Welcome to Star Trek Simulation Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll be able to customize your profile, receive reputation points as a reward for submitting content, while also communicating with other members via your own private inbox, plus much more! This message will be removed once you have signed in.

Sign in to follow this  
Followers 0
Atragon9

Another Evil Boards Script

Someone got to our Boards and altered the "skin" behind the scenes last evening. This is not the same "exploiting of a security hole in the code" that we had with our old Boards. The Board software is secure (as far as anything can be), but someone was able to use one of the many holes in IE (called XSS or Cross Site Scripting) to pass evil data to the Admin script and cause a Trojan to be waiting for anyone using Microsoft's Internet Explorer as their browser.

 

Webbie has rolled back the skin to it's original version and the bug is gone. Next, he will work with the folks at IPB (the Boards vendor) to try and divert any future IE-based attacks, but the best defense is a good browser! I am strongly recommending Firefox for all to use. It is free, secure, robust, and can even be set up to look exactly like IE, if that's what you like. Coming in through Firefox, any evil script would still be present on the Boards, but would do nothing to you.

 

I know I just warned against posting links, but I will break my own rule for this one. I cannot say enough good things about using Firefox for accessing STSF (or any site, as it is faster that IE, anyway). You can either click on this link or browse, manually, to http://www.getfirefox.com

Share this post


Link to post
Share on other sites

Just to be clear, the attack last night (and the recent ones we have also experienced) are not targeted at STSF, but they are distributed across the Internet and end up hitting anyone using the same file type/structure as our Boards provider. Last night, there were probably thousands of web sites affected with the same problems. The Boards company is almost ready with a complete redesign of their software and once it is available and tested, we will be putting it in place here.

 

One last clarification is that these recent attacks have only affected the Boards and not the Chat Rooms or any other stsf.net web page.

Share this post


Link to post
Share on other sites

And again!

 

We got side-swiped again with a Trojan program, once on Saturday evening, October 21 and again, this morning. We have cleaned our code back to the original settings and all is well for now. The newer version of the Boards software should be ready very soon and we will upgrade to it as quickly as we can, in an effort to stop any more intrusions. I apologize for these issues, but please know that we are responding to them as quickly as they arise. Thank you.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0