1
Forum Settings
       
Reply To Thread

FFXIAH WarningFollow

#1 Jan 23 2008 at 4:54 AM Rating: Decent
***
2,374 posts
Be careful when you visit ffxiah.com. I was just there and the window went small and something popped up saying "The Cleanator can help you delete unneeded cookies from your harddrive and blah blah blah."

I selected cancel, but it still went to a different screen, so I Alt + F4'd immediately.

Just an fyi.

Not sure if it's something to worry about, but with all the crap happening lately, nothx
#2 Jan 23 2008 at 4:59 AM Rating: Decent
Avatar
******
23,925 posts
Firefox + NoScript = Safe fun browsing!


____________________________
Rochefort Dean ~ FFXIV ARR ~ Ultros ~ DoH all @ 50
Soracloud ~ FFXI ~ RIP

Beer Advocate

Friar Tuck wrote:
This is grain, which any fool can eat, but for which the Lord intended a more divine means of consumption. Let us give praise to our maker and glory to his bounty by learning about... BEER.

#3 Jan 23 2008 at 5:00 AM Rating: Decent
***
2,374 posts
Meh, I'm at work, so not harming my gaming experience.

Posted just in case others aren't aware.
#4 Jan 23 2008 at 5:21 AM Rating: Good
****
5,431 posts

Maybe I'm missing something... but that sounds like a basic pop-up ad (complete with fake ok and cancel buttons to help you click in it :P).
Was it something different... ? XD

Either way, yah... popup blockers are the way to go, I think. So is Firefox.
:D
#5 Jan 23 2008 at 5:22 AM Rating: Good
**
545 posts
It was probably one of those ads that no matter where you click, it takes you to their site. They put the options of "OK" and "CANCEL" as buttons showing there, but it's really an image and the whole thing is a link. Things like that I see a lot, trying to trick you into thinking it's a windows message but it's just an ad image. I just do right click and close from the task bar to avoid clicking anywhere.
#6 Jan 23 2008 at 5:23 AM Rating: Good
*
117 posts
It's better to use the "close box" in the upper right hand corner. They can map whatever function they want to the "cancel" button.
#7 Jan 23 2008 at 5:26 AM Rating: Decent
***
2,374 posts
But, the window to ffxiah was sort of minimized into a small box on the lower right corner of my screen, and when I clicked "Cancel", the button actually depressed. It it's one of those ads, the button doesn't normally move. I didn't stick around long enough to see anything else, though.
#8 Jan 23 2008 at 5:48 AM Rating: Decent
****
6,424 posts
Radell wrote:
It's better to use the "close box" in the upper right hand corner. They can map whatever function they want to the "cancel" button.


Doesn't matter. It's a modal window, and the page hidden behind the window is waiting until you close it.

ShowModal(); // <- ignore result of window being mrOk, mrCancel or mrClose
LoadScareWareHomepage();

instead of

if (ShowModal() == mrOk) then
LoadScareWareHomepage();
else
ReturnToOriginalWebsite();


Only good way to block scareware is to use FireFox + AdBlock, and block the adservers hosting them. Like these:
*.tribalfusion.com
ads.zam.com

I have no problem with sds, but I will not tolerate ad servers that host scareware. Any that dare feed me that junk gets added to my banlist.
#9 Jan 23 2008 at 7:22 AM Rating: Decent
Scholar
****
6,631 posts
Quote:
Firefox + NoScript = Safe fun browsing!


I do wish more people use Firefox. I have been using it since it is first released. It is just as easy to use as IE. It is Open Source, so you can in principle look at the source code that it is not out there to trick you.

I personally not so much an issue Microsoft making money -- still need free market economy, and we are not living in USSR :P. But I really believe Open Source is a very noble idea -- free exchange of information and honesty.

Installing NoScript is not any harder than using Windows Update too.
____________________________
Amanada (Cerberus-Retired) (aka MaiNoKen/Steven)
-- Thank you for the fun times in Vana'diel

Art for the sake of art itself is an idle sentence.
Art for the sake of truth, for the sake of what is
beautiful and good — that is the creed I seek.
- George Sand

A designer knows he has achieved perfection,
not when there is nothing left to add,
but when there is nothing left to take away.
- Antoine de Saint-Exupéry
#10 Jan 23 2008 at 7:24 AM Rating: Excellent
Living on a Prayer
******
30,114 posts
I went to ffxiah and won a free iPod and a free Xbox.
#11 Jan 23 2008 at 8:39 AM Rating: Decent
*
131 posts
Usagichan wrote:
I went to ffxiah and won a free iPod and a free Xbox.

