. So if you happen to use an old version of the software which still contains that bug, any random passerby can exploit that bug.

  3. #3

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by wyred
    This is because when a bug is found in a certain version of an open-source software, it's usually published on their website publicly. Thus anyone has easy access to the details about the problem. So if you happen to use an old version of the software which still contains that bug, any random passerby can exploit that bug.
    Open reporting of bugs is a good thing. I guarantee you those sploits would exist regardless of open reporting, but at least this way people know what to patch and why.

  4. #4
    Salvage Bans
    Join Date
    Jun 2007
    Posts
    769
    BG Level
    5
    FFXIV Character
    Raiya Li'aurellia
    FFXIV Server
    Moogle
    FFXI Server
    Asura

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Deollyn from my linkshell on asura was also jacked and dumped on hades as well might be the same group.

  5. #5
    Cerberus
    Join Date
    Mar 2005
    Posts
    395
    BG Level
    4
    FFXI Server
    Leviathan

    Re: RMT putting keyloggers on specific Dynamis websites now?

    I just went over the source to your forums index page and it's clean, nothing I can find in there bad.

    It's very possible sub pages such as threads themselves or forum listing is infected, so if you find out which page it is exactly let me know and I can look over it.

  6. #6
    New Merits
    Join Date
    Jul 2006
    Posts
    210
    BG Level
    4
    FFXI Server
    Leviathan

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by Aikar
    I just went over the source to your forums index page and it's clean, nothing I can find in there bad.

    It's very possible sub pages such as threads themselves or forum listing is infected, so if you find out which page it is exactly let me know and I can look over it.
    Thank you i appreciate it.

    I was told by others it was the main page itself. But I am not sure. There are no pages that are member view only (IE all the pages you can see publicly, you can see them all as a member too)

    A friend told me this is what he got from the main site:

    http://img263.imageshack.us/img263/2...terfoumxn9.jpg

    I am usually computer literate, but not in this area I am not.

  7. #7
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,066
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Re: RMT putting keyloggers on specific Dynamis websites now?

    I checked the source as well and I can't find anything bad.

    OH SHIT, I turned off adwatch and now I see tons of fucking ads all over your front page. I'm guessing it came from one of them.

  8. #8
    Relic Weapons
    Join Date
    Mar 2006
    Posts
    398
    BG Level
    4

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Which company do you sell advertising through?

    There's a non-zero chance that your dynamis website got infected via a banner ad.

    As for OSS vs. other approaches. The main difference is that once a bug or vulnerability is reported in OSS it's fixed (on average) in under 24 hours. For closed source like Apple or Microsoft products it's more like 3 months between initial reporting and a fix. Hell, it took apple over two weeks to fix the bug that felled the Macbook Air in the Pown to Own competition (which fell much earlier than either the windows or linux notebooks). The fix to the linux bug took under 24 hours. I actually found out it had fallen reading about the fix.

  9. #9
    My Little Ixion
    Join Date
    Aug 2007
    Posts
    8,069
    BG Level
    8
    FFXIV Character
    Olorin Bustyoas
    FFXIV Server
    Sargatanas
    FFXI Server
    Ramuh

    Re: RMT putting keyloggers on specific Dynamis websites now?

    RMT hackers have been putting shit into the text-based advertising lately and that's most likely how it happened. This is the same way high-traffic websites such as FFXI Atlas and FFXIAH got compromised.

    Your absolute best defense against this, if your linkshell uses a website supported by advertising such as this or a basic Guildportal account, is to have Firefox running with NoScript active, have your Java/Javascript settings down to almost NOTHING, and keep a malware scanner running just in case to block trojans that get around all this.

  10. #10
    New Merits
    Join Date
    Jul 2006
    Posts
    210
    BG Level
    4
    FFXI Server
    Leviathan

    Re: RMT putting keyloggers on specific Dynamis websites now?

    I have had problems in the past with forumup.com and I am going to relocate our forums as soon as I have time.

    Can people recommend some good choices? Free preferable but I'd even pay a small amount if needed for a good place.

  11. #11
    Relic Weapons
    Join Date
    Jan 2008
    Posts
    298
    BG Level
    4
    FFXI Server
    Leviathan

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by Olo401
    LOL kick ass sig dude.

  12. #12

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by Olo401
    RMT hackers have been putting shit into the text-based advertising lately and that's most likely how it happened. This is the same way high-traffic websites such as FFXI Atlas and FFXIAH got compromised.

