Results 1 to 30 of 41
-
2013-06-10, 09:26 AM (ISO 8601)
- Join Date
- Mar 2013
Is OOTS website security compromised?
Hi OOTS,
Erm, last week I visited your website (and Erfworld) and got a virus. Nearly lost everything and was a nightmare to remove.
This week I got the same virus so now I know it has to be either OOTS or EW it's coming from.
I understand that not long ago the OOTS (or was it EW?) website was hacked into for a short time. It seems that whatever got in hasn't all been removed (or it invited in other stuff that hasn't been noticed).
I wish I could protect my computer but I use the library to connect to the internet (my home computer is not connected). I haven't been able to find a virus checker that works without connection to the internet. Have tried AVG, Norton and MS Security Essentials. Paying a monthly fee just to install a virus checker to protect your computer from what that same fee is paying for seems to me to be perverse. Our library's AVG license ran out a month ago and they're taking their sweet time renewing it.
Will post the same on Erfworld website.
-
2013-06-10, 09:42 AM (ISO 8601)
- Join Date
- Sep 2005
- Location
- Australia
- Gender
Re: Is OOTS website security compromised?
The earlier compromise was not very sophisticated. They were simply downloading the files from our site and uploading the modified files back. We are confident that they have all been removed.
You can read about the attack and what happened here and here. There is a list of free antivirus programs here. Every single antivirus program in the world will require you to connect to the internet to get the latest definitions. But almost all of them will work while offline with older definitions.
More than likely, wherever you got the virus from, you still had the virus from your system and have been reinfected by it.
"My Hobby: Replacing your soap with gravy" by rtg0922, Doll and Clint "Rawhide" Eastwood by Sneak
-
2013-06-10, 10:10 AM (ISO 8601)
- Join Date
- Dec 2007
- Location
- UTC -6
-
2013-06-10, 10:11 AM (ISO 8601)
- Join Date
- Mar 2013
Re: Is OOTS website security compromised?
This is not possible because I lost everything. The hard drives were formatted (including the USB stick the virus originally came in on) and Windows installed from scratch. There wasn't anything writable left for it to exist on.
I could prove to you that it is the OOTS website that is doing the infecting and also provide details of the virus name etc. Unfortunately when I got the virus today I immediately deleted it. If it happens again I will be able to prove where it came from and what it is since I know much of how it is happening.
Also, would like to point out that I am not someone who knows little about computers. I've been working with computers since before the internet existed and have a formal education and degree in Software Engineering. If I make any claim I can back it up with proof so please don't dismiss this too quickly.
-
2013-06-10, 10:12 AM (ISO 8601)
- Join Date
- Dec 2007
- Location
- UTC -6
Re: Is OOTS website security compromised?
My anti-virus hasn't sent out any alerts, and I trust Rawhide...
-
2013-06-10, 10:15 AM (ISO 8601)
- Join Date
- Mar 2013
-
2013-06-10, 10:17 AM (ISO 8601)
- Join Date
- Jan 2012
Re: Is OOTS website security compromised?
Wait...You're using an unprotected *public* computer?
-
2013-06-10, 10:21 AM (ISO 8601)
- Join Date
- Aug 2005
- Location
- Mountain View, CA
- Gender
Re: Is OOTS website security compromised?
If OotS really were the source of this virus, I'd expect several people to have chimed in with "I got it too" by now. No one has, so it's probably from somewhere else.
Edit: Wait, it's only been an hour. Ok, so maybe it's too early to judge on that basis, but still.Last edited by Douglas; 2013-06-10 at 10:22 AM.
Like 4X (aka Civilization-like) gaming? Know programming? Interested in game development? Take a look.
Avatar by Ceika.
Archives:
SpoilerSaberhagen's Twelve Swords, some homebrew artifacts for 3.5 (please comment)
Isstinen Tonche for ECL 74 playtesting.
Team Solars: Powergaming beyond your wildest imagining, without infinite loops or epic. Yes, the DM asked for it.
