Jump to content

Intrusion attempt while forums were loading.

Vagrant0

By Vagrant0
in Site Support

Recommended Posts

Vagrant0 Grand Master

Vagrant0

Posted
Posted

When loading the main page, my antivirus detected a threat from a forced download.

 

originated from eyecstudio.com 74.220.207.77

url : eyecstudio.com/magento/media/import/backup/pdf.php?f=all

 

 

At the time I had just recently started my browser, was moving from my own forums over at Infisionfree to the forums here, and was loading up windows live (did not log in). My computer has been on for atleast the last 36 hours, so this was likely the result of one of those things being used. Browser used is firefox.

Link to comment
Share on other sites
Arthmoor Grand Master

Arthmoor

Posted
Posted
Confirmed, I hit this just now while trying to load the index page. It forced open a PDF file with a random useless string. No apparent damage but certainly not expected. Same URL.
Link to comment
Share on other sites
xxXEvandarXxx Experienced

xxXEvandarXxx

Posted
Posted

I just got the same thing. A couple of minutes earlier whe I tried to access the forums, I just got an error message that said I could not connect to the website. Dunno if it has anything to do with that, just thought that I should mention it.

 

Edit: I just searched for 'eyecstudio.com' at Google, and one of the pages showed this ( did not click the link, this is only what Google showed:

Zone-H.org - Unrestricted Information - Digital Attacks Archive ...

2008/12/16, SystemHack, H, labs.eyecstudio.com, Linux, View Mirror. 2008/12/16, SystemHack · M · eyecstudio.com/content, Linux, View Mirror ...

www.zone-h.org/component/option,com_attacks/Itemid,43/filter_defacer,SystemHack/ - 73k -

Looks strange...

Link to comment
Share on other sites
Dark0ne Grand Master

Dark0ne

Posted
Posted
I've temporarily fixed this issue, but Friday nights aren't a good time for me (in the middle of a house party for a friend!) and I haven't been able to patch the underlying issue that's caused this. It's an SQL injection caused by some insecurity in the forum code. If you notice it again before I can get the problem patched let me know...it's easy to remove.
Link to comment
Share on other sites
LHammonds Grand Master

LHammonds

Posted
Posted
It's an SQL injection caused by some insecurity in the forum code.
I hope the newer version actually fixes the security issue. We are not very far behind on updates though.

 

EDIT (3/9/2009): We are currently on the newest release of the IP.Boards and the hole is now closed.

 

LHammonds

Link to comment
Share on other sites
overload1977 Mentor

overload1977

Posted
Posted

its back i`m afraid

 

New dangerous malware JS:Packed-AB [Trj] detected had to a abort loading up nexus forums did i scan nothing my side

why do people make virus ............ :wallbash:

 

Jan 18th - On Friday January 16th, a large number of websites worldwide became the focus of a targeted attack. A malicious script was added to the attacked pages, which redirects visitors to malicious servers operated by the attackers and results in the the users' computers becoming infected. This malicious script is detected by avast! as JS:Packed-AB [Trj].

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...