Hard Light Productions Forums
Site Management => Site Support / Feedback => Topic started by: Dark Hunter on March 19, 2013, 10:39:01 pm
-
Avast is currently freaking out over a JavaScript whenever I access a page on Hard Light.
Gives the name as "JS: Iframe-AHV", and classifies it as a Trojan.
Maybe Avast is being overzealous, but thought you folks should know just in case.
EDIT: Also, only happens on Firefox. Chrome doesn't give the same warning.
-
Anyone else's thread list suddenly gotten HUEG? Using Chrome, by the way.
-
Yes, that too. :p
-
Mine, Firefox. I also get a bar saying that additional plugins are required to view the page.
-
Anyone else's thread list suddenly gotten HUEG? Using Chrome, by the way.
Confirming for Firefox and Chrome.
-
Nope, not a virus. Should be good now
-
Hmm... still getting it when I go to post a message. Otherwise it's gone.
-
Nope, not a virus. Should be good now
What was it?
-
Avast declaring war on Java?
and there was a little side discussion on Java elsewhere :p
-
HLP Mantis being in maintenance mode a result of this or is there actually maintenance going on?
-
Yes, sorry, mantis access is back. Side effect from the backups I restored from.
-
Assuming this was an actual virus infection again, perhaps it would be time to consider scrapping this old server and starting from scratch? This trend is honestly worrisome.
-
Umm, no, not a virus. It was an attack that injected the redirect code into the php files.
And yes, I agree that the server needs to be nuked and repaved with current versions of apache, php, and so on.
However, as we do not have remote console access in case something goes wrong and the OS will not boot, not to mention it's not 'our' machine (HLP and it's hosted sites are not the primary site, nor does it have it's name on the hosting bills/account), it's not that simple, nor is it something that I'm comfortable or willing to do.
That being said, I have made a tweak to the install at a filesystem level. I don't know for sure if it will prevent it, we will have to see, but I'm hopeful that until the server is rebuilt, it will help prevent these things.
-
Anyone else's thread list suddenly gotten HUEG? Using Chrome, by the way.
It's doing that for me now. It wasn't before, I've read this topic before.
-
Avast is giving me warnings again.
-
avast + chrome and no warnings
-
Just wondering if you guys have considered using apache mod_security in front of the HLP websites? At work we used this as a stop-gap measure until we could select & install a "real" web application firewall in front of our websites.
-
Here we go again. Avast just started complaining again.
-
Yup.
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aJS%2fBlacoleRef.CZ&threatid=2147679781
-
Same here but not sure its the same malware my AV is on about as Fury's
Details:
Web-Seite:http://www.hard-light.net/forums/
Gefundene Viren: JS:Trojan.JS.Iframe.DC
-
hmmm. NoScript is telling me that "studentexchanges.org.ua" wants to run some javascript on HLP. How about.... no.
-
Can't even get on hlp without disabling AVG. Firefox on my end. Can also confirmed all the sizes got weird.
-
I'm not seeing any of this stuff, using IE10 (with javascript enabled) and Avast. BitDefender used to give me fits though.
-
Font sizes are weird over here too. Also seeing the same NoScript warning as niffiwan.
EDIT: Firefox here as well.
-
Giant text here.
-
Yeah, giant text here, too, at least for the listing of boards on the main page. FF 19.0.2 on OS X 10.6.
After FF said "Transferring data from studentexchanges.org.ua..." or something similar in the status bar, I instantly got NoScript :nervous: although I haven't gotten the warning that niffiwan and CommanderDJ did.
-
Getting giant text and this warning from ESET: "js/kryptic.aiu troyano" as well.
-
Giant text, some unusual things in NoScript, but no security flags - yet.
-
Nothing wrong here, text or otherwise, while running MSE.
-
Looks like it's fixed now...
Running FF.
-
I'm getting similar. Some huge text, and NoScript picks up that studentexchanges.org.ua thing as well. It's probably our possible virus.
-
Sizes are back to normal and AVG stopped throwing tantrums on my end (Windows 7 / ffox)
-
Clean now and font issue fixed, good work admins :yes:
-
Mine said it was a blackhole exploit kit. It's gone now.