Arcane Swordsage: Making it actually work (homebrew)
-
2013-06-10, 10:29 AM (ISO 8601)
- Join Date
- Sep 2005
- Location
- Australia
- Gender
Re: Is OOTS website security compromised?
This here shows immediately that your computer did not get the virus from this site or any other. Your computer was infected by the USB stick. Trace that USB stick to where it has been used and trace any other devices you have connected elsewhere.
Also, can you please clarify this?
Was absolutely everything 100% deleted, formatted, and wiped, or did even one single file from the old system make it back to the new?
"My Hobby: Replacing your soap with gravy" by rtg0922, Doll and Clint "Rawhide" Eastwood by Sneak
-
2013-06-10, 11:29 AM (ISO 8601)
- Join Date
- May 2012
- Location
- Aldain
- Gender
Re: Is OOTS website security compromised?
Scientific Name: Wombous apocolypticus | Diet: Apocolypse Pie | Cuddly: Yes
World Building Projects:
Magic: The Stuff of Sentience | Fate: The Fabric of Physics | Luck: The Basis of Biology
Order of the Stick Projects:
Annotation of the Comic | Magic Compendium of the Comic | Transcription of the Comic
Dad-a-chum? Dum-a-chum? Ded-a-chek? Did-a-chick?
Extended Signature | My DeviantArt | Majora's Mask Point Race
(you can't take the sky from me)
-
2013-06-10, 12:06 PM (ISO 8601)
- Join Date
- Jul 2012
Re: Is OOTS website security compromised?
Yeah, Alowe, are you saying that you visited OOTS on a library computer, then transferred files to your home computer using the USB, and then got a virus on your home computer?
The virus is on the Library computer then, not OOTs. It's infecting the USB drive just by putting it in the computer, not by visiting OOTS.
-
2013-06-10, 12:29 PM (ISO 8601)
- Join Date
- Mar 2007
- Location
- Lancaster, UK
Re: Is OOTS website security compromised?
I'm trying to piece together your actual account of the events. Is this right?
1. You accessed the OotS and Erfworld sites on an unprotected/badly protected public computer while using a USB stick with it.
2. You used this stick on an unconnected home computer which doesn't have antivirus because despite your decades of experience and education you don't know how to install it without an internet connection.
3. The virus corrupted enough stuff that you had to reformat the hard drive and USB stick.
4. You used the same USB stick at the same library a week later- that computer was apparently unaffected by the virus despite having no antivirus software.
5. You got the virus again and concluded it was OotS's fault.
I get the feeling I'm misinterpreting stuff here since this sounds wrong- please correct me if I am.
-
2013-06-10, 05:08 PM (ISO 8601)
- Join Date
- Sep 2012
- Gender
-
2013-06-12, 11:29 AM (ISO 8601)
- Join Date
- Mar 2013
Re: Is OOTS website security compromised?
Hi, I'm still here - haven't forgotten.
I've only got 15 minutes so will come back with specific answers to the questions above.
I realised I was making an assumption that the virus was coming from the internet. As such I've had to make a complaint to the council (the only way they communicate) to ask if it's guarantied that their network isn't infected.
I only use the USB stick on the library computer. I have traced back the source of the virus and the only common actions I took on both occasions were visiting OOTS and EW. I've discounted visiting google, gmail, Microsoft and Major Geek cause either they're too big and we would have heard about it or I didn't visit them both times.
I did format everything except for a partition that had data files on it. But I managed to do a full scan of that drive before and after. Only executables were infected and these had all been deleted anyway. By data I mean family photos, letters etc. Personal stuff I'm not willing to delete and couldn't be infected anyway. This drive was not the source anyway - I've been using it for about 5 years without any problems. The only executables on it were programs I'd written which are now all gone, but the infection happened again.
Yes they are public computers that have no protection, but as far as I can see Windows is dumped to the terminal every time you log on, meaning that even if your session was infected it shouldn't infect anyone else’s. The security is quite tight (apart from lack of virus checking).
