Site hacked?

[Murmandamus]

Just FYI, I would suggest to everyone to blackhole the kokosina.in domain if you continue using this forum until it is fixed. (add the following line to your hosts file in the C:\windows\system32\drivers\etc directory:

127.0.0.1 kokosina.in

Note that this doesn't make browsing the site more secure, it just addresses the current hack. They can change it at any time to point somewhere else. You continue using the forum at your own risk.

[Legolas]

That, or use Firefox ad NoScript extension

[Murmandamus]

Yep. That will work, too, for those who use FireFox, anyway.

[WILL]

I'm looking into the fix now. If all goes well it'll be back up and working at least by tomorrow.

[WILL]

Well that wasn't so bad. And it looks like they made a few improvements in the upgrade from 4.1.3 to 4.1.9. Also I've gone and added reCAPTCHA to the registration system to help prevent bots from spamming us so much. I really do hope that helps.

Anyhow enjoy your attack-free site!

BTW if I missed something (refresh the site cache to make sure!!!) please let me know. I know this sucks for Windows users as you get all kinds of crap sent to attack your systems and do nasty things to it so I will be looking closely at this over the next few days or so. Also I've asked AthenaOfDelphi to add the attacking script to be blocked via htaccess as well just to be sure.

[code_glitch]

You guys - I hate to re-mention this but you could just move over to linux it might not be entirely net attack proof but at least you can rest easy knowing that no virus or windows virus based attacks would work. Combine that with firefox and noscript as well as noflash and adblock and your pretty much golden.

[LP]

You guys - I hate to re-mention this but you could just move over to linux

You can also downgrade your Windows to version 3.1, where no modern virus will work or even better, shut down your computer entirely, after which you won't be vulnerable to any kind of computer attacks.

Seriously though, this is why for Afterwarp site we have moved away from vBulletin, for more than a year they did nothing to fight spam (PGD uses same techniques we've been using in vBulletin 3 for years), made their prices ridiculously high and even though you own permanent license they constantly nag you to renew, sometimes with death letters. Now this vulnerability has shown that vBulletin is poorly designed so that it technically allows these type of hacks. I would never use vBulletin again.

[code_glitch]

The irony behind vBulletin:

Server running free software, for the free and open source community running on free and open standards on PHP, the technology powering the freedom of the modern web...

[Murmandamus]

Thanks, Will, I appreciate it very much.

As for switching to Linux.. I would if they could ever decide on a desktop UI standard that actually didn't suck. Same with a Windows environment where I could still run the 90%+ of software that I need for work. Also if they could get more hardware manufacturers to write drivers for most of the hardware I use, rather than not being able to use it.

Don't get me wrong, I use and support Linux on my webservers to do the heavy-lifting on the 'net, but the day-to-day user experience just sucks sweaty donkey balls. It IS a lot better than it was, and it is getting better over time, but it's still not there to the point I need it to be in order to switch.