Sciencemadness Discussion Board - hacked - Powered by XMB 1.9.11 (Debug Mode)

hacked

joe69cool - 3-3-2007 at 01:16

they hacked the site. shame on them! They probably did it because they couldnt get their reactions to work.

BromicAcid - 3-3-2007 at 01:57

Took me a minute to figure out that anything happened. I always just visit the new posts page but the main page for sciencemadness.org has been defaced though apparently the forum is fine.

franklyn - 3-3-2007 at 08:00

Those of us with some know how or sophistication can find our
way in providing there still is one , but the other folk are going
to be rudely perplexed unless an advisory e-mail is sent out.

.

noticed last night

chemrox - 3-3-2007 at 09:33

Yeah who are these assholes anyway? Like the little skateboarders that vandalize our offices.. public caning would be perfect

bereal511 - 3-3-2007 at 09:36

How ridiculously immature. The kewls of the internet are just as rambuncuous as the kewls of real life.

YT2095 - 3-3-2007 at 10:08

Script Kiddies undoubtedly, the hacker Equiv of K3wlz to a serious Chemist!

Polverone - 3-3-2007 at 10:14

They changed the ssh/cPanel password so I can't log in. I'm unfortunately spending most of my time today on airplanes and in airports, and my laptop doesn't have the customer support password stored on it. I've asked for the password to be emailed to me but it seems to be slow in coming. This may take a bit of time to resolve.

joe69cool - 3-3-2007 at 23:53

I should probably keep my damn mouth shut, but I think I know who did it in an abstact way. I'm sure everything will be resolved soon, and they meant it as a compliment I'm sure.

guy - 4-3-2007 at 02:38

Their names don't get any kewler than that.

dennisfrancisblewettiii - 4-3-2007 at 11:08

Quote:

Originally posted by joe69cool
I should probably keep my damn mouth shut, but I think I know who did it in an abstact way. I'm sure everything will be resolved soon, and they meant it as a compliment I'm sure.

Idefense?

This stuff is annoying.

YT2095 - 4-3-2007 at 11:34

Quote:

Originally posted by joe69cool
and they meant it as a compliment I'm sure.

Huh... How does That work?????

Polverone - 7-3-2007 at 00:45

It appears that the hosting machine was not more generally compromised -- the attackers tried to use the tools they downloaded, but mine was the only account they compromised this time. Micfo (our hosting company) told me that it must have happened because I had 777 permissions set on PHP files or directories. That's not true -- I don't use 777 permissions on anything, but for $20/month I don't really expect them to do detailed post-intrusion analysis. I would guess that we were hacked using one of the thousands of holes in the security swiss-cheese that is XMB. In a move that should protect us from hacking for at least the next 6 hours, I have upgraded the board to the latest and greatest stable version of XMB. This has some side effects, like different smilies (I can restore the old ones if people really care) and the fact that U2U message preview actually works now.

It's good to be back. I hope we can stay here.

Rosco Bodine - 7-3-2007 at 01:04

Has XMB got a wrong password attempted entry counter to defeat random password sniffer / generators ?
Or have they left a few other backdoors open ?

Yeah the old smilies were better , and it seems like you
put 'em back after the last upgrade some time back because the newer ones are muddy .

12AX7 - 7-3-2007 at 01:28

SMDB is back!

Polverone - 7-3-2007 at 01:29

I don't think there is a wrong password timeout or block in place. In any case I'm sure that's not how the attackers worked, since gaining my forum password would only have allowed them to change forum settings. They had shell level access, were able to change the main index page, installed additional software, changed my shell password... I'm sure they got initial shell access through an exploit, most likely an XMB exploit since it's the only software package I've installed under this hosting account. I'm still not sure how they were able to change my shell password once they got shell access -- maybe via the same flaw, since they were obviously able to bypass my password at least once.

I really hope that it was a now-patched XMB flaw, because if it's anything else, there's nothing I can do to improve security.

YT2095 - 7-3-2007 at 01:38

Nice works and Thanks for what you`ve done already!

Rosco Bodine - 7-3-2007 at 01:40

It's really one hell of a coincidence for me that when
RS was taken down by idefense ....the topic in open discussion at the time was energetic tetrazoles .

And when MadScience went down ....the exact same
topic was under discussion ...in both cases with some useful information being brought to light , the difference being no data loss this time around , due to a CYA backup
being available .

But isn't that one hell of a coincidence that such an obscure topic would be on top in Energetics both times
when two different forums get trashed .....almost like it
was a magic tripwire or something ?

I really hate such coincidences that just don't quite seem like coincidences at all , but more like a two shot group
so well placed on target ....that it is just one neat hole .

Sauron - 7-3-2007 at 02:28

Simple enough hypothesis to test. You could go discuss energetic tetrazoles, and see if everything comes crashing down again.

Of course, everyone might be a tad upset with you for doing that, myself included.

I'm just grateful to Polverone for getting the forum back up quickly (I was braced to wait for the weekend).

Rosco Bodine - 7-3-2007 at 03:00

Somebody posted the whole echelon watchwords list
one time ....and they probably get saturated with hits
for those keywords from this forum enough to make
it an aggravation for the web watchers . But then
it's got to be like the war on drugs , cops and robbers
need each other for job security . So as they say at
the start of the olympics ....let the games begin .....
what were the rules again ?

Sauron - 7-3-2007 at 03:08

The rules are this: there are no rules, there's no size, no shape, no color, and the best you can expect is what you least expect.

-- from "The Kremlin Letter", an underappreciated 1970 John Huston film, spoken by Richard Boone.

Rosco Bodine - 7-3-2007 at 03:14

Sort of like a girl at a Hells Angels convention
worried about doing something naughty that
might offend the chaperones .

[Edited on 7-3-2007 by Rosco Bodine]

Sauron - 7-3-2007 at 03:57

Like what? They might be offended if she didn't want to pull a train. (And then maybe she'd have little choice in the matter.)

Last I heard, Sonny Barger was in the can for dealing meth, I don't even know if he's still alive, he can't be a young man at this point in time.

Rosco Bodine - 7-3-2007 at 04:21

[13] Pres , leading 600 ministers of truth and justice
to rumble along Pennsylvania Avenue ....
Now that's a parade I'd like to see , with
all the crookedass bureaucrats running
for their hidey holes and bodyguards .
Power to the People ....yeah .

And bring on the big tittied bitches too ,
call it the Anna Nicole Memorial Ride ,
complete with middle of the street ,
spread legged NECROMANCY !

Scary huh ....
that dark side of country boys downtown !

Born to be WILD :cool:

The_Davster - 7-3-2007 at 05:21

Quote:

Originally posted by Rosco Bodine
It's really one hell of a coincidence for me that when
RS was taken down by idefense ....the topic in open discussion at the time was energetic tetrazoles .

And when MadScience went down ....the exact same
topic was under discussion ...in both cases with some useful information being brought to light , the difference being no data loss this time around , due to a CYA backup
being available .

I think its more of a cooincidence, we went down in a completly different way than roguesci. But if you are right...Then we know we are geting somewhere very interesting with the tetrazoles research...perhaps explaining why there is a void of information out there in regards to them.

Thanks for the board back Polv, when you have a chance can you change back the smilies as well?

quicksilver - 7-3-2007 at 06:40

iDefense had an issue with RS that was best described as "political" in nature. I really don't think that they have that issue with this board. Seems like an exploited element of XMB.....If some jackass got a copy of XMB and set out to find a method of getting in, I'm pretty sure he could do so. The software is not designed for security, it's designed for communicating. There is no REAL emphasis on security in it's user lay-out. I'll bet some
-=L0W-K3Y C0Ck$uCk3R=- with Gr33t$ going out to other K3WL D00D$ just got a copy of XMB and worked with it for a bit....the fuck needs to get a life.

Three cheers for Polverone!

pantone159 - 7-3-2007 at 07:20

For all the work he had to do to recover from this annoying hack, so we can have our forum back.

I did notice one thing that might not be right - I had a U2U message that seemed to relate to a post of mine that had been reported to a mod - but the report was actually MADE by me, not a post of mine. That just showed up now, although the post was older. Not an issue unless it points to other problems.

Sauron - 7-3-2007 at 07:47

Is it really a settled issue as to whether this attack was specifically against SMDB? If I understoof what Polverone wrote, the hackers took down the entire host server and screwed with a lot of people's sites not just this one.

The hack replacement for the splash page certainly appeared to be a generic sort of merry-prankster hacker thing of an adolescent variety, and there was nothing to indicate any connection to any former member (like the two recognized trolls I know of) who might otherwise be prime suspects.

Polverone also indicated that the hackers showed no interest in the forum or its database. That does not sound to me like the behavior of a malicious former member out for revenge.

YT2095 - 7-3-2007 at 08:41

Quote:

Originally posted by pantone159

I did notice one thing that might not be right - I had a U2U message that seemed to relate to a post of mine that had been reported to a mod - but the report was actually MADE by me, not a post of mine. That just showed up now, although the post was older. Not an issue unless it points to other problems.

Ditto, I had 18 new U2U`s all with posts I`de reported (mostly that Spam Fest we had a week or 2 back).
but the whole U2U system looks a bit different too, so it`s probably a New system that gives you a recipt of your report, and as soon as it was implemented, they all came flooding in.

that would be My Guess anyway.

Polverone - 7-3-2007 at 09:52

Quote:

Originally posted by Sauron
Is it really a settled issue as to whether this attack was specifically against SMDB? If I understoof what Polverone wrote, the hackers took down the entire host server and screwed with a lot of people's sites not just this one.

The hack replacement for the splash page certainly appeared to be a generic sort of merry-prankster hacker thing of an adolescent variety, and there was nothing to indicate any connection to any former member (like the two recognized trolls I know of) who might otherwise be prime suspects.

Polverone also indicated that the hackers showed no interest in the forum or its database. That does not sound to me like the behavior of a malicious former member out for revenge.

Actually, I was told that this issue was confined to my site when I reported it to Micfo. I thought it might have affected multiple users since there was an incident that affected multiple Micfo users as recently as January, but the representative told me that the flaws used then have been patched and that my site was the only one affected. I hope they're right.

I imagine this site was specifically targeted, but only in the sense that someone went out looking for people running software with known holes in it and then exploited those holes.

Magpie - 7-3-2007 at 11:38

Praise be to Polverone for such dedication to bring the forum back on line as rapidly as possible!

I was thinking that if it was not back soon I would be needing psychotherapy.

Rosco Bodine - 7-3-2007 at 12:04

The old smilies are back !

Yiiippeeeeeee!!!!

The newer smilies looked sooooooo , I hate to use the
word ....Detestably Dorky

...
But these are classic beauties by comparison

much easier to live with .

The U2U window *display width* should be set to the same display width as the index page width and thread display page page width which are just perfect for easy reading and vertical scrolling . The U2U display window is a bit wide and the vertical scrolling bar is hidden on the right margin for a machine set at 800 by 600 with a right hand vertical toolbar , like is the configuration a lot of us older folks run .

Hmmm.....one of the problems with the older forum software was allowing images to be posted that were
too wide for the page and messed up the page formatting on some threads . Did the new version
have any image filtering capability for administrator option
to limit the pixel dimensions for image file attachments ?
Setting that function if it's available could block problems
ever being posted by folks who won't edit their posted
images to something sane like 600 - 650 pixels .

Sauron - 7-3-2007 at 15:44

Ah. So it was a function of the forum software being exploitable, and the content didn't matter to the hackers one iota?

That should cool off the conspiracy theorists who laid this at the door of Big Brother, supposedly spanking us for talking about tetrazoles.

Ozone - 7-3-2007 at 16:55

Good to see everyone again!

I've been watching this since the splash went up (it kind of reminded me of the old school FBR crack headers for old C64 games--albeit with better graphics).

I too am suspicious of certain recent events possibly being tied to this, but there was finally some reference made to a widespread attack presented by the "news". They did not mention this server specifically, but it looks like it coexisted with a scheduled attack made by the US agency dealing with these matters--a sort of "drill".

It makes me wonder if this was not a casualty of a drill related to cyber-warfare initiatives.

I'ts probably nothing, but the timing is a bit coincidental.

Give Polverone extreme props for getting us back on line! The level of dedication and personal involvment is mind boggling and an inspiration, in this day and age.

Glad to be back,

O3

Sauron - 7-3-2007 at 17:47

Cyber-warfare sounds like a crock to me. My old pal Chuck deCaro has been writing and lecturing on infowar for many years but never made a believer out of me. As far as I'm concerned it's a geeky extension of the Leaflets & Louspeakers Brigade (psyops) and they never amounted to anything, anywhere, anytime.

Communist China might want to have the means to do this sort of thing. They fear the Internet. The US need not fear the Internet, the US government created it in the first place. Anyway if this administration was going to hack anything they'd be hacking porn sites not forums like this, because frankly we are not a concern to anybody.

Only the troll thinks we are jihadis. And he obviously is off his rocker.

Ozone - 7-3-2007 at 17:59

That was the particular thing I speaking of, but I didn't know if mention might cause more problems. On the other topic, why is there someone now paid a *lot* to head up national cyber security in the US (they unveiled him this evening)? Apparently his agency coordinated a large internet "drill" to test security (it apparently did well).

I do not think that they took us out (if they did, it was simply collateral internet shockwave); I do not believe that they would have left the splash. I think that an agency at that level would have much more concern over content, and since content was not compromised, I assume that the attack was perpetrated by some lesser agency (unless it was decided that it would be more interesting to watch us; I think were interesting

).

Oh yes, I remember when *good* internet content was free (the good old days

).

Anyhoo, glad to see you again,

O3

Sauron - 7-3-2007 at 18:42

Obviously cyber means a lot more than the Internet. The government has legitimate security concerns over its own sensitive computer facilities and networks, generally these do not interface with the Internet at all. Someone might hack CIA's public-relations website but that won't get them inside.

Likewise, legitimate concerns exist over infrastructure and corporate/institutional networks. There, an enemy might do economic damage to us, and vice versa.

However, in the more usual sense of cyber warfare regarding the Internet, it's a joke.

The last cyber security czar at the WH level is now security chief for eBay. I think he has reached his level of incompetence, and the govt couldn't have been paying him so much if they were outbid by those idiots.

Ozone - 7-3-2007 at 18:48

Too true!

We will have to see, they were parading him about with some fanfair.

Cheers,

O3

Sauron - 7-3-2007 at 19:17

Sort of the way LBJ used to parade his surgical scar.

The WH is in damage control mode after Scooter's conviction and trying to convince the natiuon that they are Serious Officials Just Doing Their Jobs.

(It's a tenet of criminal justice that obstruction and perjury are charges that are only brought when you can't nail the target on anything substantive.)

polymer - 8-3-2007 at 12:08

Thanks Polverone

This has been the month of PHP bugs. You might want to consider installing the latest PHP update to the server.

Polverone - 8-3-2007 at 12:56

Quote:

Originally posted by polymer
Thanks Polverone

This has been the month of PHP bugs. You might want to consider installing the latest PHP update to the server.

I'm on a shared machine. I don't have control over which version of PHP is installed.

The_Davster - 9-3-2007 at 17:41

Its almost all back to normal

Nice dedication to getting it all back up Polverone!

Only 2 diiferences I see, location of hyperlinks on first page, and colour of the 'whose online' list.

(And thank you so much for changing the smilies

)

Polverone - 9-3-2007 at 17:49

The hyperlink location on the front page was deliberately changed because I realized that the text was too hard to read. The front page really needs a redesign. The changed "who's online" list comes with the XMB upgrade (actually, I don't remember it looking any different from how it does now).

Rosco Bodine - 10-3-2007 at 06:07

Quote:

Originally posted by Polverone
The hyperlink location on the front page was deliberately changed because I realized that the text was too hard to read. The front page really needs a redesign. The changed "who's online" list comes with the XMB upgrade (actually, I don't remember it looking any different from how it does now).

