Important: Malware script on RatSkep

Please read...

Check here for news about the site.

Moderators: LIFE, kiore

Important: Malware script on RatSkep

#1  Postby LIFE » Sep 26, 2012 8:58 am

Bad news everyone,

RatSkep has been the victim of a malicious script injection (simply put: a kind of virus) which was loaded with the site content.

I have removed all such script signs so the site is completely clean again, on the server at least.

However, have yet to find the loophole and how it eventually got through.

I cannot say for sure how much damage has been done or if the script actually has been loaded onto your machine, so please make sure to run your preferred anti-virus software and let it do a full scan on your machine, just to be sure.

Once I have more information I'll post it here.
"If you think education is expensive, try the cost of ignorance" - Derek Bok
"Words that make questions may not be questions at all" - Neil deGrasse Tyson
User avatar
LIFE
Site Admin
THREAD STARTER
 
Name: Bernhard
Posts: 7152
Age: 36
Male

Country: Germany
Germany (de)
Print view this post

Ads by Google


Re: Important: Malware script on RatSkep

#2  Postby Scot Dutchy » Sep 26, 2012 9:02 am

Cheers Bernhard.

Do you know the source?
Myths in islam Women and islam Musilm opinion polls


"Religion is excellent stuff for keeping common people quiet.” — Napoleon Bonaparte
User avatar
Scot Dutchy
 
Posts: 38176
Age: 68
Male

Country: Nederland
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#3  Postby byofrcs » Sep 26, 2012 9:15 am

bugger - the antivirus people have marked ratskep as malware site - AVG first to do this. You generally only have a very small window to shut your site from internet traffic to stop this happening.

oh well.
In America the battle is between common cents distorted by profits and common sense distorted by prophets.
User avatar
byofrcs
RS Donator
 
Name: Lincoln Phipps
Posts: 7906
Age: 53
Male

Country: Tax, sleep, identity ?
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#4  Postby Globe » Sep 26, 2012 9:18 am

Yep.... AVG blocked all access to the forum from my computer.
I can access now, but with a stern warning each time.
"Justice will be served!
As soon as I can find you a piece that hasn't gone rotten." - Globe

I don't accept sexism, no matter what gender is being targeted with an -ism.
User avatar
Globe
 
Posts: 6659
Age: 49
Female

Country: Spain NOT Denmark
Spain (es)
Print view this post

Re: Important: Malware script on RatSkep

#5  Postby Darwinsbulldog » Sep 26, 2012 9:18 am

Thank you Bernhard. AFA forums is down too, but not Talk Rats.
Jayjay4547 wrote:
"When an animal carries a “branch” around as a defensive weapon, that branch is under natural selection".
Darwinsbulldog
 
Posts: 7440
Age: 62

Print view this post

Re: Important: Malware script on RatSkep

#6  Postby LIFE » Sep 26, 2012 9:27 am

byofrcs wrote:bugger - the antivirus people have marked ratskep as malware site - AVG first to do this. You generally only have a very small window to shut your site from internet traffic to stop this happening.

oh well.


Globe wrote:Yep.... AVG blocked all access to the forum from my computer.
I can access now, but with a stern warning each time.


In the case of AVG you can use this link to unblock RatSkep:
http://www.avg.com/eu-en/page-rating-report

This will make sure we aren't blacklisted anymore, I have removed and fixed all scripts,
in case the want to check the site is 100% clean again.
"If you think education is expensive, try the cost of ignorance" - Derek Bok
"Words that make questions may not be questions at all" - Neil deGrasse Tyson
User avatar
LIFE
Site Admin
THREAD STARTER
 
Name: Bernhard
Posts: 7152
Age: 36
Male

Country: Germany
Germany (de)
Print view this post

Re: Important: Malware script on RatSkep

#7  Postby byofrcs » Sep 26, 2012 9:30 am

Bernhard, you have to indicate you have found the vector and that has been shut - obviously don't have to say what the vector was - before we can report false positive.
In America the battle is between common cents distorted by profits and common sense distorted by prophets.
User avatar
byofrcs
RS Donator
 
Name: Lincoln Phipps
Posts: 7906
Age: 53
Male

Country: Tax, sleep, identity ?
European Union (eur)
Print view this post

Ads by Google


Re: Important: Malware script on RatSkep

#8  Postby Globe » Sep 26, 2012 9:31 am

LIFE wrote:
byofrcs wrote:bugger - the antivirus people have marked ratskep as malware site - AVG first to do this. You generally only have a very small window to shut your site from internet traffic to stop this happening.

oh well.


