Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store
IGNORED

Digital Press has been hacked

Jasoco

By Jasoco
in Modern Gaming Discussion

 Share

Recommended Posts

Jasoco River Patroller

Jasoco

Posted
Posted

I'm shocked. And I've emailed Joe Santulli about it.

 

Apparently, someone has hacked the Title portion of the phpBB's code so instead of displaying the title, the code twhere the title belongs has been replaced with a META tag that redirects you to a page (Which I will not post here.) containing a silly little fake message telling you in order to view the forums, you need a new plug-in. It is to laugh.

 

Due to the recent large volume of traffic we've been recieving, we have re-built our site to use a new framework which will speed things up significantly. This new system requires that you download a plugin in order to be able to access our site. Don't worry, this plugin won't harm your computer in any way, it will only enable your browser to communicate with our server more efficiently. You cannot view our site until you've installed this plugin.

 

Make sure you chose 'run' when asked what you want to do with this file.

 

Click here to install (147 KB)

Whatever you do, DO NOT RUN this program. It is most likely spyware or a virus. Either way, being on a Mac, I'm immune, but annoyed I can't even get to the forums. But at least I can warn people. It's funny, I wonder how they did it. Whoever they is.

 

And if you don't know what a Digital Press is, disregard this message. ;) :lol:

 

Okay, so I just wanted to post about it.

Link to comment
Share on other sites
christianscott27 Quadrunner

christianscott27

Posted
Posted

from the DP yahoo group

 

WARNING :: WARNING :: WARNING :: WARNING :: WARNING

 

The Digital Press forums are currently asking anyone visiting to install an

executable file.  DO NOT DOWNLOAD OR RUN THIS PROGRAM.  It contains a TROJAN

DOWNLOADER program called Worm/VB.CT - this has been inserted by a phpBB

exploit and is NOT something necessary to access the forums.

 

Repeating: DO NOT DOWNLOAD OR RUN THE EXECUTABLE FILE.  If you have done so,

please update your antivirus and malware software and scan your system

IMMEDIATELY.

 

 

Earl Green

a.k.a. "Phosphor Dot Fossils"

Digital Press Retrogaming Roundtable Admin

EG (pdf)

Link to comment
Share on other sites
NE146 Quadrunner

NE146

Posted
Posted
What the hell?  Is someone on an unholy crusade to destroy video games?  Another site I go to (rfgeneration.com) looks like it has been hacked too.

 

Actually someone is on a crusade against phpBB boards. Maybe we should all move back to Usenet :)

Link to comment
Share on other sites
-^CrossBow^- Quadrunner

+-^CrossBow^-

Posted
Posted

Yeap...last night CAG forums were hit also. They already got it fixed and taken care of. So by the time I even found out about it...they were already back up and going strong again.

 

But yeah..it seems strange that all these PHP based boards are getting hit like this. By any chance, do mose of these boards operate from a single PHP master server? For instance is some server involved in the PHP forum process outside of the normal host?

 

Because this only makes sense if like one or two servers were actually targeted and hit and then of course it probagated to all Forums networking through them.

Link to comment
Share on other sites
Albert Quadrunner

Albert

Posted
Posted
But yeah..it seems strange that all these PHP based boards are getting hit like this. By any chance, do mose of these boards operate from a single PHP master server? For instance is some server involved in the PHP forum process outside of the normal host?

 

Nope, all these servers run independently of one another and they were all hacked separately. After examining our server logs, it became obvious that someone simply stepped through the list of phpBB forums at big-boards.com. After I fixed our forums, I took a look through the forums linked at big-boards.com, and many of them were also hacked in the same fashion (this includes DP, which is on the list).

 

phpBB has been a big target lately for exploits of this nature. It seems to be the Microsoft Windows of forum software. I'll be glad when we get the hell away from it.

 

..Al

Link to comment
Share on other sites
Albert Quadrunner

Albert

Posted
Posted
They're using google to find phpbb sites.  It's a known vulnerability and a patch has been available for a while.  Our guild site was hit a little while back as well.

 

This is actually an entirely different vulnerability that was only revealed on Sunday (two days ago).

 

..Al

Link to comment
Share on other sites
Albert Quadrunner

Albert

Posted
Posted
If you guys do decide to switch to a new software, make sure you use one that can import all our info like MacAddict did. Nothing worse or more of a turn off than an empty forum, especially to newcomers.

 

We long ago decided to move to new software because of other, entirely different problems with phpBB. However, nothing lights a fire under your ass like actually getting your forum hacked. ;)

 

..Al

Link to comment
Share on other sites
liquid_sky Quadrunner

liquid_sky

Posted
Posted
If you guys do decide to switch to a new software, make sure you use one that can import all our info like MacAddict did. Nothing worse or more of a turn off than an empty forum, especially to newcomers.

 

We long ago decided to move to new software because of other, entirely different problems with phpBB. However, nothing lights a fire under your ass like actually getting your forum hacked. ;)

 

..Al

 

Do you think that Invision's liscensing is set up to better inform users of problems before things like this arise?

Link to comment
Share on other sites
Albert Quadrunner

Albert

Posted
Posted
Do you think that Invision's liscensing is set up to better inform users of problems before things like this arise?

 

No, not really. I have seen some patches released for IPB, but I don't think it's being targeted by hackers as heavily as phpBB is. Because IPB is no longer free, it will not be used by as many sites as phpBB, and it's often the most visible target (phpBB in this case) that gets attacked. It's also possible that the phpBB code has more vulnerabilities in it, but that's a difficult thing to prove.

 

..Al

Link to comment
Share on other sites
liquid_sky Quadrunner

liquid_sky

Posted
Posted
Do you think that Invision's liscensing is set up to better inform users of problems before things like this arise?

 

No, not really. I have seen some patches released for IPB, but I don't think it's being targeted by hackers as heavily as phpBB is. Because IPB is no longer free, it will not be used by as many sites as phpBB, and it's often the most visible target (phpBB in this case) that gets attacked. It's also possible that the phpBB code has more vulnerabilities in it, but that's a difficult thing to prove.

 

 

..Al

 

Yeah, it could be argued either way that the open source nature (Or IS phpbb open? I forger) gave people more chances to try exploits but at the same time should give the community a chance to see these bugs prior to migrating the software all over the web. :ponder:

Link to comment
Share on other sites
Albert Quadrunner

Albert

Posted
Posted
Yeah, it could be argued either way that the open source nature (Or IS phpbb open? I forger) gave people more chances to try exploits but at the same time should give the community a chance to see these bugs prior to migrating the software all over the web.  :ponder:

 

The source code for both forums is available, I don't think that alone has any bearing on the large number of phpBB exploits. IPB is a commercial application, yes, but you can view the code for it just as easily as you can for phpBB.

 

..Al

Link to comment
Share on other sites
Mitch Quadrunner

+Mitch

Posted
Posted
Hey for kicks you should just go back to the Nexus style forums and see what people say :D

 

Hmm, are you talking about the original Nexus boards? I think those were on some freebee public message board. Man that was along time ago...

Anyone else still around from those days? :D

 

Mitch

Link to comment
Share on other sites
-^CrossBow^- Quadrunner

+-^CrossBow^-

Posted
Posted
Hmm, are you talking about the original Nexus boards? I think those were on some freebee public message board. Man that was along time ago...  

Anyone else still around from those days?

 

 

<---- me raises hand....

 

:D

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2023 AtariAge

×
×
  • Create New...