Planet Cyrene: unable to visit cyrene forum

Xandra · Jul 9, 2012

Hi,

seems CyreneForum had an unpleasant guest. And made it to the Google Safe Browsing Blacklist even ;-)

Did a quick investigate, found this: ZScaler
(might contain helpful info)

Hard to tell what happened without further info, but since Lykke mentioned a spammer it could have been something like this:
Klick me - Xandra killing a Boorum - NEKKID!
(is safe, I promise!)

A link pointing to a site that would run malicious code, hidden in a spam post. Since it seems that the attack then works via JavaScript, there's an easy way to avoid such an attack: Disable JavaScript ;-)

OK, not really practicable ... Next best guess would be to use an AddOn like "NoScript" (for FireFox) or similar for other browsers - they'd disallow reliably the execution of code coming from unknown sites.
(highly recommended anyways!)

For now, I have removed CF from the NoScript WhiteList temporally, still works. And so:

Lykke - Cyrene said: ↑

There should be nothing to worry about.
Click to expand...

Google Safe Browsing says that last find was 07-07, and last visit was 07-08, so CF should be clean meanwhile. But the bad gurlz/ boiz might come back ...

Such can happen everywhere, every time at every site that allows user generated content. It's very simple to do, and you'll find it all over the place. But unfortunately, those buggers still find their victims that click anything that isn't up the tree when counted to three ...

As long as the attack didn't use code injection to the actual site, the site owners are not to blame, they cannot monitor any post 24/7, right?

So better use a tool to protect yourself - Google Safe Browsing is a great help, but is quite slow. Better have a tool that just monitors your browsing and blocks hidden accesses to shady sites, invisible iFrames, and code execution from there.
And if there's no such reliable tool for your browser, get yourself a better one ;-)

Have fun!

Lykke TheNun · Jul 9, 2012

Xandra said: ↑

Hi,

seems CyreneForum had an unpleasant guest. And made it to the Google Safe Browsing Blacklist even ;-)

Did a quick investigate, found this: ZScaler
(might contain helpful info)

Hard to tell what happened without further info, but since Lykke mentioned a spammer it could have been something like this:
Klick me - Xandra killing a Boorum - NEKKID!
(is safe, I promise!)

A link pointing to a site that would run malicious code, hidden in a spam post. Since it seems that the attack then works via JavaScript, there's an easy way to avoid such an attack: Disable JavaScript ;-)

OK, not really practicable ... Next best guess would be to use an AddOn like "NoScript" (for FireFox) or similar for other browsers - they'd disallow reliably the execution of code coming from unknown sites.
(highly recommended anyways!)

For now, I have removed CF from the NoScript WhiteList temporally, still works. And so:

Google Safe Browsing says that last find was 07-07, and last visit was 07-08, so CF should be clean meanwhile. But the bad gurlz/ boiz might come back ...

Such can happen everywhere, every time at every site that allows user generated content. It's very simple to do, and you'll find it all over the place. But unfortunately, those buggers still find their victims that click anything that isn't up the tree when counted to three ...

As long as the attack didn't use code injection to the actual site, the site owners are not to blame, they cannot monitor any post 24/7, right?

So better use a tool to protect yourself - Google Safe Browsing is a great help, but is quite slow. Better have a tool that just monitors your browsing and blocks hidden accesses to shady sites, invisible iFrames, and code execution from there.
And if there's no such reliable tool for your browser, get yourself a better one ;-)

Have fun!
Click to expand...

Thank you Xandra :) I'm sure Peter will see this

Lone Wolf McQuaid · Jul 9, 2012

GeorgeSkywalker said: ↑

That's because IE doesn't always pick up errors. We know for a fact there were some issues with cyreneforum before but now it's probably fixed.

I would suggest you run a throrough virus check on both your hard drives. The likelyhood of either or both being compromised is high.
Click to expand...

I took your suggestion and did not 1 but 3 full scans on both my HDD no infections found Thanks :)

Lykke TheNun · Jul 9, 2012

Just a quick update, that we heard today from several users of the forum that the warning seems to be gone now.

NotAdmin · Jul 10, 2012

starfinder said: ↑

Why not change the signup/login page to something "not standard" so the bots wont know how to signup/login?... This is the issue with these "standard website" systems... they are infested with bots... :(
Click to expand...

It had nothing to do with bots, but thanks for your input.

NotAdmin · Jul 10, 2012

Xandra said: ↑

Did a quick investigate, found this: ZScaler
Click to expand...

Thanks. That did help. The infection was gone already, but at least now I know how they got in.

Log in / Register

Forums

Planet Cyrene: unable to visit cyrene forum

Xandra

Lykke TheNun Lootius bless you all!

Lone Wolf McQuaid

Lykke TheNun Lootius bless you all!

NotAdmin Administrator

NotAdmin Administrator

Log in / Register

Useful Searches

Planet Cyrene: unable to visit cyrene forum

Xandra

Lykke TheNun Lootius bless you all!

Lone Wolf McQuaid

Lykke TheNun Lootius bless you all!

NotAdmin Administrator

NotAdmin Administrator