I know many of you hate BG forums but we want everyone to see this. It is real and many of you may have it and many of you may not. It takes all but 5 min max to read and execute. So swallow your pride and please read.
http://bluegartrls.com/forum/viewtopic.php?f=2&t=27256
Taken from the post incase skimmed over to fast.
Realplayer exploit article: Here
Quick steps to insure safety: Here
It seems it's an exploit on realplayer. Causing it to autodownload the script/trojan.
Edited, Dec 12th 2007 4:47am by Tearshang
Edited, Dec 12th 2007 5:13am by Tearshang
Edit: Added unfiltered abbreviation to subject
Edited, Dec 12th 2007 5:23pm by Pikko
- Forums
- Final Fantasy XI
- General Discussion
- Somepg javascript exploit on the loose
Somepg javascript exploit on the looseFollow
Post removed by myself after further information discovered.
Edited, Dec 12th 2007 5:21am by MidouSan
PS. Thank you for bringing this to our attention, even if my original response was a bit heavy handed.
Edited, Dec 12th 2007 5:35am by MidouSan
Edited, Dec 12th 2007 5:21am by MidouSan
PS. Thank you for bringing this to our attention, even if my original response was a bit heavy handed.
Edited, Dec 12th 2007 5:35am by MidouSan
Thanks for the info, we really appreciate it. As to the subject at hand, does anyone know how long this has been active? Any kind of guess work or research work as to how long the trojan has been there would be helpful. I know there was a big thread here on alla not long ago about how somepage had basically shut down and thrown in the towell, most likely it happened some time after that.
4 posts
As I stated you can blow this way out of the water if you want. This was discovered around 3 a.m. and more than GMs have been attempted to be contacted. Just follow the instructions to remove the files if they are there. That's all it's about no where is there an attack against Somepage. Most of the conversation and real action has been through IRC. Again this is just to be safe.
Quote:
As I stated you can blow this way out of the water if you want. This was discovered around 3 a.m. and more than GMs have been attempted to be contacted. Just follow the instructions to remove the files if they are there. That's all it's about no where is there an attack against Somepage. Most of the conversation and real action has been through IRC. Again this is just to be safe.
Once again, have you contacted the administration of somepage, because frankly theres not much FFXI gm's can do about this issue unless there happens to be the slight chance that a GM is also a moderator of Somepage.
Also.
http://img502.imageshack.us/img502/6550/tajronmememe7.jpg
http://img502.imageshack.us/img502/6550/tajronmememe7.jpg
MidouSan wrote:
Quote:
As I stated you can blow this way out of the water if you want. This was discovered around 3 a.m. and more than GMs have been attempted to be contacted. Just follow the instructions to remove the files if they are there. That's all it's about no where is there an attack against Somepage. Most of the conversation and real action has been through IRC. Again this is just to be safe.
Once again, have you contacted the administration of somepage, because frankly theres not much FFXI gm's can do about this issue unless there happens to be the slight chance that a GM is also a moderator of Somepage.
From what I hear they have been awall for awhile and unreachable. Don't hold me to this though, but it stands to reason since the site has also been down for no reason at all for awhile, just sort of abandoned.
That's not irony, it's mereley coincidental. 
Yeah, thats why it was said by me and my sister to try and avoid using that Firefox add-on that gives you a toolbar that links to FFXI-Atlas, WS/crafting calculator, somepage database info and so on.
SeriousBusiness wrote:
MidouSan wrote:
Quote:
As I stated you can blow this way out of the water if you want. This was discovered around 3 a.m. and more than GMs have been attempted to be contacted. Just follow the instructions to remove the files if they are there. That's all it's about no where is there an attack against Somepage. Most of the conversation and real action has been through IRC. Again this is just to be safe.
Once again, have you contacted the administration of somepage, because frankly theres not much FFXI gm's can do about this issue unless there happens to be the slight chance that a GM is also a moderator of Somepage.
From what I hear they have been awall for awhile and unreachable. Don't hold me to this though, but it stands to reason since the site has also been down for no reason at all for awhile, just sort of abandoned.
Alright then, now THAT makes this a major concern if it is true. A page frequented by many people of an online game, of which the Moderators have left lying there..Yeah that's like leaving a fort with the guns Offline. If what you say is true then Somepage has most likely been the target of an attack by hacker(s)
Im going to fireup my Junker laptop and take a look at somepage.
Edited, Dec 12th 2007 6:42am by MidouSan
We told you not to push it!
Now internet kitten is mad at you!
