Snes9x.com

The news section of snes9x.com attacked me with a virus.

Why did you spam this across the forums -_-" and to top it off why did you make this one a poll

This was the first one I posted! that's why it's a poll.
I sounding an alarm, to make sure everyone knows that the news section is unhealthy right now.

If people knew, it would've been reported ages ago, which is why the poll is illogical.

Any plans to fix the news section?

There is no virus on the news section... using firefox 3.0.1 and antivir v8.01.01.12 with the latest definitions.

So what was that guy spamming on about?

Lock???

Yes please a lock it seems that this guy seems to be on the recieving end of a drive by maybe.

I can't reply to threads because

Reported Attack Site!

This web site at www.snes9x.com has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.

comes up and i get the new thread form instead.


^oh, it seems it did post to this thread, after all.

Seems like another flaw with Microsucks Winblows.

Actually it's a warning message displayed by firefox due to a google safebrowsing listing:
http://safebrowsing.clients.google.com/ ... /index.php

So that was happening Google was not all too great with the detection of the site. Can anyone say yeah for false positivies.

well that certainly explains how come last time I checked new posts in this thread I got an error about this thread being an attack site

I tried emailing the webmaster and "Gary", whoever he is, but got undeliverable email notices, so I'll post it here.

"Google and firefox both claim that SNES9X.com is a malicious site, and sure enough, when I visit the News page something from coldwop.com tries to infect my system. Likely the site was hit by a hacker. Given the popularity of SNES9X, one would think this problem would have been dealt with immediately, but there are posts on the forum mentioning this dated from back in July, with no replys from a webmaster. Given SNES9X's legacy, it seems like a bad idea to ignore this issue. Thank you."

AFAIK, Gary quit the scene a long time ago, and Jerremy pokes his head in every once in a VERY GREAT while.

given that the server itself uses windows...

What is coldwop.com, anyhow? I assume it's an ad banner that's trying to load? Wouldn't there simply be some kind of custom code a forum admin could write to ban any data from that site? That should fix the problem, right?

Here is me poking my head in again

If anyone would have send me a message on this forum, then I would have been able to react a whole lot faster (this forum has my current email address, jerremy@snes9x.com has been given up years ago due to the insane amount of spam it gets daily).

Anyways, the damage has been done and I am in the process of cleaning up the mess. It seems that the code that 'manages' the website (which dates from 1999 and its very outdated ! ) was open for sql-injection.

This was then used to update all news / journal messages to add some scripts from various mallicious sites. (spelling)

This has -nothing- to do with Windows and everything to do with unsecure coding. SQL Injection wasnt heard off much (and the url of the 'management' pages wherent known). Its no excuse though.

I'm unsure how they figured out what page it was, but no matter. The SQL injection will be fixed, the pages will be clean up. I have, however, no idea how to 'unblacklist' the site.

Great to hear from you. You are right, someone should have at least tried to PM you

As for the blacklist removal, I've found the following FAQ for google safebrowsing: http://serpguard.com/faq2/

Google was fast enough with deblocking the site. Everything is back to normal, the leaks (multiple ) have been closed.