Jump to content
  • Advertisement
Sign in to follow this  
Endurion

HTML Script Virus Warning

This topic is 4462 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Quote:
Original post by Oluseyi
Quote:
Original post by dmail
Erm how about taking the site down and removing this crap, rather than distributing it?? Leaving the site up when you know it has these problems makes you just as bad as the writer of the malicious code.

I have to disagree. Further, I have to point out that we have curtailed the malicious code previously, but experienced adverse interactions with other site software. Even further, we have now taken extensive steps to correct not only the vulnerability but also other configuration issues. There will be some minor breakages (images not fully loading here and there) as caches are repopulated, etc, but we're managing to do so without taking the site down.

You, as an individual, may think it is okay for the site to go down. Our audience, in aggregate, however, does not. That audience includes people who are paying for a subscription service, such as GDNet+, or companies that pay to advertise products and jobs. Downtime is an absolute worst-case scenario, and we want to avoid it if at all possible.


Excellent keep on spreading malicious code then, rather than taking your users and advertisers into consideration. I realise downtime is a last resort but you have a problem and are spreading it, infecting just one machine and personally I think you have kept the site up too long. Infect an advertisers machine and you loose money and respect ...

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by dmail
Excellent keep on spreading malicious code then, rather than taking your users and advertisers into consideration. I realise downtime is a last resort but you have a problem and are spreading it, infecting just one machine and personally I think you have kept the site up too long. Infect an advertisers machine and you loose money and respect ...

We're damned if we do and damned if we don't. If we take the site down, we'll take flak and get hate mail anyway.

The site's staying up, unless we discover something truly catastrophic.

Share this post


Link to post
Share on other sites
I'm sorry, I have to agree with dmail here and I have a really hard time understanding your position to leave your site up while it was compromised.

You should have at least put a sticky message on your front page stating that your website does NOT require those ActiveX controls and tell users to not install them. Instead, you consciously chose to keep your hacked site up and as a result there is no telling how many visitors to your website actually installed that malware. You justified this decision by saying that you were working on the problem and that people would complain about the website being down while it was cleansed.

Think about it for a moment. You've done the equivalent of sending your kid to school, knowing he had a communicable disease, but justify it because you're giving him antibiotics at home each night.

Kudos to you for fixing the problem, however the damage is done. At this point do you think it's too much to ask that a message be posted on the front page about this and what you've done to prevent it from happening in the future? Perhaps with details on how to remove this particular strain of malware for the people that did install those controls?

I love this website and I'll admit that I was pretty grumpy when it was down for while a month or so ago, but I certainly understand shutting down the site while malware is being removed. I'd really be surprised if most of your users wouldn't also be sympathetic to this course of action if you'd just do a better job of communicating what is happening.

Share this post


Link to post
Share on other sites
About the lack of communication, I'd like to publicly assume a part of the responsability - I thought about posting a news on the frontpage to warn our users about that, and I completely forget the problem.

Next time I'll be less dumb (while hppping that such "next time" will never take place).

Again, sorry for the lack of information. Hope you'll forgive me.

Share this post


Link to post
Share on other sites
So, just to clarify, how exactly did this thing comprimise the GDNet server? Is it injecting some html in place of an ad? Its odd - I haven't gotten any warnings, or prompts to install or run any ActiveX controls (and I use IE7).

Share this post


Link to post
Share on other sites
Quote:
Original post by Moe
So, just to clarify, how exactly did this thing comprimise the GDNet server? Is it injecting some html in place of an ad? Its odd - I haven't gotten any warnings, or prompts to install or run any ActiveX controls (and I use IE7).


I'd rather not discuss the attack vector at this time. If you think about it for a bit, I'm sure you'll figure out why.

Share this post


Link to post
Share on other sites
Is that because you've *still* not patched your machine, or is that because you've infected machines belonging to your users and you'd rather those users were not provided with information about the damage you have done?

Disgraceful.

Share this post


Link to post
Share on other sites
Quote:
Original post by alun
Is that because you've *still* not patched your machine, or is that because you've infected machines belonging to your users and you'd rather those users were not provided with information about the damage you have done?

Disgraceful.


