"Phishing" Security Report

[A L 217]

I wouldn't assume there is no danger. IPboard (the maker of the forum software) was in the news recently because an attacker hoped to push a botnet trojan via a vulnerability, but was blocked by security researchers alerting the forum makers of his intentions. That said, if you protect yourself by blocking flash and javascript, you are probably alright.

 

My computer has been telling me to update those things since forever, disabling them is no problem. (^^)b

[EthanHunter 7]

It's seems to have gone now.

Btw something related to this matter, a few months ago if I simply searched on google something like "detective conan file xxx discussion" and say the link for the certain file's discussion topic of this site shows up, if I clicked on it I would be redirected to a weird website with like a pornographic image, the I would have to click back to get to the google search results page and then when I clicked the link again it would be fine. After that I simply started searching "detective conan episodes" and then I would click on the link to this site's anime list(which never had any problem for me) and then click on forums to come here. Fortunately I was not hit by any virus or anything from that.

[Metantei Kiddo 147]

It's seems to have gone now.

It might recur again. We don't know for sure.

[Ryo 73]

Starting working again for me today 

Edited May 14, 2016 by Ryo

[EthanHunter 7]

It's back again :/ Seems like it's a new permanent feature of this site then

[Maurice 274]

Don't worry, I've been working on adding an extra layer of protection (firewall + more). What you see right now could be normal for the next few days. It will hopefully get solved soon!

[Chekhov MacGuffin 1089]

The new Sucuri firewaall seems to be a bit hyperactive on the wiki. It's mistaking my edits for an SQL injection. My edit that triggered it was this:

 

== ConanLoverA's family page ==

I undid your edits to User:ConanLoverA's families page. The reason why is because those pages are User:ConanLoverA's personal pages which are in his subspace. They are not general wiki pages. If you look at the url for those two pages, you can see they subdirectories of his username page. Personal space pages are not free for anyone to edit unless the owner gives permission. This is to let people keep personal projects, theories, and references as they want without interference from others. If you want to edit ConanLoverA's project, please go to the history tab, select the last revision made by you, copy the page source, and paste a copy in your own subspace. That new copy then becomes all yours to edit. [[user:Chekhov MacGuffin|'''<font color=#B22222">Chekhov</font> <font color="#2F4F4F">MacGuffin</font>'']] ^{[[user talk:Chekhov MacGuffin|'''<font color=#696969">talk</font>'']]} 01:32, 25 May 2016 (CEST)

Where? --Arringtastic1992 01:35, 25 May 2016 (CEST)

:To make a subpage, select your username. Then go to the url bar, add a slash /, and then the name of the subpage you want to create. Go to that blank page and edit it. For instance, [[user:Arringtastic1992/Example]] makes a page in your subspace called "Example". ~~~~

 

Incidentally, I think the edit summary might have been the trigger. The original edit summary was this: /* ConanLoverA's family page */ How to make a user subspace page. By removing both the opening /* and the closing */ I was able to edit the page. It seems that the presence of /*  Example */ causes the problem. Removing either the opening or the closing markers (or both) allows the edit through. It doesn't seem to trigger on all pages though. I tried editing a section on a mainspace page and my userpage without it throwing an error.

 

[Maurice 274]

I've whitelisted the wiki since the wiki software would catch SQL injections anyway (it's true that /* */ could be used for SQL injections but if the software is well coded, it shouldn't cause issues anyway).

 

Let me know if there are other issues with the wiki.

Thanks for the report.

[Metantei Kiddo 147]

I think I've found the reason why the Phishing thingy happened:

https://blog.sucuri.net/2015/02/analyzing-malicious-redirects-in-the-ip-board-cms.html

 I tried going to DCW through google and it redirected me to that URL4SHORT site thing and then when I tried doing it again, it didn't redirect me anymore. Same thing as what the article said.

It's gone now btw since the DCW forum software was updated. It fixed the problem.

[arrimasarrington1992 2]

Can somebody please unlock my account?