+ Reply to Thread
Page 2 of 16 FirstFirst 1 2 3 4 12 ... LastLast
Results 21 to 40 of 305

Thread: Reported Attack Page! THE RED SCARE

  1. #21

    Default Re: Reported Attack Page!

    Thanks a lot, Jonas.




  2. #22
    Admittedly biased Bad Dreamer's Avatar
    Join Date
    Dec 2010
    Location
    Away from Home

    Default Re: Reported Attack Page!

    Just in case anybody didn't notice yet, APforums is no longer blocked in chrome, so I guess the thing with google is already over.

    As I posted earlier, google was mentioning in the diagnostic page that the site has been safe since 15th September. and they have been checking the site daily ever since. I think it took them 10 days to unblock the site because they wanted to insure that the site is no longer suspicious.
    I was banned from HxH thread b/c Robby disagrees with my opinion.

  3. #23

    Default Re: Reported Attack Page!

    Good to know that its finally been fixed! :D
    ****THE NICO ROBIN: ROKUSHIKI PROJECT****
    Go here for the project and here for the thread! (UPDATE 9/4/19)
    ****THE HUAQUANDAO STYLE PROJECT***
    Go here or here (UPDATE 05/10/14)


  4. #24

    Default Re: Reported Attack Page!

    Hey Again,

    Google doesn't automatically get rid of the warning. I'd imagine that it would have to not find malware for 90 days before it'd purge you automatically. After cleaning up the mess, I requested a site review, which has already been done, as you have noticed.
    -- Jonas

  5. #25

    Default Re: Reported Attack Page!

    No warnings here anymore , awesome jonas
    Quote Originally Posted by Kitsune Inferno View Post
    You are a treasure.

  6. #26

    Default Re: Reported Attack Page!

    You rock, Jonas.

  7. #27

    Default Re: Reported Attack Page!

    Quote Originally Posted by Jonas22 View Post
    Hey Again,

    Google doesn't automatically get rid of the warning. I'd imagine that it would have to not find malware for 90 days before it'd purge you automatically. After cleaning up the mess, I requested a site review, which has already been done, as you have noticed.
    Thanks man :D


    .......whoever you are.

  8. #28

  9. #29
    Admittedly biased Bad Dreamer's Avatar
    Join Date
    Dec 2010
    Location
    Away from Home

    Default Re: Reported Attack Page!

    What a good looking vehicle Jonas.... mm, I mean Thanks.
    I was banned from HxH thread b/c Robby disagrees with my opinion.

  10. #30

    Default Re: Reported Attack Page!

    Heso!

    I am glad to see that the problem has been fixed. I missed seeing this site.

  11. #31

    Default Re: Reported Attack Page!

    i don't get that error message anymore thanks for fixing it!

  12. #32
    The Moustache Bandit Nolus's Avatar
    Join Date
    Apr 2010
    Location
    In the moustachy shadows~

    Default Re: Reported Attack Page!

    Thank you very much!


  13. #33

    Default Re: Reported Attack Page!

    Thanks a bunch, Jonas. Now I can come here again without people whining about me visiting potentially dangerous websites.

    By the way, you mentioned some precautionary upgrades. This may be a stupid question since those were meant to fix the hole in security, but how likely is it that the bot/crackers/whoever return and cause us (you) more problems? Should we expect more alarms in the future or are those security issues with vBulletin fixed now?
    In Loving Memory of Toraish, Rex Avium: http://apforums.net/showthread.php?t=40786 | 3DS Friend Code: 3196-4274-7836

  14. #34

    Default Re: Reported Attack Page!

    Dryish:

    I updated some various security related software on the server; not much to do with apf directly.

    As for whether we'll be targeted in the future, my understanding of this (based on the attack vector and the nature of the attack) is that nobody particularly said "Let's attack APF, they're jerks."; it was just a botnet scanning for sites that might be vulnerable to exploits. It is likely we'll be targeted in that way in the future, since:

    1. vbulletin has a large install base
    2. many of these sites get lots of hits
    3. many of these sites have inexperienced or non-technical administrators
    4. vb is written in php which attracts novice developers
    5. and is not straightforward to deploy securely

    The attack worked by uploading php files as an avatar and then visiting /customavatar/(uploaded-script).php. This is kind of a pathetically simple attack which should not work on any software written after 2001, but vBulletin did not check the type of file being uploaded. That's still not the whole attack, though; it was my lack of understanding of the way vb is working that led me to not make exceptions for directories that would receive user uploads; though in my defence I don't believe this was ever mentioned in the installation docs.

    For the people in this thread who do not know me, I am a programmer from NYC, and I have been part of the KF and AP IRC communities for ~8 years. I manage (and pay for) the server that APF runs on, and I am a nice guy.
    -- Jonas

  15. #35
    Discovered Stowaway
    Join Date
    May 2009
    Location
    Some island in new world

    Default Re: Reported Attack Page!

    VB didn't check for extension of file upload? :|

    wow... just wow.
    ...

  16. #36
    Man with the plan mpz777's Avatar
    Join Date
    Aug 2008
    Location
    Home in the SF Bay Area

    Default Re: Reported Attack Page!

    Thank you for all your hard work with the site upkeep, Jonas. Nice to meet you!
    Current Trophy Rank: Lv 14-37%
    Gambit

    Nintendo ID: MPZ777
    Feel free to friend request me. Just let me know your from AP Forums.

  17. #37

    Default Re: Reported Attack Page!

    Thanks for making the effort J-man.

  18. #38

    Default Re: Reported Attack Page!

    Quote Originally Posted by Fire-Fist View Post
    VB didn't check for extension of file upload? :|

    wow... just wow.
    In this case checking the extension would work, as it'd have to be *.php to be executed by the webserver. But more generally, you want to verify that the file is actually of the type the extension claims it to be. This can be done quickly with magic numbers; if you have the unix program file (either in Linux or OSX), you can run it on various files to see what types they are, and this works even if you change the extension.

    For something as important as taking uploads that will be publicly available, you will probably want to verify that a particular image actually contains valid image data; there's a certain layout that image file formats have, with tables and various headers with sizes and offsets, and you can make sure that an image is really an image and not some kind of crafted file that exploits image display libraries.
    -- Jonas

  19. #39

    Default Re: Reported Attack Page!

    i'm just glad the forums are back to normal. i was nearly wrecked when i saw the warning. thanks for fixing the problem!

  20. #40

    Default Re: Reported Attack Page!

    I don't understand a single thing, but I'm grateful to not have that annoying message pop up anymore. Thanks a bunch, jonas.
    Handsome man save me from the monsters.

    Avatar credits to rcerione

+ Reply to Thread

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts