Server Help

SOS no remember password · Guest Offline

I'm using Avast! AV.

It did actually download some WMF file to my computer and try to open it in the Windows image viewer, so it seems unlikely to be just some random weird packet.

Therefore, it must be something else random and weird

I didn't have the clarity of mind to keep the file, unfortunately...

Mine GO BOOM · Posted: Tue May 23, 2006 11:39 am *Post maybe stupid* Post subject:

You know the forums have the ability to send you a new password for your account? Anyways, doing a bit of research, and there is no exploits out there that only effect apache to inject WMF exploits. The only ones that do that are the image files themselves, which as I've mentioned, I've done multiple scans of with different antivirus programs. Without another insight, such as the exact time/date of when these occur so I can go over apache's logs, I cannot do anything more.

Still SOS · Guest Offline

Yea, I know, but I'm lazying off atm, so who cares about the password

Time of visiting wiki (http://wiki.minegoboom.com/index.php/MERVBot_Tutorial#Setting_up_a_MERVBot_.28plugin.29) and getting this stuff: around 2:34 am (EST) on the 22nd

Mine GO BOOM · Posted: Tue May 23, 2006 10:39 pm *Post maybe stupid* Post subject:

The only thing I can think of for the Wiki would be fixalpha function in an IE-only javascript. But this is common for all of MediaWiki.

SpecShip · Posted: Wed May 24, 2006 6:42 am *Post maybe stupid* Post subject:

Seeing as how I'm not getting any WMF errors or forced downloads and that I'm having IE set to disable all java, active scripts and etc. I therefore must conclude that it's either that you people are using a different browser and/or its security settings are such that allows it to be exploited by whatever.

Bad end-lusers make the wormhole carrosel go 'round 'n 'round.
_________________
Replacing yazour untill the whore returns.

"I could run a ss server on my car stereo!" -Xalimar
"Liberta tuit ma ex infernis" -Event Horizon
"I know too much about nothing." - Mine GO BOOM
"Hmm anyway, back to my kingdom hearts." - Chambahs

Hookerella79 · Guest Offline

Use Firefox and download the NoScript plugin. You can make it block scripts and unblock them if you want to for certian sites, or globally. Also download IE Tab. Very useful for playing some flash games.

SpecShip · Posted: Wed May 24, 2006 4:59 pm *Post maybe stupid* Post subject:

xsp0rtsfanx · Posted: Wed May 24, 2006 6:15 pm *Post maybe stupid* Post subject:

firefox is more convenient and better than IE :/.

SOS here · Guest Offline

Wow, thanks for 4 totally useless responses, four random unhelpful people

Anyway, I've got it!

The file is expl1.wmf which is downloaded from stats4all.(something)!

Solo Ace · Posted: Thu May 25, 2006 4:58 pm *Post maybe stupid* Post subject:

From stats4all.cc, I've seen it happen too on these forums.
But it only happened when I didn't have a packetlogger running.
I couldn't find anything in the document's source either.

I got some error like "Couldn't open file://abcabcabc...".

SpecShip · Posted: Thu May 25, 2006 6:38 pm *Post maybe stupid* Post subject:

Wow Murphy, he called you a random unhelpful person.

Anyway, this file is no where to exist in my system, so I'll say again, either your browser sux or that you don't know how to correctly set its security features to avoid being exploited.

Solo Ace · Posted: Fri May 26, 2006 2:22 am *Post maybe stupid* Post subject:

It doesn't really happen anymore, and when it did it was just in like 1 of 20 visits.

I'm sure I patched my windows and got rid of the WMF exploit before this all happened.

Heh, SOS, a year ago you told me you kept your Windows up-to-date, why do you have these problems?

You can't update anymore because you didn't pay for your copy of Windows?

SpecShip* · Guest Offline

Yeah can be that too.
Like I said above: Bad end-lusers make the wormhole carrosel go 'round 'n 'round.

SOS l · Guest Offline

And bad tech advice makes lusers get even more confused. Stop with this "ooo, it's your own fault" crap. Geez, is this forum even moderated by any competent staff? If something is affecting people with a malicious exploit then it is fucking not the person's own fault no matter what software he uses!

Anyway, I am pissed. I'm glad you unhelpful meaningless people do not visit SSForum or I would have to delete most of your posts thus causing me lots more work.

Anyway, I hope you get rid of this weirdly behaving stats4all thing, MGB.

Mine GO BOOM · Posted: Fri May 26, 2006 12:08 pm *Post maybe stupid* Post subject:

SOS zx · Guest Offline

Trash talk is for trash, hmm? Okey, whatever floats your boat

I've never seen the need for one but it is a popular trend...

Hey, why'd you stick my post in the trash!

Hmm, so the host itself is doing the stats4all thing? Hrm... I wonder what a packet logger would find.

SpecShip · Posted: Fri May 26, 2006 4:28 pm *Post maybe stupid* Post subject:

Please force his login so that I can return him to the ignore.

Solo Ace · Posted: Sat May 27, 2006 2:52 am *Post maybe stupid* Post subject:

I wanted to use a packet logger actually, and I think I'll start logging it from now on.
(Too bad I can't just give tcpdump a filter to log it really).

I got the error I usually get again, when I loaded the page a few minutes ago:

I'll let my router tcpdump some packetlog and check it with ethereal when it happens again.