Chemical Castration Posted June 19, 2006 Report Share Posted June 19, 2006 After the 5th time of being attacked by a worm and prompted to download a weird file from www.countbest.net and www.bestcount.net I noticed every link on those sites would redirect you to www.game4all.biz I remember Lee saying that there were bots that would find vulnerabilities and spread worms. But if they were all coming from the same site isnt there something Lee could do to at least inform games4all.biz of what's going on? If it is an intentional attack cant the authorities be notified? Quote Link to comment Share on other sites More sharing options...
Lee Posted June 19, 2006 Report Share Posted June 19, 2006 But if they were all coming from the same site isnt there something Lee could do to at least inform games4all.biz of what's going on? If it is an intentional attack cant the authorities be notified? Yes, and I've done both. This time it was a different file. which leads me to feel good about the file privileges I set last week on the other area it was going into. Meaning, It appears I solved the issue from one angle, but they came at a different angle this time. Quote Link to comment Share on other sites More sharing options...
Chemical Castration Posted June 19, 2006 Author Report Share Posted June 19, 2006 So game4all is intentionally attacking the HQ? I dont know how any of this works but why would the same site constantly send viruses here? Are the owners of the site just retards that dont know the what the definition of subtle is? Thanks for replying Lee. Quote Link to comment Share on other sites More sharing options...
Lee Posted June 19, 2006 Report Share Posted June 19, 2006 So game4all is intentionally attacking the HQ? I dont know how any of this works but why would the same site constantly send viruses here? Are the owners of the site just retards that dont know the what the definition of subtle is? Thanks for replying Lee. Essentially a 'bot', is source code/programming set up, that when it's executed, is to perform artificial intelligence tasks. In our case, the bot scours the net for certain vulnerabilities. Once it comes across one it can penetrate, it simply injects code which calls up trojans, spyware, or whatever it's programmed to do. I have all the patches in place for the forums as called for by Invision Power Services (the developers of the HQ"s forum software). I also have the directories the files were in that got compromised last week set up with stronger permissions/restrictions than Invision requires. However, the bot found another file to edit. I quickly reverted the file back to the clean version and set the restrictions on it as I did above with the others. I would like to be able to set that for the whole forum directory, but unfortunately, there are areas that need to have somewhat open/limited restrictions. I know it's a royal pain in the ass, but myself as well as others are on it. Just like the other bugs/issues we've resolved in the past. -L Quote Link to comment Share on other sites More sharing options...
dawarriorman Posted June 19, 2006 Report Share Posted June 19, 2006 Ok, this has just got me wondering a couple things. What OS are your servers running? And the whole IPB is php right? Where are the vulnerabilities coming from that are allowing them write files on your server (the code for the board right?) In which case, I would think you should be yelling at Invision, as their software has some sort of vulnerability. Of course I could be way off. Quote Link to comment Share on other sites More sharing options...
Lee Posted June 19, 2006 Report Share Posted June 19, 2006 The server is a unix based server. I have open tickets with Invision currently. Quote Link to comment Share on other sites More sharing options...
Animalman294 Posted June 19, 2006 Report Share Posted June 19, 2006 Well no offense to anyone, but if it is invision that has the loopholes that these F*@#ing Trojans are coming in through then they need to fix the problem. My computer at work is locked up because the counties firewall caught and eliminated the Trojan, but I had to take my computer off the network until IS resets my configuration. Hopefully, I won't have to explain where it came from because it showed up when I logged into here on Friday, so I know it came from the HQ. If protection from the viruses, bots or trojans needs to be beefed up to protect the computersof HQ members then do it otherwise members may stop coming here until such time it becomes safer to run our computers safely. Maybe someone should send Game4all a few toys to play with, there has to be someone on here that is knowledgeable with this kind of stuff to send them a couple of nice surprises. Quote Link to comment Share on other sites More sharing options...