-
And Lorric would win a gold star, if I felt like handing any out.
So, make sure you have NoScript on yer browsers cause guess what? We're not the only place that's ever been hit with it. And even after cleaning it up, we'll still get hit again.
A solution is being worked on to ultimately address the issue, but it is going to take a while to do.
-
Thanks for the heads up, installed NoScript. Shame this sort of bull happens though.
-
And Lorric would win a gold star, if I felt like handing any out.
So, make sure you have NoScript on yer browsers cause guess what? We're not the only place that's ever been hit with it. And even after cleaning it up, we'll still get hit again.
A solution is being worked on to ultimately address the issue, but it is going to take a while to do.
No, gimme my gold star, damn it! It's mine! :lol:
-
I've got avast installed but it never told me anything (I told it to be quiet with the popups though...) nothing in the logs either. Then again ive been running noscript for a while now so maybe thats why.
-
I've never liked using NoScript or ScriptSafe (Chrome) because they make browsing of websites really difficult at times. The best method is to block only javascript that points to another domain. But even that renders many websites semi-functional or even unusable. You may not even realize important parts of the page have been blocked because NoScript or ScriptSafe is listing domains that have nothing to do with domain of origin.
All browsers these days have their own methods to protect against cross-site scripting attacks. Of course they are not as safe as disabling scripts altogether unless explicitly allowed, but couple browser's native protection with Adblock Plus' Malware Domains subscription and it gets slightly better. But at least this is not as much an exercise in frustration as running NoScript/ScriptSafe is. http://adblockplus.org/en/subscriptions
-
While yes, NoScript can be frustrating to set up, you can't get something for nothing.
Some people may not want to be bothered with having to be aware of their own surfing habits or paying attention to what links to where they go. Myself, I can't imagine NOT being as aware of that as I can be.
And while AdBlockPlus is useful (I use it in conjunction with NoScript), it still has to rely on subscriptions outside of a users control. And you would have no idea if a subscription got compromised on you until you got hit with it. Which still leads into the whole user awareness bit. Or you have to start filling in either a whitelist or blacklist yourself, which can be time consuming.
I'd rather have a site only partial load and look funky until I examine the NoScript blocked elements than be surprised by random application or desktop popup "X" suddenly showing up on my machine.
I should also point out, I can only converse on the two above as they relate to FireFox. I don't use Chrome for anything but NetFlix and Hulu and even then, I use the Iron Browser variant.
-
Beware
-
something
-
wrong
-
Someone set us up the bomb, today we all speak engrish.
-
There's something wrong indeed:
Anyway, site is moving on the screen like ...well, like when relaxing UVs.
Most noticeable in the Aprils Newsletter, pics in there have a slight rotation - see attachment.
Size of the Font is switching from small to big and back, the spacing of text changes every few seconds...
Mouse cursor disappears when hovering over a link or anything clickable for that matter.
Is this related to the Aprils Fool prank?
[attachment deleted by ninja]
-
Probably Goober screwing with us for all the Java whining! :P
-
Probably Goober screwing with us for all the Java whining! :P
Since adding tapioca pudding to the main page took him three days (http://www.hard-light.net/forums/index.php?topic=83447.msg1667267#msg1667267), probably not. :P
-
There's something wrong indeed:
Anyway, site is moving on the screen like ...well, like when relaxing UVs.
Most noticeable in the Aprils Newsletter, pics in there have a slight rotation - see attachment.
Size of the Font is switching from small to big and back, the spacing of text changes every few seconds...
Mouse cursor disappears when hovering over a link or anything clickable for that matter.
Is this related to the Aprils Fool prank?
I'm not experiencing any of this in Firefox...
-
I'm on FF too, but it seems the April fools zoomscript is still working.
-
I'm on FF too, but it seems the April fools zoomscript is still working.
What version are you using? I'm using 19.0.2 on Windows 7.
Also, are you getting upside-down smileys? They look normal to me in Firefox, but they're upside-down in Internet Explorer 10. (All of this forum's April Fools effects seem to be working there, actually.)