Page 1 of 2
Website hack (redirect to MSN)
Posted: Sat Feb 09, 2013 1:03 pm
by Hialmar
The website has been hacked with an automatic redirection to MSN.
I am working on the problem but it's not easy.
In order to avoid this you should install a NoScript extension for your browser.
For firefox, you will find it here:
http://noscript.net/
For Chrome, you will find it here:
https://chrome.google.com/webstore/deta ... kcfn?hl=en
Then you need to blacklist alandfaraway.org in the options of the extension you installed.
For IE, you need to disable javascript as presented here:
http://browsers.about.com/od/internetex ... pt-ie9.htm
Re: Website hack (redirect to MSN)
Posted: Sat Feb 09, 2013 4:06 pm
by Hialmar
Okay it's worse than I expected.
The guy apparently hacked us through FTP and may have downloaded the passwords for phpBB3 and other databases.
I'll need to change all passwords and you may want to do the same with your passwords for ALFA.
Re: Website hack (redirect to MSN)
Posted: Sat Feb 09, 2013 6:34 pm
by Hialmar
Please check your computers for viruses if you got to the website between 2:30 GMT+1 and now.
I.e. during the last 17 hours.
Please accept my apology for this issue.
Re: Website hack (redirect to MSN)
Posted: Sat Feb 09, 2013 9:11 pm
by Regas
Just curious what our tech folks would recommend as best free or paid virus protection, I realize nothing is full proof. I used to use spybot and norton's anit vitus, seems my subscription for Norton is out of date though.
Re: Website hack (redirect to MSN)
Posted: Sat Feb 09, 2013 9:20 pm
by FoamBats4All
Regas wrote:Just curious what our tech folks would recommend as best free or paid virus protection, I realize nothing is full proof. I used to use spybot and norton's anit vitus, seems my subscription for Norton is out of date though.
I used to use Avast! for anti-virus and COMODO for a firewall. Traced some system instability to Avast!, however, and ended up switching to Microsoft Security Essentials.
The important part is not to get infected in the first place. Don't download suspicious files, don't visit suspicious sites. Always use an extension such as
No Script on your browser (anyone using this should have been safe(r) from the ALFA hack), and only whitelist sites you trust. You may want to do similarly with Flash and Java -- two of the key causes of web infections.
Additionally, always remember to keep your copy of Windows up to date.
Re: Website hack (redirect to MSN)
Posted: Sat Feb 09, 2013 9:53 pm
by I-KP
Thought it was a bit odd when I blocked some bizarre JS calls. All necessary action taken.
Cheers for the heads up and for dealing.
Re: Website hack (redirect to MSN)
Posted: Sun Feb 10, 2013 12:31 am
by Galadorn
Hi, which passwords should be changed? just for the forum? or for NWN2 ALFA server login as well?
Re: Website hack (redirect to MSN)
Posted: Sun Feb 10, 2013 12:56 am
by Swift
FoamBats4All wrote:Additionally, always remember to keep your copy of Windows up to date.
To hell with that

Re: Website hack (redirect to MSN)
Posted: Sun Feb 10, 2013 7:18 am
by Hialmar
Galadorn wrote:Hi, which passwords should be changed? just for the forum? or for NWN2 ALFA server login as well?
The forum and the website (ie the one you use to see the game servers password here:
http://www.alandfaraway.org/servers ) ones.
The game spy password is no longer used now that the game spy master server is over.
Re: Website hack (redirect to MSN)
Posted: Sun Feb 10, 2013 9:15 pm
by CloudDancing
Insofar, after I downloaded Noscript, I ran a virus check and a spybot check a few times. I found a load of weird stuff from Facebook Messenger so I got rid of that. Then when I started my computer this morning a txt file with the words "Debug" on it appeared.
I ran it through this fix :
http://answers.microsoft.com/en-us/wind ... 61e?page=2
Then I ran msconfig and I found three weird files from Alcatel-Lucent (?) called pcPCmService, pcPCServiceHost, and pcPCMSservice64 I had never seen there before. So I disabled them and I was instructed to uninstall the program it was linked to which I think I did.
Facebook seems to be the worst of it in regards to adds and spyware, but after that everything looked normal.
It seems in the news there is a rash of this going on this month.
http://nakedsecurity.sophos.com/ from store sites to organization sites, they are datamining for passwords and personal information. Fortunately I kept my alfa password the numbers and letters I got at my last reset.
Re: Website hack (redirect to MSN)
Posted: Mon Feb 11, 2013 6:06 am
by fluffmonster
Glad I removed java from my machine when I did. I am correct that t. his was a JS exploit, yes?
A word to all... java is bad. Get rid of it unless you have no choice
Re: Website hack (redirect to MSN)
Posted: Mon Feb 11, 2013 6:21 am
by FoamBats4All
fluffmonster wrote:Glad I removed java from my machine when I did. I am correct that t. his was a JS exploit, yes?
A word to all... java is bad. Get rid of it unless you have no choice
Java and JavaScript are two entirely different technologies.
Re: Website hack (redirect to MSN)
Posted: Mon Feb 11, 2013 3:30 pm
by fluffmonster
...and so how about explaining how that difference is relevant to the case of this hack and our ensuing vulnerability to virii? How is a machine without java at risk of being compromised?
Re: Website hack (redirect to MSN)
Posted: Mon Feb 11, 2013 3:57 pm
by Zelknolf
The point is that disabling Java will not protect you from a JavaScript vulnerability, or vice versa (as your earlier post seemed to conflate the two). The added information is to be sure that you're aware of what exactly you're buying into and what you're vulnerable to.
People are generally more worried about Java than JavaScript, as the former has more and more-concerning vulnerabilities to it. (in recent memory,
this one can ruin your life) But the contrast should be noted so you can find and adjust the settings that you mean to.
Re: Website hack (redirect to MSN)
Posted: Mon Feb 11, 2013 4:22 pm
by FoamBats4All
fluffmonster wrote:...and so how about explaining how that difference is relevant to the case of this hack and our ensuing vulnerability to virii? How is a machine without java at risk of being compromised?
As Zelk said. Be sure you take security measures with Java (up to removing it entirely), but also make sure that you use something like NoScript to protect you against JavaScript, as they are two different technologies.