I've managed to find a virus checker that's up-to-date and doesn't require the internet. MS Security Essentials - their definitions page is here:
https://www.microsoft.com/security/p...tions/adl.aspx
So it is now possible for me to protect my computer - I hope. The reason why maybe not many people may have reported it is because if they have virus protection installed it shouldn't happen. Since this is easy to have for anyone directly connected to the internet I can understand why a virus wouldn't flag up even if it was there. I'm not convinced it's OOTS or EW cause Edinburgh Council are being so evasive about the whole thing.
-
2013-06-12, 11:38 PM (ISO 8601)
- Join Date
- Jun 2008
Re: Is OOTS website security compromised?
Just popping in here to say that there are a lot of ways for a computer to become infected beyond simply visiting a website. If you have no security software no a computer, especially no firewall, you can receive an infection just by being on and connected.
Viruses can be in more than just .exe files. If you want to save some files currently on your computer, then I would recommend getting a clean USB stick and putting those files onto it, then running a full format with your entire hard drive. It is most likely that the current infection is simply the previous infection, and was not remove with your partial format.
After that, install and update your security software. Then run a scan on that USB stick, to ensure your files are clean. I would also recommend against putting any device connected to your public library to your computer until you are 100% sure your computer is secure and not infected.
Microsoft Security Essentials requires you to connect to the internet to get the most recent updates. That is a fact. The only way you're going to get MS Essentials onto your computer is to install it with a purchased CD (which is not going to be up to date) or to download it from another computer and transfer it, such as my USB stick (which has the same problems you've been seeing).
I don't know where you got the idea that MS Security Essentials doesn't require updates from the internet; the webpage you linked includes a link to download necessary updates over the internet.SpoilerThank you to zimmerwald1915 for the Gustave avatar.
The full set is here.
Air Raccoon avatar provided by Ceika
from the Request an OotS Style Avatar thread
A big thanks to PrinceAquilaDei for the gryphon avatar!
original image
-
2013-06-13, 12:56 AM (ISO 8601)
- Join Date
- Oct 2007
- Location
- Stuck here
- Gender
Re: Is OOTS website security compromised?
This doesn't work this way. Our local library's computers do a hard reset every time a patron logs off, but every time I've installed MalwareBytes on them to chek when I was downloading something (<also free, HIGHGLY reccomended, a perfect compliment to MSSE) it would always come up with the same five keylogger-trojan-things on the hard drive (since the reset made them come back after every time I had MBAM quarantine them when I used it).
Inner CircleHomebrewSpoiler
Werewolf GamesAshna and Brendan dolls by RecaidenSpoilerGames Won: 5
BR by Dr. Bath
BR's Bag o' Nuts · The Russkijs · Bushrangers explained
Condiments · Pianos · Tumbleweeds · Drow Bloodline · Half-Drow Noble · Lacy Items
-
2013-06-13, 06:29 AM (ISO 8601)
- Join Date
- Mar 2007
- Location
- avatar by Ashen Lilies
- Gender
Re: Is OOTS website security compromised?
Virus scanners notify the user when a virus tries to get through, even when it's successful in preventing it. The most likely source of your infection is that other people have gone to dodgy sites on the library computer, infected the library computer, then the library computer infected your usb drive, and your usb drive infected your home computer. Just because your usb drive has been clean for 5 years doesn't mean it can't get infected now.
My avatar! Isn't it just utterly diabolical? Ashen Lilies made it!
"Money cannot buy health, but I'd settle for a diamond-studded wheelchair."
― Dorothy Parker
Spoiler: Interested in Nexus FFRP? Newcomers welcome!
-
2013-06-13, 12:32 PM (ISO 8601)
- Join Date
- Jul 2012
Re: Is OOTS website security compromised?
There is no protection on the computer. That is bad. You do not have to actively run a file for a virus to infect the USB stick, and then infect your home PC. Please read up on how trojans and rootkits work. They also do not have to be on your profile. They can be in the Windows system files. Dumping to terminal every time you log in does not help if the main Windows system is comprimised, which it most likely is.
The sites you went to have nothing to do with where the virus came from. The virus most likely exists on the Windows server at the library. Someone could have gotten it while browsing porn a year ago, and it just keeps being reloaded every time.
-
2013-06-14, 07:19 AM (ISO 8601)
- Join Date
- Jun 2011
- Gender
Re: Is OOTS website security compromised?
Dumped to the terminal? Confining infection to a single session? Not quite sure what you're saying, but I don't think those are things Windows can normally do usefully.
Mind you, if we were talking about a capability-based secure OS, or one with built-in sandboxing, then I might be able to accept it, but not bog-standard Windows.
Hmm, maybe you're indicating that they're thin clients which discard all changes to the VM image? That would prevent new infections from lingering, but wouldn't prevent sufficiently old and persistent infections (i.e., before the image was created) from staying around and causing havoc, nor would they prevent new infections from simply copying over to USB drives, which they have long been known to do.
Finally, I'd like to note that a great many file types that you would never expect to be infect-able (Word documents, WMF pictures, and lots of others) have been known to house exploit code of various sorts, so your personal files are not safe merely by virtue of not being directly executable. (My "favorite" is probably the WMF files; no one expects an image to throw viruses around.)Projects: Homebrew, Gentlemen's Agreement, DMPCs, Forbidden Knowledge safety, and Top Ten Worst. Also, Quotes and RACSD are good.
Anyone knows blue is for sarcas'ing in · "Take 10 SAN damage from Dark Orchid" · Use of gray may indicate nitpicking · Green is sincerity
-
2013-06-19, 11:37 AM (ISO 8601)
- Join Date
- Mar 2013
Re: Is OOTS website security compromised?
A wee update - haven't been online for a week.
The council haven't come back yet. Often complaints are ignored so that isn't unusual. Their AVG license is still not renewed.
I tried out MS Security Essentials but unfortunately after that the computer would BSOD every 5 minutes so had to uninstall it.
As far as I can tell my computer hasn't got another virus. Maybe the second infection was caused by the first one but it's hard to see how, since I either wiped everything or deleted all executables (not just .EXEs) and did multiple full virus scans. Who knows. One precaution I've been using it not to use the USB stick when visiting OOTS or EW.
erikun:
Microsoft Security Essentials does not require you to connect to the internet from the computer you wish to install it on. You can download the most recent install and virus database from the link I posted. This is unlike AVG and Norton for example. Even if you download their standalone installers they won't install and/or run without connection to the internet. MS SecEss does - but as I said above I can't use it anyway, so it's all moot to me now.
The Bushranger:
Every library's system is different.
happyturtle:
Many virus scanners do not notify you if they blocked a virus that could have been downloaded on the internet. They just block them silently. Try visiting wares sites which almost all have viruses and see if you get any warning. Alternatively find a known virus sight with google and visit it. You may not get a notification.
NerdyKris:
I know how viruses work. I used to study them at University. Did you know that the smallest TSR virus was written in Bulgaria and was only 42 bits large (yes bits, not bytes - figure out how that was done!). Coincidentally the smallest biological virus in the world is Hepatitis B which is 42 nanometers in diameter.
-
2013-06-20, 06:02 AM (ISO 8601)
- Join Date
- Mar 2007
- Location
- avatar by Ashen Lilies
- Gender
Re: Is OOTS website security compromised?
Er, I'm going to pass on that. Really. Seriously. Why would you suggest someone go to a known virus site?! "Hey, lets see if your measles vaccine is any good. Go give a sick person a big slobbery kiss!" Kids, DON'T TRY THIS AT HOME!
I already know my virus scanner will tell me if it blocks something. It's in the options, and I've seen it happen. Not often - maybe 2 or 3 times in the last five years, because I don't go to warez sites or google known virus sites.
Last edited by happyturtle; 2013-06-20 at 06:02 AM.
