Divinity Banner
Previous Thread
Next Thread
Print Thread
Forum has been compromised #650494
17/10/18 08:38 PM
17/10/18 08:38 PM
Joined: Sep 2017
Posts: 9
L
lamp Offline OP
stranger
lamp  Offline OP
stranger
L

Joined: Sep 2017
Posts: 9
Hello your forums are compromised.

http://larian.com/forums/images/icons/default/exclamation.gif

This file in particular.

****************** Sophos Anti-Virus Log - 10/17/2018 8:37:30 PM **************


20181017 203349 Blocked web request to "larian.com/forums/images/icons/default/exclamation.gif" (linked from "larian.com/forums/ubbthreads.php") for user 'Mal/HTMLGen-A' has been found at this website, reference ID 98185450.
20181017 203520 Blocked web request to "larian.com/forums/images/icons/default/exclamation.gif" for user . 'Mal/HTMLGen-A' has been found at this website, reference ID 98185450.
20181017 203625 Blocked web request to "larian.com/forums/images/icons/default/exclamation.gif" (linked from "larian.com/forums/ubbthreads.php") for user 'Mal/HTMLGen-A' has been found at this website, reference ID 98185450.
(11 items)

Re: Forum has been compromised [Re: lamp] #650513
18/10/18 05:24 PM
18/10/18 05:24 PM
Joined: Sep 2016
Posts: 20
DuchessOfKvetch Offline
stranger
DuchessOfKvetch  Offline
stranger

Joined: Sep 2016
Posts: 20
I got a popup today taking me to one of those "You've won a free gift card!" pages.

Not sure if it's this site as you mention, or another site that might have a bad embedded advert.

Re: Forum has been compromised [Re: lamp] #650525
18/10/18 10:09 PM
18/10/18 10:09 PM
Joined: May 2017
Posts: 349
LaughingLeader Offline
enthusiast
LaughingLeader  Offline
enthusiast

Joined: May 2017
Posts: 349
I had the same issue a few minutes ago, when middle-clicking anywhere on the side:



Seems it's all cleared up now though?

Re: Forum has been compromised [Re: lamp] #650526
18/10/18 10:19 PM
18/10/18 10:19 PM
Joined: Sep 2016
Posts: 20
DuchessOfKvetch Offline
stranger
DuchessOfKvetch  Offline
stranger

Joined: Sep 2016
Posts: 20
Larian, pay your forum admin so they can update UBB software to remove the XSS vulnerabilities, plz.

AND MAYBE BUY A DAMNED HTTPS CERTIFICATE. It's 2018, no one should be running an insecure website, least of all a major software company.

Last edited by DuchessOfKvetch; 18/10/18 10:26 PM.
Re: Forum has been compromised [Re: lamp] #650534
19/10/18 11:54 AM
19/10/18 11:54 AM
Joined: May 2010
Posts: 3,191
The Frog & Hounds
vometia Offline

Duchess of Gorgombert
vometia  Offline

Duchess of Gorgombert

Joined: May 2010
Posts: 3,191
The Frog & Hounds
There's also a potential problem with a dubious-looking script; last I heard it was being looked into but I'm afraid not having admin privileges I can't do anything about it myself. frown I would recommend everybody uses NoScript if they don't already though.


J'aime le fromage.
Re: Forum has been compromised [Re: lamp] #650551
19/10/18 11:40 PM
19/10/18 11:40 PM
Joined: Sep 2018
Posts: 4
Chile
E
E. R-C. A. Offline
stranger
E. R-C. A.  Offline
stranger
E

Joined: Sep 2018
Posts: 4
Chile
Hello, I just opened the forum and got that popup, so I don't think it's been fixed.

Re: Forum has been compromised [Re: DuchessOfKvetch] #650562
20/10/18 12:24 PM
20/10/18 12:24 PM
Joined: Jan 2009
Posts: 6,096
Stabbey Offline
veteran
Stabbey  Offline
veteran

Joined: Jan 2009
Posts: 6,096
Originally Posted By: DuchessOfKvetch
I got a popup today taking me to one of those "You've won a free gift card!" pages.

Not sure if it's this site as you mention, or another site that might have a bad embedded advert.


Yep, I got something like that when clicking on a "go to last post button". It started doing a redirect to some site so I closed it immediately. The malicious address is gs.artltoken

Logging out of the forum until this is fixed.

Re: Forum has been compromised [Re: lamp] #650567
20/10/18 02:29 PM
20/10/18 02:29 PM
Joined: Jan 2018
Posts: 37
C
Core One Offline
apprentice
Core One  Offline
apprentice
C

Joined: Jan 2018
Posts: 37
Looks like the web site or forum had problem. I was redirected to another website for about three times after clicking the links in this forum.

Re: Forum has been compromised [Re: lamp] #650575
21/10/18 07:22 PM
21/10/18 07:22 PM
Joined: Mar 2003
Posts: 26,935
Canada
Raze Offline

Larian Studios
Raze  Offline

Larian Studios

Joined: Mar 2003
Posts: 26,935
Canada

EDIT: This is in the process of being fixed...

Last edited by Raze; 21/10/18 08:36 PM.
Re: Forum has been compromised [Re: lamp] #650584
22/10/18 12:34 PM
22/10/18 12:34 PM
Joined: Mar 2003
Posts: 26,935
Canada
Raze Offline

Larian Studios
Raze  Offline

Larian Studios

Joined: Mar 2003
Posts: 26,935
Canada

This should be fixed now. Please report any further issues.

Re: Forum has been compromised [Re: lamp] #650585
22/10/18 02:12 PM
22/10/18 02:12 PM
Joined: Dec 2003
Posts: 843
Krynn
ForkTong Offline

old hand
ForkTong  Offline

old hand

Joined: Dec 2003
Posts: 843
Krynn
Removed the bad guys. Updated larian.com site engine and plugins. Upgraded forum software to 7.6.2 as well. Sorry for taking so long.


Tweeting @forktong

Moderated by  Dom_Larian, Larian_QA, Lar_q, Lynn, Macbeth, Raze 

Powered by UBB.threads™ PHP Forum Software 7.6.2