Yeah the font is different for the member names shown in
" who's online " .

Also I noticed in the size designation for attached files ,
the abbreviation has changed to " KiB " , from the " KB " that it used to be . Never seen the " KiB " abbreviation before , so it looked strangely kiddified immediately ,
thought it might be unnoticed residue from the hack .

http://en.wikipedia.org/wiki/Binary_prefix

Somebody , msp2 , posted that it is a new naming convention being implemented so it must have been included with the upgrade . That post then got deleted ....
hey don't worry about it ,
I have a duh moment occasionally
and keep on going

And daylight savings time is 3 weeks early arriving this year
also .

Convention changes ......don't you just love 'em

[Edited on 11-3-2007 by Rosco Bodine]

The_Davster - 12-3-2007 at 15:13

Apparently the site is not back up for all. In an off board communication with woelen he says he is getting the following error messages.

"Accessing sciencemadness is very weird. I now see that I can access it, but only with firefox. I have two PC's on different networks from which I access sciencemadness, and on both of them I simply can't get it to work again. From the new PC, with Ubuntu Linux and Firefox, it works now. So, I need to do some more homework, to get it working on Windows again. It's not a cache problem, I refreshed the site completely, but the problem persists, I obtain the following page:

Warning: main(./lang/English~.lang.php) [function.main]: failed to open stream: No such file or directory in /home/sciencem/public_html/talk/header.php on line 409

Warning: main(./lang/English~.lang.php) [function.main]: failed to open stream: No such file or directory in /home/sciencem/public_html/talk/header.php on line 409

Fatal error: main() [function.require]: Failed opening required './lang/English~.lang.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/sciencem/public_html/talk/header.php on line 409

"
EDIT: more
"I still have severe problems with sciencemadness. Whatever PC I use, I can access sciencemadness and read the forums as guest, but as soon as I login as 'woelen', I get the error page, I mailed you before. I already tried with a newly installed PC, and with my other PC's, on which the cache was cleared. Is there something wrong with the 'woelen' account on sciencemadness?

So, I can read now, but posting with the 'woelen' account still is not possible. Any idea what I can do about this?"

[Edited on 12-3-2007 by The_Davster]

Eclectic - 13-3-2007 at 03:13

Are the posting dates recoverable? There no longer seems to be any way to tell how old a thread is, or if a reply is to a question asked in the distant past...

testwoelen - 13-3-2007 at 09:49

This is woelen, with a test account. I can register with a new account, and post, but my real 'woelen' account seems to be broken. As soon as I log in, I get the error messages, posted by The Davster a few posts above.

The username/password combination is OK, but after I am logged in, the problems appear. If I login with the wrong password, then I simply get a message that I did not enter a correct username/password combination, as expected. So, the error messages only happen, when I am really logged in with the 'woelen' account.

The problem exists on Internet Explorer and Firefox (both on Linux and Windows, also on freshly installed OS), so I really think it is a server-side problem.

I really hope that I can get back my 'woelen' account again

[Edited on 13-3-2007 by testwoelen]

Polverone - 13-3-2007 at 19:38

Woelen, I am going to change your password so I can log into your account, to see if it behaves differently for me too. Do not be alarmed that the password has changed. I will email the new password to you after I have tested.

Polverone - 13-3-2007 at 19:57

Woelen, I have fixed your account. The problem was that you were using a copy of the English language file, "English~", that should not have been a language option; its availability was accidental and it was removed when I upgraded the board. I had to temporarily recreate this file, set your account to use the correct English file, then delete the bad file. The password I set on your account has been emailed to you.

woelen - 14-3-2007 at 00:19

Polverone, many thanks for your quick action. I'm really happy being able to use my own account again

.

You may remove the 'testwoelen' account.

[Edited on 14-3-07 by woelen]

JohnWW - 6-6-2007 at 15:05

It looks as though http://www.roguesci.org/theforum has been hacked again. They have now been offline for 3 days, supposedly due to "SQL problems", and promising to be back online soon.