Chemical Castration Posted June 19, 2006 Author Report Share Posted June 19, 2006 Essentially a 'bot', is source code/programming set up, that when it's executed, is to perform artificial intelligence tasks. In our case, the bot scours the net for certain vulnerabilities. Once it comes across one it can penetrate, it simply injects code which calls up trojans, spyware, or whatever it's programmed to do. So what's the point of this 'bot?' Is it just a way to generate more traffic for game4all or their clients? I don't understand why the same site would be sending worms here over and over. Each time I browsed their sites my anti virus and firewall never went off, plus there was never any prompts to download any weird files. So other than a lack of taste, I dont think there's anything wrong on their end. Or is it just a coincidence that the file is always coming from them? Quote Link to comment Share on other sites More sharing options...
csrmel Posted June 19, 2006 Report Share Posted June 19, 2006 (edited) i came on the site the other day and my antivirus started going crazy. it kept blocking files but my web browser froze up and i couldnt even mouse the start menu. i had to manually shut the computer down via holding the power button for 5 seconds. i lost about 3 hours time in work on the computer. i (normally save every 3-5 hours). this bot problem is bullshit. im not normally one to complain but this is pathetic. Invision seems like some easy shit to compramise because these problems are concinoually ongoing. its problems like that that force me not to become a donating member. i guess im just a little pissed because i lost some work i was doing. instead of just bitching about the problem, ill offer a suggestion. why not move to another brand of software? hell put up a fund drive if ya have too. i would probably donate to that. i know its probably a pain in the ass to convert over to a new forum software but hell its also got to be a pain to be patching the forum and deleting worms and all that kind of shit on a continual basis. sorry for my bitching, i guess im just venting. "Maybe someone should send Game4all a few toys to play with, there has to be someone on here that is knowledgeable with this kind of stuff to send them a couple of nice surprises." yeah man its called we find the location of their operations and break in there, beat everyone up and steal their computers and sell them on ebay. Edited June 19, 2006 by csrmel Quote Link to comment Share on other sites More sharing options...
Wallrat Posted June 19, 2006 Report Share Posted June 19, 2006 I f'd up my work computer last night too. That's what they get for using shitty anti-virus protection w/ shitty PC's. I had to manually track all that crap down - took about 1.5 hours. From now on I don't think I'll be visiting the HQ cept on my Mac at home. Quote Link to comment Share on other sites More sharing options...
Chemical Castration Posted June 20, 2006 Author Report Share Posted June 20, 2006 This is an email I got a long time ago... > ----- Original Message -----> Subject: byrus > > > BUENOS DIAS!!!-- JOU HAVE YUST RECEIBED A MEHICAN BYRUS. > > SIN WE NO HABE SO GOOD TECHNIOLOGICALLY ADBANCE IN MEHICO, DEES IS A > MANUAL BYRUS. > > PLEESE DELETE ALL JOUR FILES ON JOUR HARD-DRIVE JOURSELF AND SEND > THEES E-MAIL TO EBERYONE JOU KNOW. > > TANK JOU FOR HALPING ME. > > --JULIO MANUEL JOSE RODRIGUEZ-GARCIA---- > MEXICAN HACKER Quote Link to comment Share on other sites More sharing options...
Cotton eyed Joe Posted June 20, 2006 Report Share Posted June 20, 2006 This is an email I got a long time ago... I got that too. Took me the whole next day to get everything put back on my hard drive. Quote Link to comment Share on other sites More sharing options...
Animalman294 Posted June 20, 2006 Report Share Posted June 20, 2006 Whats the purpose for sending a virus to the HQ? I can see if someone wanted to crash a government mainframe, or bank, or a competitor who now uses them because they crashed your computer. But this site is not selling products, or have access to mountains of money. :shoothead: Quote Link to comment Share on other sites More sharing options...
Wallrat Posted June 20, 2006 Report Share Posted June 20, 2006 Whats the purpose for sending a virus to the HQ? Its cuz chicks dig us. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.