Damn those untrustworthy scoundrels...

[Llewen]

edit again: Last edit I hope. Apparently the problem was with an account that had access to the email templates. I'm guessing a weak password that was brute forced or something of that nature. Anyway, the problem is cleared up. Please return to the flames and festivities...

***

I'm getting code injected into the subjects of emails I'm receiving from Stratics again. I don't know who to send this to, or I would use a pm to say this, but you need to shut the boards down, clean up the mess, and for the gods' sake, find a patch for the vulnerability that's allowing this to happen, or code a fix for it yourself.

I don't know what webserver software your host is using, but if Apache is being used, ModSecurity with the GotRoot rules set from Atomicorp is something you might want to look into.

***

edit: I'm not receiving the corrupted emails anymore, and I have found no trace of the url in question or the iframes in the forums, so it's safe to say that this time it wasn't anywhere near as serious as it was the last time.

 

[Sergul'zan_SP]

Re: Stratics has been hacked again

If you're using apache and you get hacked, you should never be allowed near a server again.

If you're using IIS and you do or don't get hacked, you should never be allowed near a server again.

 

[phantus]

Re: Stratics has been hacked again

If you're using apache and you get hacked, you should never be allowed near a server again.

If you're using IIS and you do or don't get hacked, you should never be allowed near a server again.

There is nothing wrong with IIS. It can be secured if you know what the hell you are doing and don't rely on a tool to do it for you.

 

[kelmo]

Re: Stratics has been hacked again

What emails are you receiving from Stratics? Be specific please.

 

[Llewen]

Re: Stratics has been hacked again

There is nothing wrong with IIS. It can be secured if you know what the hell you are doing and don't rely on a tool to do it for you.

Unfortunately with IIS you need a post graduate degree from Microsoft to "know what the hell you are doing"...

 

[Llewen]

Re: Stratics has been hacked again

What emails are you receiving from Stratics? Be specific please.

I pm'd Petra with the details. The emails are the reply notifications for threads I am subscribed to. This is the code (url defaced):

<iframe src=http://***.com/data/readme.htm width=0 height=0></iframe>

It's in the subject lines of the emails, and all through the emails, just like it was before. Note that it is a different url, but it is also WoW related.

 

[Black Sun]

Re: Stratics has been hacked again

Just noticed it on an email I got too. I sent George a PM on staff boards. Hopefully they can catch it quick.

 

[Llewen]

Re: Stratics has been hacked again

The Stratics boards should be disabled.

 

[kelmo]

Re: Stratics has been hacked again

Stratics is not harming my computer.

 

[Black Sun]

Re: Stratics has been hacked again

I've not had any problems from any of the hack attempts either. Just a bunch of ugly frames to look at while browsing the forums.

Still, hope they can catch it early.

 

[Llewen]

Re: Stratics has been hacked again

Well typically with these things if Windows and your web browser are fully updated, you should be ok. However, it would still be my recommendation that the boards be disabled until the problem is fixed. I'm not worried about it myself, but there are still those who are less on top of their updates that could be vulnerable if they accidentally click the link.

It might even be possible for the link to load without it being clicked on. I know I just blocked the url with NoScript, so it is definitely trying to upload a script to my browser.

edit: Scratch that, with an iframe the link will load without your consent, including any scripts which are a part of the accompanying code, without you having to click on the link if you aren't using something like NoScript.

 

[Viper09]

Re: Stratics has been hacked again

I haven't noticed anything so far.

 

[Beer_Cayse]

Re: Stratics has been hacked again

me neither ... am at work: XP/SP2, Firefox with AdBlock Plus. I'll also try from home and report, but if like last time, nothing will occur at this point.

 

[Beastmaster]

Re: Stratics has been hacked again

Llewen,

Thanks for the heads up. Some of us like to browse here from work and these continued threats make it a dangerous proposition for some. In my case I have limits of use at work I must adhere to or face termination. If my PC flags a virus I'll have to explain it. Stratics has always been a safe bet for me in the past but I'm going to have to reconsider now. BTW, I'm not at work at the moment so I'm safe. My own PCs are much better protected than my work PC.

 

[Taylor]

Re: Stratics has been hacked again

Nothing here either.

 

[Black Sun]

Re: Stratics has been hacked again

As far as I can tell it's attached to automatically generated emails. However, the test email I sent myself had it attached, but a more recent report that I got on another post was free of any problems.

 

[Llewen]

Re: Stratics has been hacked again

I just ran the code from the website and didn't find the url, so it definitely isn't as bad as it was a few weeks ago.

 

[George]

Re: Stratics has been hacked again

Hi guys, I just cleaned our all the email templates that contained the iframe code.

To be clear, Stratics was not hacked again. The database was clean. What happened was the templates got hacked by an account that had access to them, and that hole is now plugged.

In the future, please contact myself, Petra or any admin with this. We will respond as quickly as possible. It really does more harm than good by starting inflammatory threads like this one.

After the problem is understood and fixed, or if we cannot fix it quickly, then is the right time to tell everyone.

 

[wanderer1origin]

Re: Stratics has been hacked again

isnt that like having a rabid animal in neighborhood and not alerting anyone till it is caught!!!

 

[Taylor]

Re: Stratics has been hacked again

isnt that like having a rabid animal in neighborhood and not alerting anyone till it is caught!!!

Nope.

 

[Derium of ls]

I kinda want to know why I can be on here for months and not see a pop up, but then times like today i click on Uhall and get a random ass pop up ad.

 

[Llewen]

Re: Stratics has been hacked again

In the future, please contact myself, Petra or any admin with this. We will respond as quickly as possible. It really does more harm than good by starting inflammatory threads like this one.

After the problem is understood and fixed, or if we cannot fix it quickly, then is the right time to tell everyone.

isnt that like having a rabid animal in neighborhood and not alerting anyone till it is caught!!!

Well to be perfectly honest, that was the reason why I chose to post a thread, rather than just sending a pm. Beyond the fact that there is no guarantee the mod I send a pm to is going to view my pm in a timely fashion, I happen to be of the opinion that if there is a problem it is better for people to know about it so that they can take precautions if they feel it is necessary. That was the reason why I also posted immediately in the Ultimate Online forums.

 

[TheScoundrelRico]

HEY!!! ...la

 

[Derium of ls]

Re: Stratics has been hacked again

That was the reason why I also posted immediately in the Ultimate Online forums.

Was that a typo of sorts?

 

[Llewen]

Re: Stratics has been hacked again

That was the reason why I also posted immediately in the Ultimate Online forums.

Was that a typo of sorts?

No it was not... A.K.A. UO Forums.

 

[Derium of ls]

was just checking

 

[Llewen]

was just checking

...

 

[Derium of ls]

fine fine! sorry for asking =(

 

[Llewen]

fine fine! sorry for asking =(

*sigh*

I think I need to go to bed...

*yawns*

 

[Derium of ls]

*sigh*

I think I need to go to bed...

*yawns*

but slap happy forum posting is the next best thing to drunk dialing