This happened to me

franklyn - 25-6-2007 at 10:58

Read about my recent experience here _

http://forum.grisoft.cz/freeforum/read.php?4,99239,100601#ms...
http://forum.grisoft.cz/freeforum/read.php?4,99239,101548#ms...

I don't wish this on anyone except those that perpetrate such haoc.

Countermeasures you can take , see the end of this post here _
http://www.sciencemadness.org/talk/viewthread.php?tid=7144&a...
I have updated the links cited there

The above was my experience despite having a router and windows XP firewall
working together ( I have since installed ZoneAlarm which can at least warn of
uninitiated accessing of the internet by one's system ) and all the usual - Grisoft
AVG Antivirus real time resident scanner , Winpatrol and RegProtector real time
resident registry monitors , Spywareblaster browser configuration application ,
Spybot Search and Destroy , Ad-aware , Microsofts own Malicious Software
Removal utility , two rootkit scanners.
Unfortunately available anti-virus , anti-spyware , and " security " software are
as useful as a smoke detector when a jet plane crashes your building.
It may take a lot to make a grown man cry and that may well be the result if
one is the least careless online. In the present day being complacent is no longer
an option. This means Active-X, active scripting , and Java must all be disabled
by default , only enabled as needed.

http://docs.info.apple.com/article.html?artnum=305149
A heap buffer overflow exists in the handling of QuickTime (*.qt ) movie files. By
the user unknowingly accessing a maliciously-crafted *.qt file the scripted attack
triggers the overflow , which leads to arbitrary JavaScript code execution in
context of the local domain. The file need not be visible or even evident , at 20
kilobytes or less , it merely serves as an attack vector to compromise the host
system. I also experienced this after the debacle cited above.

If you use this format install the patched Quicktime player 7.1.5 or later.
Apple's Quicktime *.qt video is an older format , I do not ever recall having seen
one , *.mov is now universal. To obviate potential vulnerabilities I changed the
*.qt file association so that it opens harmlessly in notepad. In the toolbar at the
top of a window of windows explorer , click " Tools " > " File Types " tab > scroll
down to " QT " and below where it says " Opens with : " click the " Change " box
and browse for Notepad and click OK. While you're there do the same for the REG
( registry file extension ) . Should you need to merge a registry file you can always
use the right click context menu " Open With " option and select the Registry Editor
from there.

[Edited on 25-6-2007 by franklyn]

franklyn - 29-9-2007 at 06:09

W A R N I N G

I have found that his site _
http://freebooksandmagazines.blogspot.com/2007_09_01_archive...
which is posted above here _
http://www.sciencemadness.org/talk/viewthread.php?tid=7208&a...

after loading it's very substantial size , to be un-navigable. The scroll bar remains
inoperable but activates another instance of my browser which displays in Task
Manager ( this is a means of remotely gaining surreptitious control of your sytem )
all browser function freezes and it has to be terminated. All the while an unusual
amount of outgoing activity is detected by Zone Alarm. Very odd for files which
are supposedly being uploaded.
My browser and system security settings only prevent unwarranted actions from
executing. Investigating the cause discloses that 7 script files are loaded. This is
normal for a multimedia site , what is not is that 4 of these scripts are identified
as a security risk by the script scanner I use.

3 have this warning _
Can use the Eval/Execute Function to hide malicious code
The Eval and Execute Functions are pieces of code that
can be used to generate and execute code on the fly.
A malicious script could use this to hide what actions
it's going to perform.

one other has this warning _
Can execute Other Programs
This script can run other programs. This could give the
script the ability to execute potentially hazardous programs
without your knowledge.

I have had prior experience with this type of attack and it is not pretty.
This is undetected by the usual security software since it is not a virus
nor a malicious file that's installed , it is all done while you browse.
See my previous post here above ^
http://www.sciencemadness.org/talk/viewthread.php?tid=8075&a...

freebooksandmagazines is hosted by Blogspot a commercial Google site.
http://buzz.blogger.com/2007/08/blogger-and-malware.html
Blogger sites are known vectors for disseminating " drive by installs "

J U S T . B E . C A R E F U L , deactivate scripts and Java beforehand.

