Welcome to Doom9's Forum, THE in-place to be for everyone interested in DVD conversion. Before you start posting please read the forum rules. By posting to this forum you agree to abide by the rules. |
23rd February 2019, 23:40 | #1 | Link |
Moderator
Join Date: Nov 2001
Location: Netherlands
Posts: 6,364
|
Forum hacked
There was a thread in the subsection indicating that the forum is hacked (script stealing passwords and things like that). The thread is gone for some reason. So better not to log in and wait for an announcement of the administators on this matter.
In any case if you logged in yesterday, you should change your password. Last edited by Wilbert; 24th February 2019 at 01:12. |
23rd February 2019, 23:52 | #3 | Link |
Formerly davidh*****
Join Date: Jan 2004
Posts: 2,496
|
Well that's just even more extremely suspicious, and suggestive of continuing abuse of a mod's login.
The announcement posted by tebasuna51's account, which appears to be an attempt at injecting a password-stealing script (and which breaks forum indexes), and which prompted the now-deleted thread, has recently been edited to say "maintenance" instead of "test". It still contains the attempt at injecting the malicious script, although this is likely to fail in most, if not all, reasonably modern browsers. The text of the announement now reads "We are working on the indexing issues now and doing basic maintenance". Seems pretty clear that tebasuna51's account has been compromised. He did still post normally once, earlier tonight, after the announcement was first posted, suggesting his password hasn't been changed and that he wasn't aware of anything at that time. I've PM'd him along with a few other mods (including Doom9 and Swede). I take it you can't take the forum offline, Wilbert? Or post an announcement to push the dodgy one off? --------- It's also possible that more basic access has been gained by someone, in order to subvert the code and inject the script attempt into the announcements, which are then genuine. But if that was the case I would hope that tebasuna51, or whoever is doing the announced "basic maintenance", would have taken the forum offline. Last edited by wonkey_monkey; 24th February 2019 at 00:01. |
24th February 2019, 00:20 | #4 | Link | ||
Moderator
Join Date: Nov 2001
Location: Netherlands
Posts: 6,364
|
Quote:
Quote:
|
||
24th February 2019, 00:25 | #5 | Link |
Formerly davidh*****
Join Date: Jan 2004
Posts: 2,496
|
Cool, that has fixed the forum index problem for now and removes the immediate threat (which as I say, is unlikely to hurt anyone unless they're using a very old browser). Unfortunately it may reoccur until we know that tebasuna51's account is secure.
|
24th February 2019, 01:17 | #10 | Link |
Moderator
Join Date: Nov 2001
Location: Netherlands
Posts: 6,364
|
Damn, i'm not authorized to ban him because he is not a normal user ;(
edit: I striked him a few times. Now his account is suspended. Apologies tebasuna51!! Last edited by Wilbert; 24th February 2019 at 01:31. |
24th February 2019, 01:58 | #12 | Link |
Registered User
Join Date: Dec 2002
Posts: 5,565
|
First thing you should do if you have the same password on other sites is to go to those other websites and change the passwords there (one unique password per site). This is especially true for important stuff like e-mail accounts (gateway to almost all other websites because of the "password forgotten" feature), banking, paypal, ebay etc.
Since this isn't the first doom9 incident I would treat doom9 as kinda "open", i.e. assume everything you type here (passwords, e-mail-address, private messages) is open to others. Don't re-use the same password for multiple websites. |
24th February 2019, 02:59 | #14 | Link | |
Broadcast Encoder
Join Date: Nov 2013
Location: Royal Borough of Kensington & Chelsea, UK
Posts: 2,904
|
I noticed that the Indexing wasn't working, so I started using the manual search and I even replied to a topic.
I thought it was some sort of maintenance until I saw this. Anyway, it's sad to see that there are people who are willing to hack this community to get a few quids from PayPal or God knows what. I consider Doom9 as the "StackOverflow" of the encoding and it's really sad to see a programmer damaging a forum that helps programmers... Quote:
I'm just wondering, 'cause I did browse the forum while it was infected, but I was using Chrome 72, however I'm pretty sure that there are people using older browsers. |
|
24th February 2019, 09:49 | #15 | Link | |
Angel of Night
Join Date: Nov 2004
Location: Tangled in the silks
Posts: 9,559
|
Quote:
I saw things earlier, and I didn't even want to log in. Now I see it's a very specific, very broken script kiddie hack, I shouldn't have worried. |
|
24th February 2019, 09:58 | #16 | Link |
Registered User
Join Date: Dec 2002
Posts: 5,565
|
Was the script even running in any browser? It looked like the <script> tag wasn't closed correctly or something like that. I guess the forum's HTML filter worked almost correctly and he didn't find any way to make it work (it shouldn't break the list of threads so there seems to still be some error). And it seemed that at least from my PC the external .js wasn't even reachable. So I agree that this time probably nothing really happened, no passwords stolen etc.
I hope the admins can kinda limit mod rights to not let this happen again so easily, e.g. no global announcements. And revoke mod rights of mods no longer active. |
24th February 2019, 11:11 | #17 | Link |
Moderator
Join Date: Nov 2001
Location: Netherlands
Posts: 6,364
|
Bummer. Somehow he changed the announcement after i suspended him ?????? That's not good. I removed his again. I don't even understand how this is possible.
Last edited by Wilbert; 24th February 2019 at 11:17. |
24th February 2019, 11:23 | #20 | Link |
SuperVirus
Join Date: Jun 2012
Location: Antarctic Japan
Posts: 1,351
|
Being listed as a currently active user is 'normal'. A temporary suspension doesn't stop a user from logging in. Some minutes ago, vBulletin said tebasuna51 was *private messaging*. This is what should not be happening at all.
|
|
|