This virus has potentially infected two of my computers now, being that I viewed GDnet from two different computers during the time that the virus/trojan/whatever was trying to be downloaded. I am using IE7 on one of these comps, and IE6 on the other, and am one of the most likely people to be hit with this virus. I've followed the advice of the staff in blocking the offending sites, the staff claim to now have gotten the infiltration under control, and they state that they are doing their best to upgrade security measures while keeping the users in mind by trying to avoid taking the site offline.

And you know what? I have to echo your words: Disgraceful.

It's disgraceful that people are acting so childish instead of trying to help solve the issue.
It's disgraceful that the staff is getting so little support during this incident.
It's disgraceful that people are all but ignoring the fact that the staff is sacrificing their time, social life, and perhaps family, to fix this issue, just so you can use these forums instead of inconveniencing yourself by searching the web.
And it is certainly most disgraceful that people are insulting the very staff who are trying to fix the problem.

Grow up people. 'Oh teh noes, teh evil staff wont tell me how to attack GDnet' Why not take the steps outlined by evolutional to protect against the problem, and if you are so scared you are infected, run a bloody virus scan! You really need people to tell you this?

GDnet has made my goal of learning programming insanely easier, I'm not about to turn around and spit on them the second something goes wrong. I've spent almost two years using the valuable resources these people gathered to ease my pain of programming, I've bombarded them with coding questions time after time. If I get infected with a small bug or two, even if it takes me weeks to get it off my computer, I think it's a very small price to pay, after the two years of pain-free help GDnet has given me. I probably would have given up programming long ago if it hadn't been for GDnet.

[Edit:] Just to clarify, I have not been infected. As soon as I realized something was wrong with GDnet, I upped my security settings. If you feel you have been affected, you can go to Panda Software and click the 'Free online virus scan' link in the upper-right corner.

[Edited by - Servant of the Lord on March 31, 2007 3:58:03 PM]

Share this post


Link to post
Share on other sites
Quote:
Original post by alun
Is that because you've *still* not patched your machine, or is that because you've infected machines belonging to your users and you'd rather those users were not provided with information about the damage you have done?

Disgraceful.


To echo Servant of the Lord's words, but to make it shorter: what you imply is utterly unfair and hurting. It's not like superpig just watched around and said "lol! have fun, usarz!". It's not like nobody on the operational team was not concerned by this affair. It's not like noone tryed to solve the problem as fast as possible.

Now what? Do we have to publicly reveal the attack vector? How will that make you more satisfied? No. The forum software is a proprietary software, you don't run it (you just use the interface it creates), so you have no interest at all in knowing this information.

I already apologize for the lack of information, now the problem is fixed, what do you want more? Get your money back? Just send me your paypal email, and I will forward you the 0.00$ you lost because of this issue.

Share this post


Link to post
Share on other sites
Quote:
Original post by Emmanuel Deloget
To echo Servant of the Lord's words, but to make it shorter: what you imply is utterly unfair and hurting. It's not like superpig just watched around and said "lol! have fun, usarz!". It's not like nobody on the operational team was not concerned by this affair. It's not like noone tryed to solve the problem as fast as possible.

If GD wanted to solve the problem, they could have pulled their server.
Instead, you choose to keep your server online and attack every machine that connected to it, because you might make some cash out of advertising. This is:
a) Disgraceful,
b) Technically Illegal.

I come here because I learned to program on UseNet and feel I should 'give something back'. I don't expect your machine to attack me, particularly after you've been notified about those attacks.

Quote:
Original post by Emmanuel Deloget
Now what? Do we have to publicly reveal the attack vector?

I'd like you (after you've patched your server) to be clear and open about what happened. It would also be nice if somebody from GD actually apologised.

Quote:
Original post by Emmanuel Deloget
I already apologize for the lack of information, now the problem is fixed, what do you want more? Get your money back? Just send me your paypal email, and I will forward you the 0.00$ you lost because of this issue.

I lost about $600 worth of time as a result of this. Are you sure you want to talk money, or would it be better to apologise? (For choosing to illegally keep your server online, attacking computers, when you knew that it was infected - the lack of information is a less serious matter)
And how about keeping your server secure and making sure that this doesn't happen again?

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

GameDev.net is your game development community. Create an account for your GameDev Portfolio and participate in the largest developer community in the games industry.

Sign me up!