Item Search
     
BG-Wiki Search
Page 2 of 7 FirstFirst 1 2 3 4 ... LastLast
Results 21 to 40 of 138
  1. #21
    RIDE ARMOR
    Join Date
    May 2008
    Posts
    12
    BG Level
    1

    Re: **WARNING** Somepage.com compromised yet again.

    What plugin are you using to prevent Iframe?

  2. #22
    Yoshi P
    Join Date
    Oct 2006
    Posts
    5,478
    BG Level
    8
    FFXI Server
    Leviathan

    Re: **WARNING** Somepage.com compromised yet again.

    That's NoScript.

    As for Alla, you're much more likely to get infected there than from other places.

  3. #23
    Puppetmaster
    Join Date
    Feb 2008
    Posts
    64
    BG Level
    2
    FFXI Server
    Odin
    WoW Realm
    Dalaran

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Therin
    That's NoScript.

    As for Alla, you're much more likely to get infected there than from other places.
    Yeah, what makes you think Alla is safer than FFXIClopedia or FFXIAH? You should have AdBlock, and maybe NoScript installed anyway, so you shouldn't be at that much of a risk in the first place.

  4. #24
    Salvage Bans
    Join Date
    Jun 2007
    Posts
    771
    BG Level
    5

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by terranova
    I just read their mission pages to see different approaches people have made and what works and what doesn't.

    But with the amount of ads that pop up, Im surprised RMT hasn't planted a billion trojans in it. (Then again the site/company is owned by IGE so..)
    alla hasn't been owned by them in over a year atleast, pikko can probably attest to that. as for alla getting hit, they have been known to be attacked by scripters who spam forum posts with illegitimate links, thats about it.

  5. #25
    ٩๏̯͡๏)۶

    Join Date
    Jun 2005
    Posts
    12,248
    BG Level
    9
    FFXI Server
    Asura
    WoW Realm
    Barthilas

    Re: **WARNING** Somepage.com compromised yet again.

    Please also keep this in mind when installing noscript :

    Noscript by default has Iframes UNBLOCKED. Go to the options and turn it on, someone I know got hacked because he thought that just installing noscript would help, unfortunately something he looked over took over him.

  6. #26
    Puppetmaster
    Join Date
    Feb 2008
    Posts
    64
    BG Level
    2
    FFXI Server
    Odin
    WoW Realm
    Dalaran

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Lordwafik
    Please also keep this in mind when installing noscript :

    Noscript by default has Iframes UNBLOCKED. Go to the options and turn it on, someone I know got hacked because he thought that just installing noscript would help, unfortunately something he looked over took over him.
    Thanks for that, I had no idea it wouldn't block that, what with everything else it blocks >.>

  7. #27
    Relic Weapons
    Join Date
    Sep 2007
    Posts
    382
    BG Level
    4

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Darkhavans
    Quote Originally Posted by Lordwafik
    Please also keep this in mind when installing noscript :

    Noscript by default has Iframes UNBLOCKED. Go to the options and turn it on, someone I know got hacked because he thought that just installing noscript would help, unfortunately something he looked over took over him.
    Thanks for that, I had no idea it wouldn't block that, what with everything else it blocks >.>
    Yup same here. I'm pretty grateful atm that I haven't been hijacked yet, being that's the case.

  8. #28
    Ridill
    Join Date
    Feb 2007
    Posts
    15,554
    BG Level
    9

    Re: **WARNING** Somepage.com compromised yet again.

    Did a bit of a google fu to see if maybe there were any known winlogon.exe hacks since Prosek mentioned that to be the only oddity, and this thread came up. A post or two down should have someone talking shop about various things related to winlogon and later posts suggest means or removal and reinstallation.

    Since I can only assume I'm clean at the moment, perhaps Prosek could look at that and see if winlogon had been recently modified like the infected person mentioned. I just checked the one on this system and it was last modified in 2004, so I think I'm good. If his winds up looking recently tainted, it might help us discern more precise means of identifying and protecting people in the future. Not to mention maybe informing Windows of a security breach that that they could later, hopefully patch.


