Larian Studios
Posted By: lamp Forum has been compromised - 17/10/18 08:38 PM
Hello your forums are compromised.

http://larian.com/forums/images/icons/default/exclamation.gif

This file in particular.

****************** Sophos Anti-Virus Log - 10/17/2018 8:37:30 PM **************


20181017 203349 Blocked web request to "larian.com/forums/images/icons/default/exclamation.gif" (linked from "larian.com/forums/ubbthreads.php") for user 'Mal/HTMLGen-A' has been found at this website, reference ID 98185450.
20181017 203520 Blocked web request to "larian.com/forums/images/icons/default/exclamation.gif" for user . 'Mal/HTMLGen-A' has been found at this website, reference ID 98185450.
20181017 203625 Blocked web request to "larian.com/forums/images/icons/default/exclamation.gif" (linked from "larian.com/forums/ubbthreads.php") for user 'Mal/HTMLGen-A' has been found at this website, reference ID 98185450.
(11 items)
Posted By: DuchessOfKvetch Re: Forum has been compromised - 18/10/18 05:24 PM
I got a popup today taking me to one of those "You've won a free gift card!" pages.

Not sure if it's this site as you mention, or another site that might have a bad embedded advert.
Posted By: LaughingLeader Re: Forum has been compromised - 18/10/18 10:09 PM
I had the same issue a few minutes ago, when middle-clicking anywhere on the side:

[Linked Image]

Seems it's all cleared up now though?
Posted By: DuchessOfKvetch Re: Forum has been compromised - 18/10/18 10:19 PM
Larian, pay your forum admin so they can update UBB software to remove the XSS vulnerabilities, plz.

AND MAYBE BUY A DAMNED HTTPS CERTIFICATE. It's 2018, no one should be running an insecure website, least of all a major software company.
Posted By: vometia Re: Forum has been compromised - 19/10/18 11:54 AM
There's also a potential problem with a dubious-looking script; last I heard it was being looked into but I'm afraid not having admin privileges I can't do anything about it myself. frown I would recommend everybody uses NoScript if they don't already though.
Posted By: E. R-C. A. Re: Forum has been compromised - 19/10/18 11:40 PM
Hello, I just opened the forum and got that popup, so I don't think it's been fixed.
Posted By: Stabbey Re: Forum has been compromised - 20/10/18 12:24 PM
Originally Posted by DuchessOfKvetch
I got a popup today taking me to one of those "You've won a free gift card!" pages.

Not sure if it's this site as you mention, or another site that might have a bad embedded advert.


Yep, I got something like that when clicking on a "go to last post button". It started doing a redirect to some site so I closed it immediately. The malicious address is gs.artltoken

Logging out of the forum until this is fixed.
Posted By: Core One Re: Forum has been compromised - 20/10/18 02:29 PM
Looks like the web site or forum had problem. I was redirected to another website for about three times after clicking the links in this forum.
Posted By: Raze Re: Forum has been compromised - 21/10/18 07:22 PM

EDIT: This is in the process of being fixed...
Posted By: Raze Re: Forum has been compromised - 22/10/18 12:34 PM

This should be fixed now. Please report any further issues.
Posted By: ForkTong Re: Forum has been compromised - 22/10/18 02:12 PM
Removed the bad guys. Updated larian.com site engine and plugins. Upgraded forum software to 7.6.2 as well. Sorry for taking so long.
© Larian Studios forums