Ohh My Gosh! You Too!?
#12 Jan 23 2008 at 9:46 AM Rating: Good
***
1,355 posts
I was lucky visitor #405,302,102. I WON!
#13 Jan 23 2008 at 10:41 AM Rating: Decent
I don't really understand how No-Script makes everything ok. I've been using it for awhile now, but most of the sites that I visit don't work unless scripts are allowed to run. And once you allow scripts to run, can't any script run?

Maybe I'm missing something here.
#14 Jan 23 2008 at 11:31 AM Rating: Good
**
633 posts
innocentwhm wrote:
I don't really understand how No-Script makes everything ok. I've been using it for awhile now, but most of the sites that I visit don't work unless scripts are allowed to run. And once you allow scripts to run, can't any script run?

Maybe I'm missing something here.

Good point except that most ads and javascript come from 3rd party servers. NoScript will show you which domains are trying to run a script. I just visited ffxiah.com and noscript is blocking fleckz.com, which is a good thing.

You're right that malicious code could come out of the site itself (if it were hacked for example) but it's not as likely.
#15 Jan 23 2008 at 11:45 AM Rating: Decent
Scholar
****
6,631 posts
Quote:
Good point except that most ads and javascript come from 3rd party servers. NoScript will show you which domains are trying to run a script. I just visited ffxiah.com and noscript is blocking fleckz.com, which is a good thing.


Just curious... I always have blocked Google-analytics since I do not really know what that is (assuming related to Google someway, but I am not 100% convinced). So what is Google-Analytics?
____________________________
Amanada (Cerberus-Retired) (aka MaiNoKen/Steven)
-- Thank you for the fun times in Vana'diel

Art for the sake of art itself is an idle sentence.
Art for the sake of truth, for the sake of what is
beautiful and good — that is the creed I seek.
- George Sand

A designer knows he has achieved perfection,
not when there is nothing left to add,
but when there is nothing left to take away.
- Antoine de Saint-Exupéry
#16 Jan 23 2008 at 12:00 PM Rating: Default
Quote:
I was lucky visitor #405,302,102. I WON!


If it wasn't funny the first time...

Quote:
So what is Google-Analytics?


Google-analytics is basically what it says, its google ads, the ad that contained the virus that compromised accounts is located at fleckz.com.

Most websites you might visit probably also have google-analytics running also.

Edited, Jan 23rd 2008 12:03pm by RippedApart
#17 Jan 23 2008 at 12:12 PM Rating: Default
SUPERantispyware and AVG is your friend, I have 0 viruses have not been hacked and I never stopped using any of the sites in question, don't use no script use IE7 and firefox... really I think you guys just fail at the internet. Or all of those hacked were targeted because of some form of cheat that they downloaded, or record on file at an RMT site for purchasing/selling gil before.
#18 Jan 23 2008 at 12:46 PM Rating: Good
***
2,552 posts
Quote:
SUPERantispyware and AVG is your friend, I have 0 viruses have not been hacked and I never stopped using any of the sites in question, don't use no script use IE7 and firefox... really I think you guys just fail at the internet. Or all of those hacked were targeted because of some form of cheat that they downloaded, or record on file at an RMT site for purchasing/selling gil before


I didnt know President Bush posted on alla....
#19 Jan 23 2008 at 12:49 PM Rating: Good
Sage
**
992 posts
Quote:
I don't really understand how No-Script makes everything ok. I've been using it for awhile now, but most of the sites that I visit don't work unless scripts are allowed to run. And once you allow scripts to run, can't any script run?

Maybe I'm missing something here.


No, any script cannot run. Any script put directly on that site will run, but cross-site scripts will not. For example, I have no-script allow FFXIAH and Alla. So Alla's scripts for bolding and underlining text when you click the buttons, they still work. However, the scripts that try to run from quantserv.com are not allowed. On all of the sites that got hacked, no-script would have protected you even if you had no-scriped set to allow scripts from those sites, because the virus was a script running from a Chinese website, and that would NOT have been on the whitelist just because it was IFramed to by something that was.

Now, if somebody directly put a malicious script onto Alla but you have no-script set to allow scripts from Alla, then yes, you would be hosed. However, that would be a very unlikely thing to happen, not just on Alla, but most anywhere.

Lets say I run my own webpage about FFXI. Now lets say it works like somepage and the "news posts" a moderator/admin on my page are allowed to post, are in straight HTML, the mod can type any HTML they want in there at all, anything. This is a BAD IDEA (tm). If somebody guessed one of the many mods password, they could go make/edit a news post and put an IFRAME right there in the post, exactly like what happened on somepage. Alla (and other sane sites) is immune to this, because the mods on the front page post just like we do (one leg at a time?), with PHPBB-like markup, not with HTML, so you can't put say, an IFRAME there, it just won't let you.