Globe wrote:Yep.... AVG blocked all access to the forum from my computer.
I can access now, but with a stern warning each time.


In the case of AVG you can use this link to unblock RatSkep:
http://www.avg.com/eu-en/page-rating-report

This will make sure we aren't blacklisted anymore, I have removed and fixed all scripts,
in case the want to check the site is 100% clean again.

Thanks.... Done. :thumbup: :)
"Justice will be served!
As soon as I can find you a piece that hasn't gone rotten." - Globe

I don't accept sexism, no matter what gender is being targeted with an -ism.
User avatar
Globe
 
Posts: 6659
Age: 49
Female

Country: Spain NOT Denmark
Spain (es)
Print view this post

Re: Important: Malware script on RatSkep

#9  Postby LIFE » Sep 26, 2012 9:38 am

byofrcs wrote:Bernhard, you have to indicate you have found the vector and that has been shut - obviously don't have to say what the vector was - before we can report false positive.


If you report to AVG or elsewhere they will do a final double-check themselves before removing us from the blacklist.
As it stands now I have removed any malicious content and changed all access points, so we're safe, for now :shifty:
"If you think education is expensive, try the cost of ignorance" - Derek Bok
"Words that make questions may not be questions at all" - Neil deGrasse Tyson
User avatar
LIFE
Site Admin
THREAD STARTER
 
Name: Bernhard
Posts: 7152
Age: 36
Male

Country: Germany
Germany (de)
Print view this post

Re: Important: Malware script on RatSkep

#10  Postby LIFE » Sep 26, 2012 9:41 am

This scan shows a clean result:
http://sitecheck.sucuri.net/results/www ... ticism.org

So far seems we've not been blacklisted just yet, at least on those listed there (incl Google etc)
"If you think education is expensive, try the cost of ignorance" - Derek Bok
"Words that make questions may not be questions at all" - Neil deGrasse Tyson
User avatar
LIFE
Site Admin
THREAD STARTER
 
Name: Bernhard
Posts: 7152
Age: 36
Male

Country: Germany
Germany (de)
Print view this post

Re: Important: Malware script on RatSkep

#11  Postby SpeedOfSound » Sep 26, 2012 9:41 am

LIFE wrote:Bad news everyone,

RatSkep has been the victim of a malicious script injection (simply put: a kind of virus) which was loaded with the site content.

I have removed all such script signs so the site is completely clean again, on the server at least.

However, have yet to find the loophole and how it eventually got through.

I cannot say for sure how much damage has been done or if the script actually has been loaded onto your machine, so please make sure to run your preferred anti-virus software and let it do a full scan on your machine, just to be sure.

Once I have more information I'll post it here.

My Avast antivirus caught it right away. It's all better now.
: JS:Redirector-AAA [Trj]
is what I got.
"Daddy, why did god make YEC's?"
User avatar
SpeedOfSound
RS Donator
 
Posts: 31944
Age: 66
Male

Kyrgyzstan (kg)
Print view this post

Re: Important: Malware script on RatSkep

#12  Postby Scarlett » Sep 26, 2012 9:42 am

Thanks LIFE :)

Can someone just clarify for a simpleton? Earlier, when the site went all funny I got a message from AVG at the top of my page saying they had blocked harmful stuff, does that mean I'll be ok? I logged out, then logged back in, it appeared to be fine then, no messages or funny stuff. :?
"The stupid bitch"

" ..the Scottish bitch.."

" Too much PC and stupid women."

"..Paula (who still thinks she is the forum pin-up)."