In fairness to http://freebooksandmagazines.blogspot.com
that page loads well and does not exhibit any suspicious behaviors. The problem
seems to be exclusive to the reference - /2007_09_01_archive.html
The chemistry section accessible from a margin link on the home page displays well.
.

[Edited on 3-10-2007 by franklyn]

Sauron - 29-9-2007 at 14:50

Why don't you post this warning in same thread as the troublesome post, and contact JohnWW and ask him to delete it?

Even if he does not agree, a moderator can elect to do so over his objections if the link is deemed to be a threat to this site and/or community - I suppose.

I tried the Chemistry section and only saw one book worth downloading.

Remarks to live by

franklyn - 2-10-2007 at 23:20

For those who believe they could not have been hacked , I have two questions :
1 ) How are you able to tell ?
2) Outline the proceedure you use to determine your conclusion.

Not experiencing an intrusion yourself does not preclude it from happening
to others if the site is co-opted moments after you left it.

How site hijacking may be done _

See what Google has to say _
http://www.google.com/support/bin/answer.py?answer=45449&...

One method that may be used to inspect a site for worthiness beforehand
is to have it audited by an online url / webpage scanner.

Online internet site scanners -
http://www.w3.org/QA/Tools
Two of the scanners listed below here _

Markup HTML validation
Click -More Options- and click [ Verbose ]
http://validator.w3.org

CSS style sheet validation
Click -More Options- and select -Warnings-[ Normal report ] , -Profile-[ No special profile ] , -Medium-[ all ]
http://jigsaw.w3.org/css-validator

Two more site scanners
http://online.drweb.com/?url=1
http://www.void.be/urlcheck.html

Please note that any proper url reviewed will within five seconds return a report.
Only something that does not correspond to accepted norms and standards cannot
be interpreted.

Using this scanner cited above _ http://jigsaw.w3.org/css-validator
to inspect this questionable site _
http://
freebooksandmagazines.blogspot.com/2007_09_01_archive.html
results in a detailed report. Type the site in yourself to view the report
from the scan itself.

Excerpts _
Value Error : cursor hand is not a cursor value : hand
This is why initially the cusor will not scroll the page , and is apparently set
to trigger another sequence of executable code opening another browser.

Warnings (1)
If quoting is omitted, any whitespace characters before and after the name
are ignored and any sequence of whitespace characters inside the name is
converted to a single space.
This is similar to the quote convention for a non Dos path to a file in windows.
This code is not seen as text.

Valid CSS Information
.blog-posts {
overflow : hidden;
}
This is the classic buffer overflow attack. Such a thing cannot take place
inadvertently because of bad coding , it must be deliberately contrived.

Unable to do any more online I used the application HTTrack Website Copier
cited here _
http://www.sciencemadness.org/talk/viewthread.php?tid=7200&a...
to download the entire website as an archive. Things just get more bizarre from
there on. Download proceeds at just under 25 KB per second , which would try
the patience of even dial up users. After 45 minutes , 3400 links and files , a total
369 MB were copied , at which point I stopped the HTTrack. The folder to which
this had supposedly been written to indicates it is only 56 MB containing just 1592
files. Inspecting the log file of the HTTrack shows the same warning repeated six
times , that the download is looping. Makes sense this explains the size difference
the files were being overwritten. The supposed website mirror that should have
been created on my system is not accessible by the browser and does not display.
A virus scan reveals nothing.
Again as I posted above _
In fairness to http://freebooksandmagazines.blogspot.com
that page loads well and does not exhibit any suspicious behaviors. The problem
seems to be exclusive to the reference - /2007_09_01_archive.html
The chemistry section accessible from a margin link on the home page displays well.