My avatar! Isn't it just utterly diabolical? Ashen Lilies made it!
"Money cannot buy health, but I'd settle for a diamond-studded wheelchair."
― Dorothy Parker
Spoiler: Interested in Nexus FFRP? Newcomers welcome!
-
2013-06-20, 07:06 AM (ISO 8601)
- Join Date
- Jan 2010
- Location
- East Midlands, UK
- Gender
Re: Is OOTS website security compromised?
I absolutely agree with what Happyturtle said. All the antiviruses I have ever had notify you when they block an infection. Because at the very least you should know that the site you are trying to access is not safe.
Also, when gitp server was compromised, we had dozens of people reporting it in a matter of minutes. Given the volume of traffic this site sees, I am sure other people would have reported it by now.
"Tales and dreams are the shadow-truths that will endure when mere facts are dust and ashes, and forgot" - N.Gaiman, The Sandman
-
2013-06-20, 05:23 PM (ISO 8601)
- Join Date
- Mar 2009
Re: Is OOTS website security compromised?
What is a wares/warez site?
-
2013-06-20, 05:46 PM (ISO 8601)
- Join Date
- Dec 2011
Re: Is OOTS website security compromised?
SecEss doesn't install is probably a clue, although I wonder if OS is updated? Something like XP SP1 isn't going to cut it these days.
Reinfection can be from practically anything, depending on the sophistication of whatever you were hit with. Everything is suspect, you're not safe until you've reinstalled all device BIOS (just a wget command needed), nuked all media and checked everything you put back onto a fully updated OS (if you know someone in IT, they can get you an OS image that's up to date).
-
2013-06-20, 07:37 PM (ISO 8601)
- Join Date
- Oct 2007
- Location
- Stuck here
- Gender
Re: Is OOTS website security compromised?
Inner CircleHomebrewSpoiler
Werewolf GamesAshna and Brendan dolls by RecaidenSpoilerGames Won: 5
BR by Dr. Bath
BR's Bag o' Nuts · The Russkijs · Bushrangers explained
Condiments · Pianos · Tumbleweeds · Drow Bloodline · Half-Drow Noble · Lacy Items
-
2013-06-20, 09:42 PM (ISO 8601)
- Join Date
- Aug 2009
Re: Is OOTS website security compromised?
-
2013-06-21, 03:44 AM (ISO 8601)
- Join Date
- Jul 2009
- Location
- Finland
- Gender
Re: Is OOTS website security compromised?
-
2013-06-21, 11:37 AM (ISO 8601)
- Join Date
- Feb 2005
- Gender
Re: Is OOTS website security compromised?
NOW COMPLETE: Let's Play Starcraft II Trilogy:
Hell, It's About Time: Wings of Liberty
Does This Mutation Make Me Look Fat: Heart of the Swarm
My Life For Aiur? I Barely Know 'Er: Legacy of the Void
-
2013-06-21, 12:45 PM (ISO 8601)
- Join Date
- Aug 2009
Re: Is OOTS website security compromised?
-
2013-06-22, 07:23 PM (ISO 8601)
- Join Date
- Jul 2007
- Location
- TGaPT
Re: Is OOTS website security compromised?
Spelled in hacker l33t slang, 'software' is shortened to 'warez'. Since they think programs with DRM are unusable any software dumped there is usually DRM-free, that or another way.
Also, yeah, most of such sites are traps for unwary, naive people wanting free meal.
Pardon me, but aren't NIS regularly first in rankings of the worst programs, due to weak detection and system resources hogging? I think even most free programs are better in rankings, just saying. It notifies you loudly to justify its price, is all, IMHO.Come one, come all! GitP MLP Steam Group is open!
Current location of the last MLP Thread OP, too.
Want to ask me something? Use MAIL or message me on Steam!
"Well, the Great and Powerful Trixie can't actually transport you to Equestria... But!
The Great and Powerful Trixie can beat you over the head until you think that's what happened!"