Prize for guessing who? :naughty2:
User avatar
Scarlett
 
Posts: 16046
Female

Scotland (ss)
Print view this post

Re: Important: Malware script on RatSkep

#13  Postby Clive Durdle » Sep 26, 2012 9:43 am

Macs?
"We cannot slaughter each other out of the human impasse"
Clive Durdle
 
Name: Clive Durdle
Posts: 4809

Country: UK
United Kingdom (uk)
Print view this post

Re: Important: Malware script on RatSkep

#14  Postby Scarlett » Sep 26, 2012 9:44 am

Also, is this something that's just been done to us? Is it a person or persons trying to fuck us over or is it more general? I don't understand.
"The stupid bitch"

" ..the Scottish bitch.."

" Too much PC and stupid women."

"..Paula (who still thinks she is the forum pin-up)."


Prize for guessing who? :naughty2:
User avatar
Scarlett
 
Posts: 16046
Female

Scotland (ss)
Print view this post

Re: Important: Malware script on RatSkep

#15  Postby Aern Rakesh » Sep 26, 2012 9:52 am

Clive Durdle wrote:Macs?


I wasn't blocked, I just couldn't get in. But now I don't have a problem, and I've tried via both Firefox and Safari.

I use Intego and that hasn't sent me any warnings or alarms, but I've just updated the virus defs and will do a full scan...
Image
User avatar
Aern Rakesh
RS Donator
 
Posts: 13582
Age: 68
Female

Country: UK (London)
United States (us)
Print view this post

Ads by Google


Re: Important: Malware script on RatSkep

#16  Postby angelo » Sep 26, 2012 10:03 am

Many thanks. I restored my pc thinking an update that was installed last thing last night may have been the culprit. Now I will have to download the update as it's vital.
Just did a complete scan, I'm all clear.
User avatar
angelo
 
Posts: 22479
Age: 69
Male

Country: Australia
Australia (au)
Print view this post

Re: Important: Malware script on RatSkep

#17  Postby Made of Stars » Sep 26, 2012 10:05 am

If we tried to log in during the pwnage, should we change passwords?

Addit: Done it anyway - UCP > Profile > Edit account settings
Made of Stars, by Neil deGrasse Tyson and zenpencils

“Be humble for you are made of earth. Be noble for you are made of stars” - Serbian proverb
User avatar
Made of Stars
RS Donator
 
Name: Call me Coco
Posts: 9750
Age: 49
Male

Country: Girt by sea
Australia (au)
Print view this post

Re: Important: Malware script on RatSkep

#18  Postby byofrcs » Sep 26, 2012 10:22 am

Made of Stars wrote:If we tried to log in during the pwnage, should we change passwords?


Technically.... yes if it is simple. Also if you use this SAME password on other forums or social sites with the SAME email then change them EVERYWHERE.

Why ? With ability to change site files the hackor will have downloaded the mysql access password and will have got the user table which has the user passwords as md5 hashes. They are not salted so they can do a dictionary attack and look at rainbow tables and work out your passwords if these are simple.

With a list of emails and some passwords they can then try out other social sites to see if they get bites.

Winrar.
In America the battle is between common cents distorted by profits and common sense distorted by prophets.
User avatar
byofrcs
RS Donator
 
Name: Lincoln Phipps
Posts: 7906
Age: 53
Male

Country: Tax, sleep, identity ?
European Union (eur)
Print view this post

Re: Important: Malware script on RatSkep

#19  Postby angelo » Sep 26, 2012 10:26 am

Made of Stars wrote:If we tried to log in during the pwnage, should we change passwords?

Addit: Done it anyway - UCP > Profile > Edit account settings

Wouldn't it be a little late for that? Especially to those of us who use the same p/word on various internet log ins. :scratch:
User avatar
angelo
 
Posts: 22479
Age: 69
Male

Country: Australia
Australia (au)
Print view this post

Re: Important: Malware script on RatSkep

#20  Postby Darkchilde » Sep 26, 2012 10:27 am

I use different email addresses but the same password or a variation of the same password. There have been times when I have had to try 5 or 6 different email addresses to get on to a site...
User avatar
Darkchilde
RS Donator
 
Posts: 9015
Age: 48
Female

Country: United Kingdom
United Kingdom (uk)
Print view this post

Next

Return to Announcements

Who is online

Users viewing this topic: No registered users and 1 guest