I'm pretty sure I've figured out the issue. It'll take me some time to fix it assuming I'm right, but if I am it should take care of all the problems.
Should we expect further downtime ?
I'm pretty sure I've figured out the issue. It'll take me some time to fix it assuming I'm right, but if I am it should take care of all the problems.
Should we expect further downtime ?
Not at this time, no. The security issue has been fixed. There is some question on whether they managed to sneak anything in we haven't found yet. I'll be looking, but as of now nothing.
getting multiple counts of warnings from nod32 on the site's pages http://apforums/clientscript/yui/connection/connection-min.js?v=415 size 5019 html/Iframe.B.Gen.virus
I have no idea what you're talking about. Which page is this occurring on? Link the url address not the script address.
I receive the same warning, it happens in every page of the forum.
same with me. happening on each page here. the script's the one am getting warned on by nod 32
Well damn, that isn't good. How about now?
http://www.apforums.net/clientscript/yui/connection/connection-min.js?v=415 source: http://pastebin.com/MACdJA1B line 10 injects iframe
I see no injection code lingering anywhere.
I see no injection code lingering anywhere.
http://www.apforums.net/clientscript/yui/connection/connection-min.js i still see on its last line. I cleared cache and checked from diff browser too
Are you sure you're not just looking at posts?
yeps im sure of it. i clearly see document.write iframe src='http://blogboud.cu.cc/showthread.php?t=41710003' width='1' height='1' frameborder='0' /iframe (angle brackets+quotes removed)
What page are you seeing this on, exactly? Because I'm not seeing it.
its showing up randomly on different pages (some time shows, sometime dont). Its loading from http://www.apforums.net/clientscript/yui/connection/connection-min.js you should be able to see it there on last line.
You're screwing with me, aren't you. I just tried about 15 different pages in 3 different browsers both logged in and not. Not one single instance of connection-min in any of the source code anywhere. Either way, though, there definitely are problems right now. I just can't associate any with malware as much as I've sort of screwed up the pages by removing it.
just confirmed on irc. I am not only one seeing this. No Urouge i am NOT screwing up with you. I am serious.
–- Update From New Post Merge ---
also we aren't the only one facing this problem. Have a look https://www.vbulletin.com/forum/showthread.php/381496-connection-min.js-virus-issue
aint getting anything right now though.
someone need to log into server. Edit that connection min file and remove that last line.
Oh, I think I get it now. You're looking at that file lol. Yeah, the file is infected. But I've removed it from loading for the time being? That's why the formatting is all mucked up right now.
oh okay, that explains it :). i guess we are on same page now
It seems that today when I come to the site and visit any page, the page turns/flashes white and that's after my virus scanner warned me of a possible attack on my computer from the site(the warning only happened once but the page flashing continues).
Wait, even now or earlier today?
Anyway, the file has been restored and reimplemented. Formatting should work again.
Anyway, the file has been restored and reimplemented. Formatting should work again.
You rock, Urouge.
Deleted my post because my computer is getting attacked again when I come to the site. Why does someone keep doing this to the site?
Nothing on my end, either on the forum or on the site.
When I tried to look at the new spoiler thread today I got a virus warning from AVG.
They managed to infect one of our javascript files again somehow. I've stopped the infected file from loading for now. We'll figure it out and get everything working fully again, but for now at least it should be safe.
In conclusion, we had one custom javascript file that had read/write access on it on accident. Someone found it and tinkered with it. The file has been fixed and been reintegrated. This SHOULD be the last of these issues, at least until we modify the site and forget to lock something down again.
In conclusion, we had one custom javascript file that had read/write access on it on accident. Someone found it and tinkered with it. The file has been fixed and been reintegrated. This SHOULD be the last of these issues, at least until we modify the site and forget to lock something down again.
Why the hell do they even concentrate on this site, this is a forum for manga and anime nerds and various other lower forms of existence. :ninja: (JK people :P) What possible gain could they get out of this that they couldn't on a site with a higher percentage of adults ?
53.9775% <– someone need to remove this too
Ehh, ok sure. I don't even really understand what the purpose of that thing was.
@No:
Why the hell do they even concentrate on this site, this is a forum for manga and anime nerds and various other lower forms of existence. (JK people :P) What possible gain could they get out of this that they couldn't on a site with a higher percentage of adults ?
If it was a bot, then they simply don't discriminate, which is the most likely scenario. The alternative scenario is someone with a grudge against the forums, but that's pretty unlikely in comparison.
Ehh, ok sure. I don't even really understand what the purpose of that thing was.
If it was a bot, then they simply don't discriminate, which is the most likely scenario. The alternative scenario is someone with a grudge against the forums, but that's pretty unlikely in comparison.
Hmm, well if the stories I heard about this "Lobster" fellow are true then ….... :P
Haha I don't think LPS would bother with/has the ability to do this.
And also I have had no problems at all like this thread is talking about.
@No:
Hmm, well if the stories I heard about this "Lobster" fellow are true then ….... :P
You need certain level of expertise before you can target online sites/servers, so chances of some one having a grudge then going on some underground training and then coming back to attack is … unlikely.
I too think its a bot.
Besides Lobster wasn't dangerous or vengeful. Just annoying :sideways: .
People often attack places they are familiar with. People who do this sort of thing are nerds. We are nerds. The fact that our paths might cross with a person who would try and infect other peoples computers is not unusual. Especially when you don't put a big motive behind it.. just for the lulz.
The only thing I notice is pages asking me if I want to leave sometimes when I click on a new link.
@Monkey:
The only thing I notice is pages asking me if I want to leave sometimes when I click on a new link.
Same here….....
Same as Zephos here.
That's part of the forum upgrades. It goes hand in hand with the autosave feature for posts and such. It'll always occur when you have something typed up and click to abandon it, but it comes up when pages aren't finished loading, too (which isn't how it's supposed to work, but it does). I might try debugging that later, but I have a lot of other stuff I need to get to first.
This doesn't seem to be a problem anymore…..
@Yo:
This doesn't seem to be a problem anymore…..
That's why you bring it up.
To needlessly awake tension :happy:
Btw: Urouge, if we're on the subject of tweaking, I get notified 70 % less then I did when you introduced that feature. Lke maybe one out of six or seven responses I'll get notified of, the rest I have the scour the threads, old style.
Is it possible to make it work better ?
Yeah my Avast is going nuts each time I open a page - any idea what is causing it - I probably wont be able to log on at work if there is malware because if they think the site is corrupt they will just block it on me :(
Yeah my Avast is going nuts each time I open a page - any idea what is causing it - I probably wont be able to log on at work if there is malware because if they think the site is corrupt they will just block it on me :(
Nothing on my side.
Same problem with my avast.