Virus attack from the news section.

chris30wjoyner · Post by **chris30wjoyner** » Sat Jul 26, 2008 10:11 pm

The news section of snes9x.com attacked me with a virus.

adventure_of_link · Post by **adventure_of_link** » Sat Jul 26, 2008 10:37 pm

Why did you spam this across the forums -_-" and to top it off why did you make this one a poll

chris30wjoyner · Post by **chris30wjoyner** » Sat Jul 26, 2008 10:55 pm

This was the first one I posted! that's why it's a poll.
I sounding an alarm, to make sure everyone knows that the news section is unhealthy right now.

Deathlike2 · Post by **Deathlike2** » Sat Jul 26, 2008 11:35 pm

If people knew, it would've been reported ages ago, which is why the poll is illogical.

op89x · Post by **op89x** » Tue Jul 29, 2008 9:29 pm

Any plans to fix the news section?

adventure_of_link · Post by **adventure_of_link** » Wed Jul 30, 2008 12:33 am

There is no virus on the news section... using firefox 3.0.1 and antivir v8.01.01.12 with the latest definitions.

op89x · Post by **op89x** » Wed Jul 30, 2008 2:43 am

So what was that guy spamming on about?

kolechovski · Post by **kolechovski** » Tue Aug 12, 2008 3:57 pm

Lock???

rsa1988 · Post by **rsa1988** » Mon Aug 18, 2008 11:17 pm

Yes please a lock it seems that this guy seems to be on the recieving end of a drive by maybe.

squall_leonhart69r · Post by **squall_leonhart69r** » Sat Sep 20, 2008 11:38 am

I can't reply to threads because

Reported Attack Site!

This web site at www.snes9x.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

comes up and i get the new thread form instead.

^oh, it seems it did post to this thread, after all.

kolechovski · Post by **kolechovski** » Sat Sep 20, 2008 7:21 pm

Seems like another flaw with Microsucks Winblows.

OV2 · Post by **OV2** » Sat Sep 20, 2008 7:27 pm

Actually it's a warning message displayed by firefox due to a google safebrowsing listing:
http://safebrowsing.clients.google.com/ ... /index.php

rsa1988 · Post by **rsa1988** » Sat Sep 20, 2008 8:24 pm

So that was happening Google was not all too great with the detection of the site. Can anyone say yeah for false positivies.

adventure_of_link · Post by **adventure_of_link** » Sun Sep 21, 2008 9:01 am

well that certainly explains how come last time I checked new posts in this thread I got an error about this thread being an attack site

mikeysama · Post by **mikeysama** » Tue Sep 23, 2008 10:31 pm

I tried emailing the webmaster and "Gary", whoever he is, but got undeliverable email notices, so I'll post it here.

"Google and firefox both claim that SNES9X.com is a malicious site, and sure enough, when I visit the News page something from coldwop.com tries to infect my system. Likely the site was hit by a hacker. Given the popularity of SNES9X, one would think this problem would have been dealt with immediately, but there are posts on the forum mentioning this dated from back in July, with no replys from a webmaster. Given SNES9X's legacy, it seems like a bad idea to ignore this issue. Thank you."

adventure_of_link · Post by **adventure_of_link** » Wed Sep 24, 2008 3:46 am

AFAIK, Gary quit the scene a long time ago, and Jerremy pokes his head in every once in a VERY GREAT while.

given that the server itself uses windows...

kolechovski · Post by **kolechovski** » Tue Sep 30, 2008 11:48 pm

What is coldwop.com, anyhow? I assume it's an ad banner that's trying to load? Wouldn't there simply be some kind of custom code a forum admin could write to ban any data from that site? That should fix the problem, right?

Post by **Jerremy** » Thu Oct 09, 2008 5:31 pm

Here is me poking my head in again

If anyone would have send me a message on this forum, then I would have been able to react a whole lot faster (this forum has my current email address, jerremy@snes9x.com has been given up years ago due to the insane amount of spam it gets daily).

Anyways, the damage has been done and I am in the process of cleaning up the mess. It seems that the code that 'manages' the website (which dates from 1999 and its very outdated ! ) was open for sql-injection.

This was then used to update all news / journal messages to add some scripts from various mallicious sites. (spelling)

This has -nothing- to do with Windows and everything to do with unsecure coding. SQL Injection wasnt heard off much (and the url of the 'management' pages wherent known). Its no excuse though.

I'm unsure how they figured out what page it was, but no matter. The SQL injection will be fixed, the pages will be clean up. I have, however, no idea how to 'unblacklist' the site.

OV2 · Post by **OV2** » Thu Oct 09, 2008 6:40 pm

Great to hear from you. You are right, someone should have at least tried to PM you

As for the blacklist removal, I've found the following FAQ for google safebrowsing: http://serpguard.com/faq2/

Post by **Jerremy** » Fri Oct 10, 2008 11:55 am

Google was fast enough with deblocking the site. Everything is back to normal, the leaks (multiple

) have been closed.

Snes9x.com

Virus attack from the news section.

Do you know there was a virus on snes9x?

Virus attack from the news section.

Why Poll?

Thanks to some dickhead spamming the site had a virus....