The Wikipedia Review: A forum for discussion and criticism of Wikipedia
Wikipedia Review Op-Ed Pages

Welcome, Guest! ( Log In | Register )

 
Reply to this topicStart new topic
> Sorry about that
Somey
post Wed 4th June 2008, 4:52am
Post #1


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



As many of you know, each year around this time, we like to have a little "technical crisis" which usually involves the board being down for anywhere from a day to a week. We like to think of it as our "little annual vacation."

In this case, the entire site was victimized by a rather malicious "hack" that took advantage of a vulnerability in our WordPress blog, which I, your friendly neighborhood Somey, had failed to upgrade to the latest (less vulnerable) version. I can make the usual excuses, like "it's not my full-time job," and "these WordPress upgrades are always dicey anyway," and "I forgot we actually had a WordPress blog," among many, many others. But for my own limited role in this particular incident, I humbly apologize.

We'll be reinstalling the newer, more fabulous version of WordPress here within the next 48 hours or so, but until then the blog will have to remain inaccessible, I'm afraid.

Finally, there's the question of viruses, trojans, and other malware. We don't believe the hacked pages here on Wikipedia Review were coded to deliver any actual viruses, but we unfortunately can't honestly assure visitors that if the pages in question managed to redirect them to other sites, that those sites wouldn't have attempted to do such terrible, horrible things. This doesn't seem to have happened to anyone we know of, but nevertheless, now might be a good time to ensure that your antivirus software is working and up-to-date! (And maybe do a scan too, just to make sure.)

You can never be too careful!
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Wed 4th June 2008, 6:37am
Post #2


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



OK, I take that last part back - apparently the main index.php file, and only that file, was encoded to try and load an ActiveX control known as "JS_DLOADER," which (if allowed to run) would then handle the redirection to other websites, if not attempt to download stuff from them directly. That particular file was removed from circulation as soon as we could manage it, but I'm afraid it had been in place for nearly 7 hours by then.

But in a sense, the first pare of that is actually good news, because it not only explains the fact that Firefox users weren't affected, but also why many (if not most) IE users weren't affected. Most IE users these days don't allow ActiveX controls to be loaded and run without at least prompting the user first, even if (or rather, particularly if) an anti-virus program isn't installed.

Nevertheless, if your security settings are, shall we say, unusually optimistic, then you might want to search your computer for a recently dated file, most likely named "JS_DLOADER.DAT" or something similar (and be careful not to delete anything important, like your JScript Runtime Environment files).

Again, most (if not all) up-to-date anti-virus programs would have caught this and prevented it, but just in case, here's a page on the "Typical Virus Removal Procedure" from the Spyware and Malware Removal blog:

http://spyware-malware-removal.blogspot.co...-procedure.html

Last but not least, this sort of "mass SQL injection" exploit seems to be all the rage lately in the 1337 H@xx0R!!11 community, and has apparently been used to mess with thousands upon thousands of websites all over the world. So, it's with considerable regret that I'm forced to conclude that this was not a Wikipedia-inspired conspiracy or elaborate revenge plan. Not that I would have assumed anything like that, mind you.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Somey
post Wed 4th June 2008, 7:48pm
Post #3


Can't actually moderate (or even post)
*********

Group: Moderators
Posts: 11,815
Joined: Sat 17th Jun 2006, 7:47pm
From: Dreamland
Member No.: 275



OK folks, in addition to the general mayhem caused by this particular hack, I seem to have missed a cleverly-hidden function in one of the JavaScript files too, which caused the annoying and potentially damaging redirect to occur for registered/logged-in members when they clicked "My Controls" (which will soon be renamed to "Profile & Options") or attempted to send a Personal Message.

Unfortunately, I can't guarantee that the folks who programmed this little gem didn't hide something else in there too... Needless to say, if you come across anything suspicious, by all means let me know by some appropriate means or other (the e-mail address is still AntiCabal ...(atttttt)... gmail.com).

Ugh! Some days are just worse than others, I guess.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

-   Lo-Fi Version Time is now: 25th 5 17, 5:00am