And this is what makes my hypothetical site safe if you have no-script, even if you have my site allowed. Because if a hacker steals one of my moderators' password cus he left it at the default "changeurpassword", and posts an IFRAME on my poorly coded site, it's still a script on another site. Because even if they are allowed any old HTML code, they still can't post a .RM or .SWF or ActiveX thingy or whatever file on my host directly, so it will always be a cross-site link. Now if it was a javascript virus, they probably could, but I don't think there are many JS vulnerabilities still at large, and probably not any that affect both IE and Firefox. And hopefully the boneheaded host software at least filters out script and comments that are posted with the code...but maybe not. Luckily any vulnerability in the FireFox javascript engine would be patched very promptly on discovery, next time you restart your browser (if you have autoupdates enabled anyways).

Now, if they knew who my host was and knew the FTP address or cPanel address or however it is I manage the webhost, THEN they could post whatever. They can figure out my webhost easily by a DNS reverse lookup I bet, but that wouldn't tell them my username with the host, or my (hopefully strong) password.

In other words, HTML injection isn't so devastating as SQL injection, but its still bad bad bad! Never allow the unfiltered contents of an input box to be displayed on other users' screens, unescaped (never allow unfiltered unescaped input from the user anywhere, actually). Less evil applications of HTML injection are just ending your post with </body></html> so that the page ends right at your post and nothing below is rendered! Hilarious, especially if the "edit" button for that post appears AFTER the content of the post!

For those who don't know, SQL injection is a lulzy method of attack on a poorly coded DB-driven website, wherein a field a user types in, or a URL variable your site uses to pass information to subsequent pages, is dumped DIRECTLY into an SQL query. Now, if most SQL engines see a semicolon, that's the end of the query, and the start of the next one. So if you are dumping user input directly into the SQL query you want to run, the user could put a semicolon, then any query they want. Most evilly, they could put a "drop table" query in there o.O Its a semi-popular passtime for script kiddies with nothing better to do.

It's pretty easy to avoid this vulnerability, if you are careful about it. But lots of people just don't think about it.

It goes without saying, don't try this at home kids. Trying to delete all of the content from a website is serious business, and most websites smart enough to be immune are also smart enough to log it when an attempt is made. Few people are pleased that somebody tried to delete all of their data, even if you say "Well I wasn't successful, no harm no foul, right?"

The lesson to all people who run a website is this: Anything a user types into an input box on your page, or into a URL for your page, is malicious and intended to break your website or delete your data, so the first action you take should always be to sanitize the input.
____________________________
99 PUP 99 BST
Some other jobs too
Gear You Don't Care About: [✓]

#20 Jan 23 2008 at 12:50 PM Rating: Decent
Scholar
****
6,631 posts
Quote:
I didnt know President Bush posted on alla....


Computer virusally speaking, I know our guys are working their best to deal with these things that make American PCs sick. Our guys have a tough job, you know those viruses and the computer programs have very long codes, they must be so complicated.

(Hey Cheney (it won't allow me to use D**k :P) and Colin what should I say next?)

Edited, Jan 23rd 2008 3:51pm by scchan
____________________________
Amanada (Cerberus-Retired) (aka MaiNoKen/Steven)
-- Thank you for the fun times in Vana'diel

Art for the sake of art itself is an idle sentence.
Art for the sake of truth, for the sake of what is
beautiful and good — that is the creed I seek.
- George Sand

A designer knows he has achieved perfection,
not when there is nothing left to add,
but when there is nothing left to take away.
- Antoine de Saint-Exupéry
#21 Jan 23 2008 at 12:57 PM Rating: Decent
18 posts
Running on a Macbook helps a lot. I shut down and boot up in bootcamp and only turn on playonline. Its as safe as I can be!
#22 Jan 23 2008 at 1:02 PM Rating: Good
**
633 posts
scchan wrote:
So what is Google-Analytics?

It's free web analytics from Google (not advertising as stated earlier). You add a small javascript and a unique code to each page you want tracked on your website, and google will provide analytics such as where people clicked in from, clicked out to, which are the most popular pages, how long people viewed each page, unique visitors, which pages return an error, etc, etc. I had to look into web analytics for work, and in a nutshell, it's a way to make your website more user friendly, faster, find problems, and just better all around.

There are two problems: 1 they record your IP address (which doesn't bother me at all) and 2 the google-analytics server must respond before the page loads, which once in a while times out causing a blank page (really annoying).
#23 Jan 23 2008 at 1:55 PM Rating: Default
His Excellency Soracloud wrote:
Firefox + NoScript = Safe fun browsing!




Safe, maybe. Fun, not. It's a total PIA and you pretty much allow scripts on every page anyway since the info is script driven.
Reply To Thread

Colors Smileys Quote OriginalQuote Checked Help

 

Recent Visitors: 15 All times are in CST
Anonymous Guests (15)