    Edit: Also, since this playon1ine.com thing seems to be consistent, would it be safe to assume we could tweak our HOSTs file to redirect to a null address in the event of being compromised? Hell, I'd go as far as to create null strings for all possible obvious, but easily overlooked to the eye variations of playonline like pIayonline, p1ayonline, etc.

  9. #29
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,065
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Re: **WARNING** Somepage.com compromised yet again.

    How can I tell what scripts are being blocked? As I'm writing this post, i see 8 scripts have been blocked at the bottom of my screen, but I don't know what they are.

  10. #30
    ٩๏̯͡๏)۶

    Join Date
    Jun 2005
    Posts
    12,248
    BG Level
    9
    FFXI Server
    Asura
    WoW Realm
    Barthilas

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Izzy
    How can I tell what scripts are being blocked? As I'm writing this post, i see 8 scripts have been blocked at the bottom of my screen, but I don't know what they are.
    You should be able to click on a tab or icon of the noscript at the bottom in the right corner of the window, it will pop up telling you which scripts it is blocking. Generally unblocking the website you're browsing while blocking the "things you don't know" and/or advertisements on the page will be safe.

  11. #31
    Melee Summoner
    Join Date
    May 2008
    Posts
    31
    BG Level
    1

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by arus2001
    Did a bit of a google fu to see if maybe there were any known winlogon.exe hacks since Prosek mentioned that to be the only oddity, and this thread came up. A post or two down should have someone talking shop about various things related to winlogon and later posts suggest means or removal and reinstallation.

    Since I can only assume I'm clean at the moment, perhaps Prosek could look at that and see if winlogon had been recently modified like the infected person mentioned. I just checked the one on this system and it was last modified in 2004, so I think I'm good. If his winds up looking recently tainted, it might help us discern more precise means of identifying and protecting people in the future. Not to mention maybe informing Windows of a security breach that that they could later, hopefully patch.


    Edit: Also, since this playon1ine.com thing seems to be consistent, would it be safe to assume we could tweak our HOSTs file to redirect to a null address in the event of being compromised? Hell, I'd go as far as to create null strings for all possible obvious, but easily overlooked to the eye variations of playonline like pIayonline, p1ayonline, etc.
    Unfortunately I have already wiped my gaming boxes, formated, and reinstalled. Though I suppose I could try to get reinfected on a quarantine system.

  12. #32
    Ridill
    Join Date
    Feb 2007
    Posts
    15,554
    BG Level
    9

    Re: **WARNING** Somepage.com compromised yet again.

    I know it's a hassle of your time, but it should help us collectively discern a solution with you (unfortunately) having the least to lose at this point unless someone else has some spare machines they could do a base POL install on without any kind of account information entered/stored. Guess someone could volunteer one of those $2 trial accounts for testing purposes, too.

  13. #33
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,065
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Lordwafik
    Quote Originally Posted by Izzy
    How can I tell what scripts are being blocked? As I'm writing this post, i see 8 scripts have been blocked at the bottom of my screen, but I don't know what they are.
    You should be able to click on a tab or icon of the noscript at the bottom in the right corner of the window, it will pop up telling you which scripts it is blocking. Generally unblocking the website you're browsing while blocking the "things you don't know" and/or advertisements on the page will be safe.
    It's telling me this:

    Scripts Currently Forbidden | <SCRIPT>:8 | <OBJECT>:0

    Is there anything more detailed? lol

  14. #34
    ٩๏̯͡๏)۶

    Join Date
    Jun 2005
    Posts
    12,248
    BG Level
    9
    FFXI Server
    Asura
    WoW Realm
    Barthilas

    Re: **WARNING** Somepage.com compromised yet again.

    when I go home i'll give you more info, like 1hour or so.