    Your absolute best defense against this, if your linkshell uses a website supported by advertising such as this or a basic Guildportal account, is to have Firefox running with NoScript active, have your Java/Javascript settings down to almost NOTHING, and keep a malware scanner running just in case to block trojans that get around all this.
    that's not entirely true. ffxi atlas was also infected more directly. there was an iframe imbedded into their news listings (ironically RIGHT below a notice that they'd dealt with the virus problem!) but what you say is largely true. CGF create ffxi related "advertising" with a payload and simply send it out to the advertising firms. the ad firms determine the content of the pages and display targeted advertising which sometimes includes this poison ad. idiot proof surgical attack on your primary target. you have to appreciate the effectiveness of it, even if it sickens you to see this crap continue.

    this is yet another reminder why safe browsing practices are so important. we ARE the targets anymore. our accounts are worth more than a bank account in many cases and the account security and recovery options provided by SE are zero as compared to a bank. we're valuable, low hanging fruit and even with all the hell we've endured, this is only the tip of the iceberg. stay safe and protect yourself or you will fall victim.

  13. #13
    RIDE ARMOR
    Join Date
    Jul 2007
    Posts
    11
    BG Level
    1

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by hotpiercedguy
    I have had problems in the past with forumup.com and I am going to relocate our forums as soon as I have time.

    Can people recommend some good choices? Free preferable but I'd even pay a small amount if needed for a good place.

    i use to use http://invisionfree.com/, its great.
    easy to use, lots of difference skins on their forums and is free :D
    also has nothing to do with FFXI so you shouldn't have a problem with bad ads on it.

    to get other skins/mods go to http://forums.ifskinzone.net/ then click on forums.

  14. #14
    Yoshi P
    Join Date
    Oct 2006
    Posts
    5,495
    BG Level
    8
    FFXI Server
    Leviathan

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by hotpiercedguy
    I have had problems in the past with forumup.com and I am going to relocate our forums as soon as I have time.

    Can people recommend some good choices? Free preferable but I'd even pay a small amount if needed for a good place.
    Click the link in Aikar's sig (faNetworks.net). He has very good, affordable options, and having a host that you can contact so easily is a definite plus. I used his services to run my old linkshell's website and I definitely recommend it. He also hosts BGWiki.

    Easy to setup a phpBB account and Ventrilo for your linkshell as well. I wouldn't recommend using a free site, as they are rarely secure, when you can get services like this for relatively low cost.

  15. #15
    New Merits
    Join Date
    Jul 2006
    Posts
    210
    BG Level
    4
    FFXI Server
    Leviathan

    Re: RMT putting keyloggers on specific Dynamis websites now?

    I will check him out I think. To boot he's on my server as well lawlz. So that would be a plus.

    Thanks to everyones input.

  16. #16
    Banned.
    Account locked at request of user.

    Join Date
    Feb 2006
    Posts
    9,843
    BG Level
    8

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by Rydir
    Quote Originally Posted by Olo401
    LOL kick ass sig dude.

  17. #17
    My Little Ixion
    Join Date
    Aug 2007
    Posts
    8,069
    BG Level
    8
    FFXIV Character
    Olorin Bustyoas
    FFXIV Server
    Sargatanas
    FFXI Server
    Ramuh

    Re: RMT putting keyloggers on specific Dynamis websites now?

    The best solution is to drop some coin for a domain and run your own ls website. You don't have to deal with advertising, people popping poison iframes, etc.. at most you'll need to restrict any access to posting on a case-by-case basis.

    Re: my sig image.. I got lucky finding this thing, some calc professor was using it on a discussion board that I stumbled across a couple months ago.

  18. #18
    Melee Summoner
    Join Date
    Oct 2006
    Posts
    35
    BG Level
    1

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Something that's kind of been bugging me recently and maybe a pretty stupid question. If you are being keylogged, basically your password is compromised. How do these people know what account number to use to match with the password? Do they brute force the account number?

  19. #19

    Re: RMT putting keyloggers on specific Dynamis websites now?

    just get your own domain and put a phpbb board on it

  20. #20

    Re: RMT putting keyloggers on specific Dynamis websites now?

    Quote Originally Posted by Vlint
    Something that's kind of been bugging me recently and maybe a pretty stupid question. If you are being keylogged, basically your password is compromised. How do these people know what account number to use to match with the password? Do they brute force the account number?
    Something to add to this, don't you guys have your ids and passwords saved? Even with a keylogger there would be no way for RMT to compromise my account.

Similar Threads

  1. Sage Sundi on RMT, also info on the next MMO from SE
    By RedFlare in forum FFXI: Everything
    Replies: 35
    Last Post: 2007-09-07, 16:43
  2. Dynamis Lord now drops....
    By Lordwafik in forum FFXI: Everything
    Replies: 45
    Last Post: 2006-04-15, 20:32
  3. Ballista Royale on Vana'diel Live now
    By Correction in forum FFXI: Everything
    Replies: 33
    Last Post: 2006-01-16, 02:18