To make sure that malware won't be able to install on your computer: never work
as an administrator or a member of Administrators group. Make your user account
" limited user ". Then , even if some security hole or your negligence allows some
malware to install and run , it won't be able to copy anything to the system folders
and register itself in the OS. ( this is not guaranteed )
Alternatively ,
To prevent Internet sites from leaving data on your hard drive, run your browser in
Protected Mode prior to navigating the web. To start your browser , right-click it
and choose Run As. In the Run As dialog box, select Current user and make sure
that the option " Protect my computer and data from unauthorized program activity "
is checked . Then click OK.
* Note that when running in this protected mode, you won't be able to access
any secured sites whose URLs begin with " https:// ". Also, some commands ( such
as " Open Link in New Window " on the context menu ) may not work.
When running in the " Protect my computer " mode , that program can read Registry
settings, but cannot change them. In addition, if your hard disk is formatted with
NTFS, the program won't be able to alter any files associated with the current
profile, including cookies, temporary Internet files, the desktop, and My Documents.
Be aware , that while this option protects against a potentially harmful program
running on your system , it also brings grief to many perfectly healthy applications
that need to store settings or files in one of these locations. This reduces your
options to that of the Safe Mode one might apply a child. ( this also is no
guarantee of safety )

Go here to test your browser's security to Java exploits
http://www.halfhill.com/jsecure.html

Go here to test your firewall for port penetration
http://www.auditmypc.com
http://www.speedguide.net/scan.php
- note that this test will finish but the test page remains , so check the previous
start page after a couple of minutes to see if has completed.

Firewall integrity tests
http://bcheck.scanit.be/bcheck
-close the popup window only after it becomes erratic , the test will eventually
finish but the test page remains , go back to the start page to view results.
http://www.security-hacks.com/2007/04/24/how-to-test-your-fi...
http://insecure.org/nmap/index.html

Firewall evaluations
http://www.matousec.com/projects/windows-personal-firewall-a...
Highest rated Comodo Firewall Pro - http://www.personalfirewall.comodo.com/whyfree.html
just out since January , Version 2.4.18.184 and earlier are already potentially compromised
http://www.matousec.com/info/advisories/Comodo-Bypassing-set...
http://www.pcworld.com/downloads/userreviews/fid,63762/userr...
download version beta 3 for vista
http://www.softpedia.com/get/Security/Firewall/Comodo-Person...

I highly recommend the following , it requires no system overhead , it changes Script and Java
file extension associations so that these can be evaluated before they become activated.
You must do this manually by inspecting the downloaded script file in your browser cache.
This to some extent protects you from your thoughtless actions and won't stymie browsing.
http://www.jasons-toolbox.com/programs.asp?Program=Script%20...

EBAY Safe Browsing Tutorial
http://members.ebay.com/ws/eBayISAPI.dll?ViewUserPage&us...

Here is the sum of knowledge from available security sites and disclosures
http://www.snnx.com/securitynews
Select portals listed at the left , find CERT ( next here below ) with myriad others

CERT
http://www.us-cert.gov
http://www.kb.cert.org/vuls
http://www.cert.org/tech_tips/malicious_code_FAQ.html
http://www.us-cert.gov/reading_room

http://en.wikipedia.org/wiki/Cross-site_scripting

Digging Deeper
http://www.technicalinfo.net/tools/index.html

A related security post _
http://www.sciencemadness.org/talk/viewthread.php?tid=7144&a...

.

[Edited on 4-10-2007 by franklyn]

franklyn - 14-9-2012 at 08:49

First thing to do on that new just out of the box computer - run antivirus , I kid you not. Better yet reformat and install the operating system fresh.
www.independent.co.uk/life-style/gadgets-and-tech/news/micro...

.

Eliteforum - 16-9-2012 at 14:20

Was there any need in digging up an old thread from five years ago for that utterly pointless reply?

Rogeryermaw - 16-9-2012 at 19:20

would you prefer he make a new thread on an existent topic? that is generally frowned upon here.

Another " utterly pointless reply "

franklyn - 31-1-2013 at 13:47

Quote: Originally posted by franklyn

First thing to do on that new just out of the box computer - run antivirus , I kid you not.
Better yet reformat and install the operating system fresh.
www.independent.co.uk/life-style/gadgets-and-tech/news/micro...

www.cnbc.com/id/49032374

Related Post
www.sciencemadness.org/talk/viewthread.php?tid=19386&pag...

.