Jump to content


Photo

URGENT- site hacked


  • Please log in to reply
12 replies to this topic

#1 Takumi

Takumi
  • Admin
  • 8843 posts

Posted 09 May 2006 - 11:41 AM

All,

It seems the PIE site has been hacked. Many of you will have received two emails this morning - the first you should immediately delete, as it probably contains a virus. The second is from me, warning of this.

Those who visited the site this morning will have noticed popups. Odds are, you are now infected with a java virus; please remove this as quickly as possible. It seems even I was infected, when viewing the forum in Firefox and with AVG active scanner employed.

You'll note the forum skin has been reverted to the default, this skin is not affected and you may use the forum as normal.

Please ensure your virus definitions and so forth are up to date. Meanwhile, I can only apologise for this tedious and malicious act on our server. Actions are being taken to rectify the situation ASAP.

Stu.

#2 Mos Panor

Mos Panor

    ...and with a scissorkick, is victorious!

  • Members
  • 1762 posts

Posted 09 May 2006 - 11:46 AM

Fuck me! Jesus.

#3 Takumi

Takumi
  • Admin
  • 8843 posts

Posted 09 May 2006 - 11:47 AM

For those without AV, you may find this useful:

http://free.grisoft.com/doc/1

Although the active scanner DIDN'T pickup the virus as it was installed, it certainly removed it.

#4 MatrixCrawler

MatrixCrawler

    l33t coder

  • Members
  • 1631 posts

Posted 09 May 2006 - 12:21 PM

And i suggest you all activate the windows auto update function as it will protect you from this java virus.

There is NO need to worry if you a running a backup copy of windows.
Microsoft HAS to deploy sec updates to EVERYONE

#5 Zanne

Zanne
  • Members
  • 1393 posts

Posted 09 May 2006 - 12:37 PM

"backup copy" tongue.gif

Is there any reason to panic if I'm running mozilla under linux?

#6 MatrixCrawler

MatrixCrawler

    l33t coder

  • Members
  • 1631 posts

Posted 09 May 2006 - 12:44 PM

No idea.... i think the virus only works in the windows java version

#7 Takumi

Takumi
  • Admin
  • 8843 posts

Posted 09 May 2006 - 03:23 PM

Ok, extensive new security features have been added to hopefully prevent this happening again. No data was lost, and whilst we need to use this dreadful default skin for time being (whilst we pick out the virii from the other skins), the board should be safe to use.

My primary concern is the possible virus which people may have become infected with. I had to install Avast (a free AV program) in the end, as AVG wouldn't get rid of the damn thing. It was a java virus, I've no idea how problematic it was. Worth also noting that Avast has a browser scanner too, so perhaps it'll prevent this sort of thing in future.

Once bitten, twice shy. Sincerest apologies, we'll do our best to ensure this doesn't happen again.

Stu

#8 Majaraw Awalabas

Majaraw Awalabas
  • Members
  • 3061 posts

Posted 09 May 2006 - 03:55 PM

I've used AVAST and installed it on all immediate family & friends PCs for a couple years now.

Highly reccomended.

You can get the free version here.

#9 Archbishop

Archbishop
  • Members
  • 6252 posts

Posted 10 May 2006 - 05:04 AM

So I havent logged on since a couple of days ago, got the emails (but didnt hit the .exe file in the first one) and see only the default skin here. That means I'm safe?

What exactly was hacked and infected the old skin? Any ideas who did it?

Archie

#10 Mymh

Mymh
  • Members
  • 1027 posts

Posted 10 May 2006 - 05:26 AM

Thanks for the information and links.

QUOTE (Takumi @ May 9 2006, 01:47 PM) <{POST_SNAPBACK}>
For those without AV, you may find this useful:

http://free.grisoft.com/doc/1

Although the active scanner DIDN'T pickup the virus as it was installed, it certainly removed it.


I downloaded it and ran it, no virus found. Tho I did find a trojan in some files I only store on my HD for my bro', will make sure to let him know. wink.gif Anyways, just wanted to update my post with this info to inform you that AV found zero virus on my pc and before today I think it was 1,5 day since I logged in. It might be 'clean' now; at least as long as AV should be able to find any.

Edited by Mymh, 10 May 2006 - 06:01 AM.


#11 Takumi

Takumi
  • Admin
  • 8843 posts

Posted 10 May 2006 - 07:22 AM

Ah, that's good to hear. The hacker went to work around 11am and unleashed his repetoire about 20 minutes later. It was spotted by the guys on IRC minutes later and removed as quickly as I could, so I'm hoping it was an extremely limited exposure anyway.

#12 Noys

Noys
  • Members
  • 39 posts

Posted 20 May 2006 - 12:32 PM

Firefox browser + Thunderbird e-mail client + AVG free virus scanner = no security issues on my windows pc smile.gif

btw it's probably a javascript virus, not a java virus.

#13 Takumi

Takumi
  • Admin
  • 8843 posts

Posted 20 May 2006 - 01:27 PM

It's worth noting that I had the latest FF, AVG was installed and active and yet still managed to contract this java(script) virus, which seemed to attach itself to files in one of Sun's directories, hence my suspecting it to be plain Java.