Author |
Message |
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
Posts: 24869
|
So the site's primary FTP account, which contains Haddox, the Wiki, the main site, GAR, Lemon Party, Live Snake Insertions, and a few other random subdomains was hacked last night. Someone injected a script redirect to fake virus scan (scanner-free.com) into the main pages of all subdomains on the FTP, as well as many popular pages on the main site.
This is the second time this has happened. Last time, only index.htm and index.php pages were target.
To help prevent this from I have moved all the non-updating subdomains to other FTP accounts, and changed all my FTP passwords.
However, I still need help. Last time this happened, it was easy to find all the modified pages. I simply went into the FTP, and looked for pages that had been modified in the last few hours, and changed them back. This time, it's not that simple. Whatever they did, they did it in such a way that the pages don't show up as being recently modified. So I am not sure I got every page. Also, my full back-up of the site is 6 months old, so simply copying over the site isn't an option either.
All the main articles are fixed. However, I may have missed some pages. My site structure is a fucking mess. I have some random subpages hidden away in image folders for the articles they accompanied and pages made to go with the news section are all in a giant folder called /blogstuff alomg with a shitload of images.
If any of you have some free time, please go through the articles (making sure you allow pop-ups for this site) and click every link within them. With a few exceptions, they should all bring up either internal images or internal pages. If they bring up a fake virus scan, I need to fix it.
|
|
|
|
|
Rydog
Title: Dragon Slayer
Joined: Aug 11 2009
Location: Massachusetts
Posts: 1511
|
Fuck that explains it. I thought it was my computer. I just ran all my checks and it was okay after that so you must have been fixing it at the same time.
I'll run through a few items.
EDIT: Syd Lexia on Revolution X through Poison Your Mind seem clean.
|
|
|
|
|
username
Title: owner of a lonely heart
Joined: Jul 06 2007
Location: phoenix, az usa
Posts: 16123
|
i got the same thing this morning when i went to the main page (sydlexia.com) but i thought it was just chrome being stupid.
ill check after work
|
Klimbatize wrote: |
I'll eat a turkey sandwich while blowing my load |
|
|
|
|
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
Posts: 24869
|
I thought the same thing this morning, that it was a problem with my computer. Wasted 90 minutes on a virus scan, then realized the truth.
|
|
|
|
|
IceWarm
Joined: Dec 22 2008
Location: Breckenridge, Colorado
Posts: 1691
|
I thought it was on my end too. I got up to go to work and wanted to check some sites and the main page was blocked by Firefox as an attack site. I ran a spywware scanner and nothing came up.
|
"Anybody who ever built an empire, or changed the world, sat where you are now. And it’s because they sat there that they were able to do it."
"Fighting in a basement offers a lot of difficulties, number one being, you're fighting in a basement."
"You're Not So Tough Without Your Veggie!" |
|
|
|
Slayer1
Title: ,,!,, for you know who
Joined: Sep 23 2008
Posts: 4274
|
Same thing happened to me as well. AVG Suspected it was threat so I had to goto the forums link from a saved BM...
Well I checked all the articles and the links inside each of the first page from AYAOTD part six to mega man 3 and they appear to be fine
|
|
|
|
|
username
Title: owner of a lonely heart
Joined: Jul 06 2007
Location: phoenix, az usa
Posts: 16123
|
Slayer1 wrote: |
Same thing happened to me as well. AVG Suspected it was threat so I had to goto the forums link from a saved BM...
Well I checked all the articles and the links inside each of the first page from AYAOTD part six to mega man 3 and they appear to be fine |
i had to google 'sydlexia forums' in order to access those
|
Klimbatize wrote: |
I'll eat a turkey sandwich while blowing my load |
|
|
|
|
Slayer1
Title: ,,!,, for you know who
Joined: Sep 23 2008
Posts: 4274
|
From Alex Kid to Legend of Zelda seems to be all clear...
|
|
|
|
|
Hacker
Banned
Joined: Sep 13 2008
Posts: 3129
|
The maniac mansion article seems fine
|
|
|
|
|
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
Posts: 24869
|
I believe we are in the clear.
|
|
|
|
|
GPFontaine
Joined: Dec 06 2007
Location: Connecticut
Posts: 11244
|
Syd,
Dreamhost has SFTP or FTPS right?
Time to start looking at a more secure option for uploading/editing.
|
|
|
|
|
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
Posts: 24869
|
No idea what those are, but probably.
|
|
|
|
|
GPFontaine
Joined: Dec 06 2007
Location: Connecticut
Posts: 11244
|
Syd Lexia wrote: |
No idea what those are, but probably. |
It lets you transfer files with an encrypted connection.
|
|
|
|
|
Blackout
Title: Captain Oblivious
Joined: Sep 01 2007
Location: That Rainy State
Posts: 10376
|
Is there any way to get back at the culprit?
|
|
|
|
|
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
Posts: 24869
|
I don't know.
The site was redirected to scanner-free.com, so they're the ones in need of punishment.
|
|
|
|
|
Slayer1
Title: ,,!,, for you know who
Joined: Sep 23 2008
Posts: 4274
|
I don't know if this is relevent, but the comparison between NA Monster Party and Japan's Monster Party doesn't load
|
|
|
|
|
Syd Lexia
Site Admin
Title: Pop Culture Junkie
Joined: Jul 30 2005
Location: Wakefield, MA
Posts: 24869
|
|
|
|
|