Initial D World - Discussion Board / Forums
   
Welcome Guest ( Log In | Register )Resend Validation Email

DJ Panel ( Server Stats )   Song History   Initial D World Chat Room (IRC)   Broadband Stream
RADIO BROADCAST » streaming at 96kbps with 17 unique listeners, playing (Battle Stage 2) Lou Grant - Don't Stop The Music 2006

       

2 Pages  1 2  ( Go to first unread post )

Views: 14,578  ·  Replies: 45 
> Forum Skins Temporarily Disabled
Tessou
    Posted: Feb 11 2013, 04:33 PM


DRAKARYS
Group Icon

Group: ADMINISTRATOR
Posts: 19,129
Member No.: 12,263
Joined: Sep 12th 2005
Location: Update Profile





A few members have alerted me to the presence of infected code in some of the skins available on IDW.

While we work on correcting the problem and clean up the problem areas, all skins except for IPB Skin Set 1.2 are disabled for all members (including staff like myself). The menu for selecting skins has been removed from all site pages until further notice.

It will not be like this for long. Expect skin selection to come back in less than a week.
Proud Contributor of the Music Section Revival Project
Nomake Wan
Posted: Feb 11 2013, 05:16 PM


ShiMACHaze
**********

Group: Advanced Members
Posts: 19,146
Member No.: 5,394
Joined: Feb 5th 2005
Location: Drydock





Thank you for the heads-up, great work! happy.gif

EDIT: Uh, looks like the 'Mark all posts as read' function on IPB default got nuked accidentally! Help!

EDIT 2: Temp link for people like me who rely on it:

Mark All Posts As Read

This post has been edited by Nomake Wan on Feb 11 2013, 05:20 PM
Proud Contributor of the Music Section Revival Project
Lebon14
Posted: Feb 11 2013, 05:46 PM


Totally Gone U Gaiz 4 Real
**********

Group: Advanced Members
Posts: 6,593
Member No.: 18,005
Joined: May 25th 2006
Location: Canada





QUOTE (Tessou @ 1 hour, 12 minutes ago)
A few members have alerted me to the presence of infected code in some of the skins available on IDW.

While we work on correcting the problem and clean up the problem areas, all skins except for IPB Skin Set 1.2 are disabled for all members (including staff like myself). The menu for selecting skins has been removed from all site pages until further notice.

It will not be like this for long. Expect skin selection to come back in less than a week.

Oh, okay, I was wondering why. Thanks!
Proud Contributor of the Music Section Revival Project
ThrasherDBS
Posted: Feb 11 2013, 06:26 PM


IDW Expert Member
******

Group: Members
Posts: 127
Member No.: 39,272
Joined: Nov 7th 2012
Location: Grants Pass, OR, USA





When everything is fixed, will it remember the skin we had previously, or will we have to go into our control panel and reset it?

Thank you for taking the time to correct the issue.
Nerubian
Posted: Feb 11 2013, 06:56 PM


Living in the woods when it's raining in the dark.
**********

Group: Advanced Members
Posts: 1,218
Member No.: 36,931
Joined: Jan 25th 2011
Location: The Salty Spitoon





Does anyone else get virus alerts when clicking on the "View New Posts" link?
kyonpalm
Posted: Feb 11 2013, 07:21 PM


Professional Amateur
Group Icon

Group: ADMINISTRATOR
Posts: 10,445
Member No.: 30,882
Joined: Oct 16th 2008
Location: Laniakea





QUOTE (Nerubian @ 24 minutes, 48 seconds ago)
Does anyone else get virus alerts when clicking on the "View New Posts" link?

How are you even still seeing that? Shouldn't it be gone along with "Mark all posts as read"?
Proud Contributor of the Music Section Revival Project
Nomake Wan
Posted: Feb 11 2013, 08:14 PM


ShiMACHaze
**********

Group: Advanced Members
Posts: 19,146
Member No.: 5,394
Joined: Feb 5th 2005
Location: Drydock





QUOTE (Nerubian @ 1 hour, 17 minutes ago)
Does anyone else get virus alerts when clicking on the "View New Posts" link?

There shouldn't be virus alerts on that function as--if I recall correctly--it is using pure IPB code to run. The problem only affects non-IPB code. Something may be wrong on your end. Can you take a screenshot of the problem and PM it?
Proud Contributor of the Music Section Revival Project
Rudy
Posted: Feb 11 2013, 11:15 PM


Unregistered












(THIS POST WAS REMOVED BY REQUEST)
THE_HONDA_CG2
Posted: Feb 11 2013, 11:52 PM


Patient Zero
**********

Group: Advanced Members
Posts: 4,273
Member No.: 37,947
Joined: Oct 1st 2011
Location: Update Profile





Yeah, I caught something early this morning when I was making my rounds. It popped up briefly on my screen before it went away. Man it was one hell of a way to wake up! At least it wasn't a creepy picture of a screaming zombie or something. Spoiler'd because it might be a tad NSFW.