Edited, Dec 12th 2007 5:25am by ZelgadisXI
for your information, inside the hacked players thread on BG one of the admins of FFXIAH actually found the code that was imbedded inside the main pages source. I believe it was at the end of page 10
*edit* http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&start=270
Added link to the BG thread
Edited, Dec 12th 2007 5:28am by EzKill
*edit* http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&start=270
Added link to the BG thread
Edited, Dec 12th 2007 5:28am by EzKill
Retired March 2010
[ffxisig]116214[/ffxisig]
Linkshell: Social: ClanBEB
Dynamis: LegacyofOld
World O
Cop Complete
ZM Complete
Dynamis - Xarcabard Interloper O
Dynamis - Tavnazia Interloper O
Valor 5/5 Shadow Mantle Obtained
Melee 5/5 | Saotome 5/5 Belt Obtained | Monster 5/5 | Sorcerer 5/5 | War 5/5
[ffxisig]116214[/ffxisig]
Linkshell: Social: ClanBEB
Dynamis: LegacyofOld
World O
Cop Complete
ZM Complete
Dynamis - Xarcabard Interloper O
Dynamis - Tavnazia Interloper O
Valor 5/5 Shadow Mantle Obtained
Melee 5/5 | Saotome 5/5 Belt Obtained | Monster 5/5 | Sorcerer 5/5 | War 5/5
Their host, theplanet.com should know about this. The page is still up with the iframe intact.
EzKill, Goblin in Disguise wrote:
for your information, inside the hacked players thread on BG one of the admins of FFXIAH actually found the code that was imbedded inside the main pages source. I believe it was at the end of page 10
*edit* http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&start=270
Added link to the BG thread
Edited, Dec 12th 2007 5:28am by EzKill
*edit* http://www.bluegartrls.com/forum/viewtopic.php?f=2&t=27042&start=270
Added link to the BG thread
Edited, Dec 12th 2007 5:28am by EzKill
Yep, its about the 3rd last post, and THAT is definately an anomly. I see no reason for me to Go onto somepage with my Junker Laptop and do further research..Unless anyone else does.
The iframe loads a page from a domain called "www.miorsocft.com", which is owned by someone in China according to www.who.is.
Hope they take out the page asap.
Hope they take out the page asap.
lol thank god I never installed real player.....
Great....just great. Some guy posted a link to sompeage recently when trying to help someone out, and me thinking it was closed down decided to give the link a click.
So if i come back from work and my account is gone i'm going to be really ****** off.
So if i come back from work and my account is gone i'm going to be really ****** off.
RoverBST wrote:
lol thank god I never installed real player.....
Same here, I will still look for those files in my PC. Just in case.
Edited: I am clean, no Rsbo.exe, none of the other files found either.
Edited, Dec 12th 2007 8:14am by OmegaVegito
Rate this guy up by the way. Everyone needs to see this...
The RP buffer overflow exploit dates back to October and a patch released to fix it. If you have RP 10 installed check this link for the patch : http://secunia.com/advisories/27248/ See "Solution" halfway down the page.
It's getting to the point where you cannot safely visit any FFXI based websites, probably including Alla unless you take steps to block all ADs with firefox and adblock.
Quote:
It's getting to the point where you cannot safely visit any FFXI based websites, probably including Alla unless you take steps to block all ADs with firefox and adblock
The exploit isn't associated with any advertisements. It appears that somepage was hacked and a replacement default web page got set to one that contained the iFrame. The iframe points to another website domain that houses the javascript code for exploiting Real Player.
I've already sent some emails to administrative contacts that I've located for Somepage in an attempt for them to correct it. We'll have to see what happens.
If it doesn't get fixed soon, people will have to either remove real player or patch it if they want to use that particular site.
Perhaps this finally gives incentive to remove that piece of bloat that is Real Player!
Every cloud has a silver lining...
Every cloud has a silver lining...
Quote:
The exploit isn't associated with any advertisements.
There was also information of similar things embedded in FFXIAH and a few other sites adverts.
Unholyllama wrote:
If it doesn't get fixed soon, people will have to either remove real player or patch it if they want to use that particular site.
Or just use Firefox/Opera, as the exploit is in the ActiveX plugin.
Glad I don't use realplayer.
Or IE7 at home.
And I haven't looked at Somepage's front page in months.
Or IE7 at home.
And I haven't looked at Somepage's front page in months.
Recent Visitors: 376
All times are in CST
Anonymous Guests (376)
- Forums
- Final Fantasy XI
- General Discussion
- Somepg javascript exploit on the loose
© 2024 Fanbyte LLC