Virus attack from the news section.

Here you can talk about anything not covered by the other forums. Please post in the Tech Support forum for problems using Snes9x.
Locked

Do you know there was a virus on snes9x?

Yes!
1
25%
No!
3
75%
 
Total votes: 4

chris30wjoyner
Snes9x White Belt
Posts: 13
Joined: Sat Jul 26, 2008 10:08 pm

Virus attack from the news section.

Post by chris30wjoyner »

The news section of snes9x.com attacked me with a virus.
adventure_of_link
Hero of Hyrule | Official Port Recruiter
Posts: 2588
Joined: Mon May 24, 2004 5:06 pm
Location: 255.255.255.255

Post by adventure_of_link »

Why did you spam this across the forums -_-" and to top it off why did you make this one a poll
Image

Unofficial Test Monkey For:
* Snes9X GX (Wii)
* Snes9X EX (Android)
* Snes9X 64-bits (PC/Mac)

ZSNES|Ben Heck|NSRT|Bob Smiley
chris30wjoyner
Snes9x White Belt
Posts: 13
Joined: Sat Jul 26, 2008 10:08 pm

Why Poll?

Post by chris30wjoyner »

This was the first one I posted! that's why it's a poll.
I sounding an alarm, to make sure everyone knows that the news section is unhealthy right now.
Deathlike2
Snes9x Brown Belt
Posts: 1158
Joined: Mon Jan 10, 2005 6:34 am

Post by Deathlike2 »

If people knew, it would've been reported ages ago, which is why the poll is illogical.
op89x
Snes9x Yellow Belt
Posts: 199
Joined: Thu Dec 14, 2006 1:58 am

Post by op89x »

Any plans to fix the news section?
adventure_of_link
Hero of Hyrule | Official Port Recruiter
Posts: 2588
Joined: Mon May 24, 2004 5:06 pm
Location: 255.255.255.255

Post by adventure_of_link »

There is no virus on the news section... using firefox 3.0.1 and antivir v8.01.01.12 with the latest definitions.
Image

Unofficial Test Monkey For:
* Snes9X GX (Wii)
* Snes9X EX (Android)
* Snes9X 64-bits (PC/Mac)

ZSNES|Ben Heck|NSRT|Bob Smiley
op89x
Snes9x Yellow Belt
Posts: 199
Joined: Thu Dec 14, 2006 1:58 am

Post by op89x »

So what was that guy spamming on about?
User avatar
kolechovski
Snes9x Brown Belt
Posts: 1100
Joined: Fri May 28, 2004 6:16 pm

Post by kolechovski »

Lock???
The soldier was forced to desert his dessert in the desert.
User avatar
rsa1988
Snes9x Orange Belt
Posts: 282
Joined: Thu Jun 30, 2005 6:57 pm

Post by rsa1988 »

Yes please a lock it seems that this guy seems to be on the recieving end of a drive by maybe.
Image
squall_leonhart69r

Thanks to some dickhead spamming the site had a virus....

Post by squall_leonhart69r »

I can't reply to threads because
Reported Attack Site!

This web site at www.snes9x.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
comes up and i get the new thread form instead.


^oh, it seems it did post to this thread, after all.
User avatar
kolechovski
Snes9x Brown Belt
Posts: 1100
Joined: Fri May 28, 2004 6:16 pm

Post by kolechovski »

Seems like another flaw with Microsucks Winblows.
The soldier was forced to desert his dessert in the desert.
User avatar
OV2
Official Win32 Porter/Dev
Posts: 679
Joined: Thu Aug 30, 2007 10:15 pm

Post by OV2 »

Actually it's a warning message displayed by firefox due to a google safebrowsing listing:
http://safebrowsing.clients.google.com/ ... /index.php
User avatar
rsa1988
Snes9x Orange Belt
Posts: 282
Joined: Thu Jun 30, 2005 6:57 pm

Post by rsa1988 »

So that was happening Google was not all too great with the detection of the site. Can anyone say yeah for false positivies.
Image
adventure_of_link
Hero of Hyrule | Official Port Recruiter
Posts: 2588
Joined: Mon May 24, 2004 5:06 pm
Location: 255.255.255.255

Post by adventure_of_link »

well that certainly explains how come last time I checked new posts in this thread I got an error about this thread being an attack site :?
Image

Unofficial Test Monkey For:
* Snes9X GX (Wii)
* Snes9X EX (Android)
* Snes9X 64-bits (PC/Mac)

ZSNES|Ben Heck|NSRT|Bob Smiley
mikeysama
Snes9x White Belt
Posts: 1
Joined: Tue Sep 23, 2008 10:25 pm

Post by mikeysama »

I tried emailing the webmaster and "Gary", whoever he is, but got undeliverable email notices, so I'll post it here.

"Google and firefox both claim that SNES9X.com is a malicious site, and sure enough, when I visit the News page something from coldwop.com tries to infect my system. Likely the site was hit by a hacker. Given the popularity of SNES9X, one would think this problem would have been dealt with immediately, but there are posts on the forum mentioning this dated from back in July, with no replys from a webmaster. Given SNES9X's legacy, it seems like a bad idea to ignore this issue. Thank you."
adventure_of_link
Hero of Hyrule | Official Port Recruiter
Posts: 2588
Joined: Mon May 24, 2004 5:06 pm
Location: 255.255.255.255

Post by adventure_of_link »

AFAIK, Gary quit the scene a long time ago, and Jerremy pokes his head in every once in a VERY GREAT while.

given that the server itself uses windows...
Image

Unofficial Test Monkey For:
* Snes9X GX (Wii)
* Snes9X EX (Android)
* Snes9X 64-bits (PC/Mac)

ZSNES|Ben Heck|NSRT|Bob Smiley
User avatar
kolechovski
Snes9x Brown Belt
Posts: 1100
Joined: Fri May 28, 2004 6:16 pm

Post by kolechovski »

What is coldwop.com, anyhow? I assume it's an ad banner that's trying to load? Wouldn't there simply be some kind of custom code a forum admin could write to ban any data from that site? That should fix the problem, right?
The soldier was forced to desert his dessert in the desert.
Jerremy
Site Admin
Posts: 25
Joined: Fri May 14, 2004 9:49 pm

Post by Jerremy »

Here is me poking my head in again :)

If anyone would have send me a message on this forum, then I would have been able to react a whole lot faster (this forum has my current email address, jerremy@snes9x.com has been given up years ago due to the insane amount of spam it gets daily).

Anyways, the damage has been done and I am in the process of cleaning up the mess. It seems that the code that 'manages' the website (which dates from 1999 and its very outdated ! ) was open for sql-injection.

This was then used to update all news / journal messages to add some scripts from various mallicious sites. (spelling)

This has -nothing- to do with Windows and everything to do with unsecure coding. SQL Injection wasnt heard off much (and the url of the 'management' pages wherent known). Its no excuse though.

I'm unsure how they figured out what page it was, but no matter. The SQL injection will be fixed, the pages will be clean up. I have, however, no idea how to 'unblacklist' the site.
User avatar
OV2
Official Win32 Porter/Dev
Posts: 679
Joined: Thu Aug 30, 2007 10:15 pm

Post by OV2 »

Great to hear from you. You are right, someone should have at least tried to PM you :oops:

As for the blacklist removal, I've found the following FAQ for google safebrowsing: http://serpguard.com/faq2/
Jerremy
Site Admin
Posts: 25
Joined: Fri May 14, 2004 9:49 pm

Post by Jerremy »

Google was fast enough with deblocking the site. Everything is back to normal, the leaks (multiple :oops: ) have been closed.
Locked