Jump to content

Welcome to Ultima Online Forums
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account

Welcome to UOForums

If not already a member, take a moment to join our awesome community. It is free to sign up and there are no ads.

 

When you click on CREATE ACCOUNT, the sign up form will appear at the bottom of the forum.

 

If you have issues, like not receiving a validation email. Then please contact us by email help@uoforums.com and we will help you get set up.

 

If you wish to contact us about our site for other reasons, then please contact us by using the contact form in top right corner of the forum


Photo

Stratics: Reported attack page!

- - - - -

  • This topic is locked This topic is locked
122 replies to this topic

#1
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Anyone else getting this when visiting the Stratics forums?

Update, George the new CEO has confirmed Stratics has come under attack from a hacker.

Hi team,

A hacker got in around 6:00am GMT -7 today, either through an admin account he had access to or a security hole in vBulletin or Drupal.

The hacker defaced almost every page with an iframe injection, like
iframe src=http://xxxxxxxx/files/articles/News/wow.htm width=0 height=0 /iframe

He also added .gifs that Google Chrome reports as malware, like
http://xxxxxxxxxx/im.../pm_replied.gif

Stratics is showing warnings that malware may come up if you continue to view the page!

We changed all the admin passwords and are still cleaning out the injections from the database. When it is all fixed, the good news is we will be better prepared to handle this should it happen again.

If anyone knows more about this hacker or how he got in, please let me know immediately by PM or Skypexxxxxxxxx



#2
Guido

Guido

    Ultima Franchise Managing Editor and Site Moderator

  • Administrators
  • 2,005 posts

Anyone else getting this when visiting the Stratics forums?


I just got it on the main page... didn't even make it to the forums.

Esse Quam Videri
Out on the road today I saw a Black Flag Sticker on a Cadillac...

fs_pc.png


#3
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Yea, Google's diagnostic now says

What is the current listing status for vboards.stratics.com?
Site is listed as suspicious - visiting this website may harm your computer.



#4
Yelena

Yelena

    Advanced Member

  • Members
  • PipPipPip
  • 588 posts
i knew there was a reason for not going on that other site, thou with a linux box i would be safe

[SIGPIC][/SIGPIC]
Death comes in so meny forms and I know quite a few of them....http://img204.imageshack.us/i/yelenasig.jpg/


#5
Corvak

Corvak

    Huzzah!!

  • Members
  • 3,808 posts
Yep. I do recall it would flag in the forums if Google didn't like someone's host for their signature pictures.

Never saw it on the main page though. o.O

#6
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
When you load it up with Internet explorer, you get a series of cookie warnings

It tries to load two offsite html files, I googled the IP and it's an IP used for a previous phishing site for the halifax bank

I'm guessing the html of the forum has been altered to include said links, as the forum is showing some broken html/css (the > symbol in forum names and the inability to collapse/expand forums in FF)

#7
Queen Mum

Queen Mum

    A Cookie A Day Keeps The Blues Away!!!

  • Members
  • 5,130 posts
whats the halifax bank?

#8
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
It's a bank in the UK, called the Halifax

Halifax Online Banking - UK Banks, Finance, Personal, Telephone & Internet Banking

#9
Queen Mum

Queen Mum

    A Cookie A Day Keeps The Blues Away!!!

  • Members
  • 5,130 posts
oh wow ...
ty :)

#10
Llewen

Llewen

    Advanced Member

  • Members
  • PipPipPip
  • 93 posts
I'd stay away from Stratics for now until they get this sorted, and don't click on any links in any emails you may receive from Stratics either. They've been hacked and all their emails include a link to that malicious site.

#11
Warsong of LS

Warsong of LS

    Knowledge is power; Guard it well!

  • Members
  • 2,250 posts
nothing new, they have had this problem before. But thanks for the heads up though.
Hope is the first step on the road to disappointment

#12
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Yea, I would avoid going there for the time being at least.

Google's report page now confirms the presence of two trojans.

Of the 86 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-05-27, and the last time suspicious content was found on this site was on 2010-05-27.

Malicious software includes 2 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 7 new process(es) on the target machine.



#13
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Posted by George

Hi team,

A hacker got in around 6:00am GMT -7 today, either through an admin account he had access to or a security hole in vBulletin or Drupal.

The hacker defaced almost every page with an iframe injection, like
iframe src=http://xxxxxxxx/files/articles/News/wow.htm width=0 height=0 /iframe

He also added .gifs that Google Chrome reports as malware, like
http://xxxxxxxxxx/im.../pm_replied.gif

Stratics is showing warnings that malware may come up if you continue to view the page!

We changed all the admin passwords and are still cleaning out the injections from the database. When it is all fixed, the good news is we will be better prepared to handle this should it happen again.

If anyone knows more about this hacker or how he got in, please let me know immediately by PM or Skype xxxxxxxx).

Bit worrying they don't know how.

#14
Llewen

Llewen

    Advanced Member

  • Members
  • PipPipPip
  • 93 posts
Well I don't know if any of you remember Sarphus. He's a professional coder, and he's said for years that Stratics was a hack job waiting to happen.

#15
Guido

Guido

    Ultima Franchise Managing Editor and Site Moderator

  • Administrators
  • 2,005 posts
Google's now reporting that there are currently 6 trojans running there... and the latest backup is from February, according to TGN...

This is just sad, on so many levels.

Esse Quam Videri
Out on the road today I saw a Black Flag Sticker on a Cadillac...

fs_pc.png


#16
hawkeye_pike

hawkeye_pike

    Pirate

  • Members
  • PipPipPip
  • 52 posts
I didn't get any of these messages (maybe because I block ads and flash), but Stratics currently is completely messed up. The performance of Stratics has been horrible during the past weeks, and I already regret having my United Pirates message board hosted there. It may be time to move it once again...

Anyway, I'll stick to UO Forums for the time being.

#17
Lord Gareth

Lord Gareth

    Without The Community You Are Limited

  • Members
  • PipPipPip
  • 931 posts
Nice to see private staff forums posted on Uoforums. *Two thumbs up*

[SIGPIC][/SIGPIC]


#18
Guido

Guido

    Ultima Franchise Managing Editor and Site Moderator

  • Administrators
  • 2,005 posts
Looks like it's extended to the main stratics page now... someone seriously meant some ill will here.

Esse Quam Videri
Out on the road today I saw a Black Flag Sticker on a Cadillac...

fs_pc.png


#19
Gnomy

Gnomy

    Forum Legend

  • Members
  • 4,946 posts
I never liked Stratics myself.. but its sad that someone need to destroy for so many others :/

Posted Image


#20
Taylor V. Smith

Taylor V. Smith

    Director of Stratics

  • Members
  • PipPipPip
  • 347 posts
  • LocationWashington, D.C.
They've taken the site down to clean up the mess. Should return in a couple of hours.