SPOILER
s12drifter
Posted: Feb 12 2013, 01:46 AM


The Lulz Boat
**********

Group: Advanced Members
Posts: 1,358
Member No.: 23,696
Joined: Mar 21st 2007
Location: Update Profile





that looks russian :x but anyway yea i miss my dark gray skin oh how will i go on it life without it!!!! :x this white skin is WAY to bright :x
kazahana
Posted: Feb 12 2013, 03:45 AM


IDW's Resident Yoyoer
**********

Group: Advanced Members
Posts: 1,779
Member No.: 21,778
Joined: Nov 15th 2006
Location: KL





Got a shock for a moment, and saw this thread. Good work Pear Pear.
Nomake Wan
Posted: Feb 12 2013, 03:49 AM


ShiMACHaze
**********

Group: Advanced Members
Posts: 19,146
Member No.: 5,394
Joined: Feb 5th 2005
Location: Drydock





QUOTE (kazahana @ 4 minutes, 3 seconds ago)
Got a shock for a moment, and saw this thread. Good work Pear Pear.

Thank Tessou, not Pear. smile.gif
Proud Contributor of the Music Section Revival Project
Btown86
Posted: Feb 12 2013, 05:04 AM


IDW Member
**

Group: Members
Posts: 25
Member No.: 40,418
Joined: Jan 29th 2013
Location: Boston, Ma





i knew something looked different this morning when i got on the site, I just couldnt figure it out till i saw this thread. haha
Tessou
  Posted: Feb 12 2013, 05:13 AM


DRAKARYS
Group Icon

Group: ADMINISTRATOR
Posts: 19,129
Member No.: 12,263
Joined: Sep 12th 2005
Location: Update Profile





QUOTE (ThrasherDBS @ Yesterday, 10:26 PM)
When everything is fixed, will it remember the skin we had previously, or will we have to go into our control panel and reset it?

Thank you for taking the time to correct the issue.

Unfortunately, the forum will not remember what you were using, so you will have to go and change it back to what you used once we reactivate skins.

This is because I turned off skin selection and then forced all members to use the current skin, effectively locking them out of the other selections. This meant that the system considers that all members chose this skin on their own, so when the other skins become available, you will have to choose them to set them as your default instead of what you see right now.
Proud Contributor of the Music Section Revival Project
Nomake Wan
Posted: Feb 12 2013, 05:15 AM


ShiMACHaze
**********

Group: Advanced Members
Posts: 19,146
Member No.: 5,394
Joined: Feb 5th 2005
Location: Drydock





Thanks to Honda_CG2 and SgtXDNX I've found a much more massive problem than initially expected, one that has likely been plaguing the forums for weeks undetected. Either that or it really has just started up again recently...which would be a best-case scenario, to be honest.

Either way, please note that the forums are currently infected beyond repair at least until Perry returns from overseas. The only solution is to close the forums entirely as a temporary measure. Tessou, I have PM'd you with the information.

In the mean time I'm sick of keeping this quiet. Mods, if I come back and find out my post has been edited then I can be absolutely sure that you're more concerned about covering your asses than you are about security or keeping the member base safe and in he loop.

Point is guys, the forum's javascript was infected by an iframe that was forcing browsers to invisibly visit some stupid photography site to boost that site's hits. This would only be triggered when a javascript function was called, such as the smileys in posts or the spell checker in the non-IPB-default skins. Most javascript functions were cleaned by Perry before he left but the spell-checker in the non-IPB-default skins were still infected. I figure this may be because Perry, like me, only uses the default skin and therefore didn't catch the extra javascript file that those skins use.

However, now come to find out that the IPB itself appears to be infected. I'm not sure of the vector for this one unfortunately but it doesn't appear to be javascript-based. It's embedded in all transfer functions--making posts, editing posts, logging in, changing your avatar, etc. It's a redirect script on a massive scale, redirecting to various websites in Russia. On top of that those redirects include your authorization key since that key is sent in plaintext via the URL. While the pass_hash function is indeed part of this interaction I do not believe it is actually transmitted as that function loads well before the infected code runs. The infected code itself appears to be an IPB-specific version of the very same traffic-pumping infection that had been in the Javascript, albeit to a site in Russia instead of a photography site.

I've already pored over the source code for the forum pages that lead to the affected redirects and the source stylesheets and javascript functions are all clean. That means only one thing: IPB itself is what's infected. The forums must be shut down temporarily.

See you when this is resolved, all. I'm out.
Proud Contributor of the Music Section Revival Project
Tessou
  Posted: Feb 12 2013, 05:20 AM


DRAKARYS
Group Icon

Group: ADMINISTRATOR
Posts: 19,129
Member No.: 12,263
Joined: Sep 12th 2005
Location: Update Profile





This is something that the mod team did not detect, and we weren't keeping anything hush-hush, so there's no worries as to having anything redacted. You and many other members have done a fantastic job letting us know what's going on, especially considering that the mod team itself has not reported any problems on the site, aside from Honda in this thread. The staff section has been quiet for weeks.

