Malicious script inserted into our site

Status
Not open for further replies.

Ceewan

Famished
Jul 23, 2008
9,151
17,033
yep, this was worth a giggle. Malicious javascript, who would have thunk it?!? Yep, hackers know their code.

Doesn't seem like much harm was done. Looks like someone was just showing off. It could have been worse. You probably weren't the only target though, unless you really pissed someone off. In which case they will be back. Not my guess, (at least not until they are done spreading around whatever clever codes they've made), but it is concievable.
 

Talix

New Member
Dec 28, 2006
15
0
Sounded like cross site scripting and SQL injection attacks. If your running Apache then you might want to think about installing modsecurity module. It's pretty good at protecting against most basic attacks and we use it in on our Internet facing servers. Of course it's a web application firewall so needs tweaking or else it might break some things initially. I have a basic setup guide I wrote for my team if you're interested.
 

heartles2

Active Member
May 25, 2009
109
69
Is it true that i is dangerous to re-visit a site that was very recently hacked because it could still be vulnerable to infect other users?
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
Is it true that i is dangerous to re-visit a site that was very recently hacked because it could still be vulnerable to infect other users?

In general...I would have to say yes. A site that has proven vulnerable is more likely to still be vulnerable until proven different. However as far as "getting infected" I would think each visitor here has to take some personal responsibility and protect his or herself from unwanted intrusions and virus infections, (such as a basic firewall and an antivirus program). Neither would I think that akiba-online nor any other forum be a place to store sensitive personal information. An ounce of prevention is worth a pound of cure, is it not?
 

Talix

New Member
Dec 28, 2006
15
0
In reality no sites are safe. Lot of forums get hacked and don't know about it. Luckily the guys running the site have noticed. So I would actually trust this site more as you know they are trying their best as it's really a jungle out there. You have to protect your own system and not rely on someone else to do it for you as you can never know what will happen.

Here's some personal recommendations:
1) Make sure you have anti-virus (for free recommendation is "avast!")
2) Use Firefox with the below add-ons: *=minimal
- Adblock Plus *
- Adblock Plus Pop-up
- Element Hiding Helper for Adblock
- BetterPrivacy
- Flashblock *
- NoScript *
- Redirect Remover *
3) PeerBlock
4) Scan with "Spybot - Search and Destroy" once in a while. Make sure to Immunize and Hosts File update under Tools. Also check the "System Startup" if you know what you're doing.
5) Install only software and addons you really need and get the software from the original vendor or trusted sources
6) Always update and make sure to read what you're clicking for
7) Also OS does not make you more secure

Also if you're super paranoid about a site then like one of the guys said in this forum (forgot who)... use Sandboxie in conjunction with Firefox. I use it when I know I am going to a malicious site.
 
Status
Not open for further replies.