Website hack (redirect to MSN)

[Hialmar]

The website has been hacked with an automatic redirection to MSN.

I am working on the problem but it's not easy.

In order to avoid this you should install a NoScript extension for your browser.

For firefox, you will find it here: http://noscript.net/
For Chrome, you will find it here: https://chrome.google.com/webstore/deta ... kcfn?hl=en

Then you need to blacklist alandfaraway.org in the options of the extension you installed.

For IE, you need to disable javascript as presented here: http://browsers.about.com/od/internetex ... pt-ie9.htm

[Hialmar]

Okay it's worse than I expected.

The guy apparently hacked us through FTP and may have downloaded the passwords for phpBB3 and other databases.

I'll need to change all passwords and you may want to do the same with your passwords for ALFA.

[Hialmar]

Please check your computers for viruses if you got to the website between 2:30 GMT+1 and now.

I.e. during the last 17 hours.

Please accept my apology for this issue.

[Regas]

Just curious what our tech folks would recommend as best free or paid virus protection, I realize nothing is full proof. I used to use spybot and norton's anit vitus, seems my subscription for Norton is out of date though.

[FoamBats4All]

Just curious what our tech folks would recommend as best free or paid virus protection, I realize nothing is full proof. I used to use spybot and norton's anit vitus, seems my subscription for Norton is out of date though.

I used to use Avast! for anti-virus and COMODO for a firewall. Traced some system instability to Avast!, however, and ended up switching to Microsoft Security Essentials.

The important part is not to get infected in the first place. Don't download suspicious files, don't visit suspicious sites. Always use an extension such as No Script on your browser (anyone using this should have been safe(r) from the ALFA hack), and only whitelist sites you trust. You may want to do similarly with Flash and Java -- two of the key causes of web infections.

Additionally, always remember to keep your copy of Windows up to date.

[I-KP]

Thought it was a bit odd when I blocked some bizarre JS calls. All necessary action taken.

Cheers for the heads up and for dealing.

[Galadorn]

Hi, which passwords should be changed? just for the forum? or for NWN2 ALFA server login as well?

[Swift]

Additionally, always remember to keep your copy of Windows up to date.

To hell with that

[Hialmar]

Hi, which passwords should be changed? just for the forum? or for NWN2 ALFA server login as well?

The forum and the website (ie the one you use to see the game servers password here: http://www.alandfaraway.org/servers ) ones.

The game spy password is no longer used now that the game spy master server is over.

[CloudDancing]

Insofar, after I downloaded Noscript, I ran a virus check and a spybot check a few times. I found a load of weird stuff from Facebook Messenger so I got rid of that. Then when I started my computer this morning a txt file with the words "Debug" on it appeared.

I ran it through this fix :http://answers.microsoft.com/en-us/wind ... 61e?page=2

Then I ran msconfig and I found three weird files from Alcatel-Lucent (?) called pcPCmService, pcPCServiceHost, and pcPCMSservice64 I had never seen there before. So I disabled them and I was instructed to uninstall the program it was linked to which I think I did.

Facebook seems to be the worst of it in regards to adds and spyware, but after that everything looked normal.

It seems in the news there is a rash of this going on this month. http://nakedsecurity.sophos.com/ from store sites to organization sites, they are datamining for passwords and personal information. Fortunately I kept my alfa password the numbers and letters I got at my last reset.

[fluffmonster]

Glad I removed java from my machine when I did. I am correct that t. his was a JS exploit, yes?

A word to all... java is bad. Get rid of it unless you have no choice

[FoamBats4All]

Glad I removed java from my machine when I did. I am correct that t. his was a JS exploit, yes?

A word to all... java is bad. Get rid of it unless you have no choice

Java and JavaScript are two entirely different technologies.

[fluffmonster]

...and so how about explaining how that difference is relevant to the case of this hack and our ensuing vulnerability to virii? How is a machine without java at risk of being compromised?

[Zelknolf]

The point is that disabling Java will not protect you from a JavaScript vulnerability, or vice versa (as your earlier post seemed to conflate the two). The added information is to be sure that you're aware of what exactly you're buying into and what you're vulnerable to.

People are generally more worried about Java than JavaScript, as the former has more and more-concerning vulnerabilities to it. (in recent memory, this one can ruin your life) But the contrast should be noted so you can find and adjust the settings that you mean to.

[FoamBats4All]

...and so how about explaining how that difference is relevant to the case of this hack and our ensuing vulnerability to virii? How is a machine without java at risk of being compromised?

As Zelk said. Be sure you take security measures with Java (up to removing it entirely), but also make sure that you use something like NoScript to protect you against JavaScript, as they are two different technologies.