This is a serious matter, and I am heavily considering your suggestion of shutting the site down as a safety measure until we can hammer out this infection.
Proud Contributor of the Music Section Revival Project
Spaz
Posted: Feb 12 2013, 05:37 AM


I just wanna go fast
Group Icon

Group: FORUM MODERATOR
Posts: 9,178
Member No.: 30,193
Joined: Jul 25th 2008
Location: Plymouth, MN





That's... unfortunate. But then again, it's something that comes with the territory when using software this old.

I hadn't noticed anything myself.
RedsunsF1
Posted: Feb 12 2013, 07:13 AM


Nasa UT | Global Time Attack | AWD Limited
**********

Group: Advanced Members
Posts: 853
Member No.: 38,401
Joined: Feb 29th 2012
Location: Salt Lake City, UT





user posted image

Thought my account got deleted for a second haha facepalm.gif
Thanks for the heads up
Nomake Wan
Posted: Feb 12 2013, 05:23 PM


ShiMACHaze
**********

Group: Advanced Members
Posts: 19,146
Member No.: 5,394
Joined: Feb 5th 2005
Location: Drydock





QUOTE (Tessou @ Today, 5:20 AM)
This is something that the mod team did not detect, and we weren't keeping anything hush-hush, so there's no worries as to having anything redacted. You and many other members have done a fantastic job letting us know what's going on, especially considering that the mod team itself has not reported any problems on the site, aside from Honda in this thread. The staff section has been quiet for weeks.

This is a serious matter, and I am heavily considering your suggestion of shutting the site down as a safety measure until we can hammer out this infection.

Now that we're back allow me to formally apologize if it seemed I was 'attacking' you or the way you run the site. This was not the case--I don't believe you and I have ever discussed the situations that have affected the site's code and so it was actually what I had been told by other moderating team members during the first incident that I was rallying against. Generally I got the idea that security issues were to be kept 'hush-hush', but this one was so huge that I just felt I couldn't stay quiet about it.

Again, my apologies... and welcome back, IDW! cool.gif
Proud Contributor of the Music Section Revival Project
HorizontalMitsubishi
Posted: Feb 12 2013, 07:29 PM


Part of the Tessou Signature Series
**********

Group: Advanced Members
Posts: 2,438
Member No.: 2,022
Joined: Jun 16th 2004
Location: Torrance California





If you need help cleaning up the site, I've been doing more and more of that lately, I had two VB based forums get hit and a wordpress site get hit.
Nomake Wan
Posted: Feb 12 2013, 08:01 PM


ShiMACHaze
**********

Group: Advanced Members
Posts: 19,146
Member No.: 5,394
Joined: Feb 5th 2005
Location: Drydock





QUOTE (HorizontalMitsubishi @ 31 minutes, 36 seconds ago)
If you need help cleaning up the site, I've been doing more and more of that lately, I had two VB based forums get hit and a wordpress site get hit.

It looks like we're all good now and thankfully it wasn't actually the forum software that was vulnerable. smile.gif So easy it could be done from China!
Proud Contributor of the Music Section Revival Project
Tessou
  Posted: Feb 13 2013, 08:53 AM


DRAKARYS
Group Icon

Group: ADMINISTRATOR
Posts: 19,129
Member No.: 12,263
Joined: Sep 12th 2005
Location: Update Profile





QUOTE (Nomake Wan @ Yesterday, 9:23 PM)
Now that we're back allow me to formally apologize if it seemed I was 'attacking' you or the way you run the site. This was not the case--I don't believe you and I have ever discussed the situations that have affected the site's code and so it was actually what I had been told by other moderating team members during the first incident that I was rallying against. Generally I got the idea that security issues were to be kept 'hush-hush', but this one was so huge that I just felt I couldn't stay quiet about it.

Again, my apologies... and welcome back, IDW! cool.gif

I never read it that way, so it's all good. No worries. happy.gif
Proud Contributor of the Music Section Revival Project
Möbius
Posted: Feb 13 2013, 09:06 AM


IDW Top Poster
**********

Group: Advanced Members
Posts: 33,844
Member No.: 3,524
Joined: Oct 2nd 2004
Location: Update Profile





Just got back, my skin is as set before, thanks for the heads up a couple pages up, Don.
Nerubian
Posted: Feb 13 2013, 10:04 AM


Living in the woods when it's raining in the dark.
**********

Group: Advanced Members
Posts: 1,218
Member No.: 36,931
Joined: Jan 25th 2011
Location: The Salty Spitoon





QUOTE (Nomake Wan @ Yesterday, 5:14 AM)
There shouldn't be virus alerts on that function as--if I recall correctly--it is using pure IPB code to run. The problem only affects non-IPB code. Something may be wrong on your end. Can you take a screenshot of the problem and PM it?

Virus alert don't appear anymore, now.
RedsunsF1
Posted: Feb 13 2013, 10:06 AM


Nasa UT | Global Time Attack | AWD Limited
**********

Group: Advanced Members
Posts: 853
Member No.: 38,401
Joined: Feb 29th 2012
Location: Salt Lake City, UT





I had to re-select the skin again but that's not a problem.
Glad it's all working again.

2 Pages  1 2