  15. #35
    WASTE OF CURRENCY
    I CAN'T I CAN'T I CAN'T

    Join Date
    Feb 2006
    Posts
    9,065
    BG Level
    8
    FFXIV Character
    Izzy Izumi
    FFXIV Server
    Sargatanas
    FFXI Server
    Phoenix
    WoW Realm
    Arthas

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Lordwafik
    when I go home i'll give you more info, like 1hour or so.
    Thanks <3. After I added BG to my Whitelist, the <SCRIPT>: 3 changed to <SCRIPT>: 4 lol.

  16. #36
    Ridill
    Join Date
    May 2005
    Posts
    13,568
    BG Level
    9

    Re: **WARNING** Somepage.com compromised yet again.

    its some ADODB internet explorer injection. theoretically you should be safe using firefox...in reality you should probably just avoid the site

  17. #37
    Ridill
    Join Date
    Feb 2007
    Posts
    15,554
    BG Level
    9

    Re: **WARNING** Somepage.com compromised yet again.

    Possibly risking my ass having done this, but I decided to try and follow through the directories on that dummy site a bit. Just going straight playon1ine.com only has a forbidden blurb in the page source, and jumping to /pcd does the same. Things get more lively when you jump to where the iframe directly links.

    I don't know jack about Java, but that's basically what looks to be fueling the event. It looks like a few variables are set based on your browser settings, and then it looks to be referencing some realplayer stuff like last time. The source looks to reference a couple secondary pages, which I'll just call 10 and 11. 10 had 2 sound files I didn't risk downloading, but I imagine those paired with whatever exploit it's using is the meat of the attack.

    I can go back and yoink the code to post if the admins think it'd do any good in the hands of coder types, but I'd rather not for now under the impression some would see it as me trying to jack people.

    Edit: And as I typed this, Aurik made his post on his thoughts. I saw the ADODB stuff, and almost wanted to think "adobe exploit" but the real stuff later on kinda deviated that thought.

  18. #38
    Ridill
    Join Date
    May 2005
    Posts
    13,568
    BG Level
    9

    Re: **WARNING** Somepage.com compromised yet again.

    adodb isn't adobe, it's just a generic exploit

    yes there's references to realplayer exploits as well. if the initial vector fails, it falls back on those

  19. #39
    A. Body
    Join Date
    Jan 2006
    Posts
    4,008
    BG Level
    7
    WoW Realm
    Area 52

    Re: **WARNING** Somepage.com compromised yet again.

    how lovely that chinese rmt can find the time to put more malicious I.frames on fansites instead of ohhhhh i don't know maybe helping out with the earthquake aftermath.

  20. #40
    ٩๏̯͡๏)۶

    Join Date
    Jun 2005
    Posts
    12,248
    BG Level
    9
    FFXI Server
    Asura
    WoW Realm
    Barthilas

    Re: **WARNING** Somepage.com compromised yet again.

    Quote Originally Posted by Izzy
    Quote Originally Posted by Lordwafik
    when I go home i'll give you more info, like 1hour or so.
    Thanks <3. After I added BG to my Whitelist, the <SCRIPT>: 3 changed to <SCRIPT>: 4 lol.

    Here you go

Page 2 of 7 FirstFirst 1 2 3 4 ... LastLast

Similar Threads

  1. WARNING: Update your Flash player!
    By Suterusu in forum FFXI: Everything
    Replies: 22
    Last Post: 2008-06-03, 12:27
  2. somepage.com owner
    By masag0 in forum FFXI: Everything
    Replies: 21
    Last Post: 2007-12-16, 15:41
  3. Version Update 8/27/07
    By Not Kuno in forum FFXI: Everything
    Replies: 682
    Last Post: 2007-08-28, 19:01
  4. June Version Update (04/27/2007)
    By Almalexia in forum FFXI: Everything
    Replies: 335
    Last Post: 2007-05-03, 16:34
  5. New Dynamis Zones Drops - Updated 12/27 w/ AF2-1
    By Lui in forum FFXI: Everything
    Replies: 80
    Last Post: 2005-12-27, 18:20