love

Author Topic: website being compromised  (Read 2940 times)

dassix

  • Junior Member
  • *
  • Posts: 58
website being compromised
« on: February 22, 2017, 11:45:35 AM »
I messaged Saltine, but I also wanted to post something out there for other users to see as well (I cannot create in the announcement thread).

When visiting the filmspotting.net today 12:15 PM EST, the text was not legible and shortly after navigating to the website received a popup from "Google Chrome" informing me that the browser cannot display the fonts and I needed to download a font pack.  The file was named "GoogleChromeFontPack". 

This file is maclicious - NO NOT DOWNLOAD - DO NOT INSTALL

According to various security sites, this is a new Chrome malware vector.  Receiving this prompt upon visiting a website, implies the website has been compromised in some manner.

https://thenextweb.com/security/2017/02/21/chrome-missing-font-hack-malware/#.tnw_Mgt6eLAk
https://www.bleepingcomputer.com/news/security/fake-chrome-font-pack-update-alerts-infecting-visitors-with-spora-ransomware/

The hack appears to be a JavaScript injection.  I am somewhat new here, and thus do not know who manages the actual site or hosting - please forward this information to the appropriate person.
« Last Edit: February 22, 2017, 12:19:04 PM by dassix »

DarkeningHumour

  • Objectively Awesome
  • ******
  • Posts: 10453
  • When not sure if sarcasm look at username.
    • Pretentiously Yours
Re: website being compromised
« Reply #1 on: February 22, 2017, 01:15:33 PM »
Thanks for the heads up.
« Society is dumb. Art is everything. » - Junior

https://pretensiouslyyours.wordpress.com/

saltine

  • Administrator
  • Godfather
  • ******
  • Posts: 9800
Re: website being compromised
« Reply #2 on: February 22, 2017, 03:11:21 PM »
Thank you, dassix.  I forwarded to Adam.  I also saw that  "GoogleChromeFontPack" download on the site yesterday, but only once as I go to the site dozens of time a day.

We'll see what Adam says...
Texan Down Under

dassix

  • Junior Member
  • *
  • Posts: 58
Re: website being compromised
« Reply #3 on: February 22, 2017, 04:47:12 PM »
I was able to replicate it 3 other times at work on VMs.  It does seem to be sporadic, as it took sometimes several attempts to trigger it.  I must have good luck, because when I got home from work, it happened instantly  >:(

« Last Edit: February 22, 2017, 04:56:29 PM by dassix »

saltine

  • Administrator
  • Godfather
  • ******
  • Posts: 9800
Re: website being compromised
« Reply #4 on: February 22, 2017, 05:06:29 PM »
That is what I saw.  I closed the tab and tried again and it was not there.

Texan Down Under

Slacker

  • Junior Member
  • *
  • Posts: 19
Re: website being compromised
« Reply #5 on: March 29, 2017, 10:25:21 AM »
I just had this happen.  Chrome, Windows 7.

Slacker

  • Junior Member
  • *
  • Posts: 19
Re: website being compromised
« Reply #6 on: March 29, 2017, 10:33:34 AM »
I restarted chrome, went back and it happened again.

Adam

  • Administrator
  • Elite Member
  • ******
  • Posts: 4572
    • Filmspotting
Re: website being compromised
« Reply #7 on: April 26, 2017, 08:19:34 PM »
Well, website compromises shouldn't be an issue anymore...
Follow Filmspotting on Twitter at http://twitter.com/filmspotting

Listen to Filmspotting at https://www.filmspotting.net/ and on Chicago Public Radio (91.5 FM)

1SO

  • FAB
  • Objectively Awesome
  • ******
  • Posts: 36128
  • Marathon Man
Re: website being compromised
« Reply #8 on: April 26, 2017, 08:33:38 PM »
Will billing be based on Number of Posts or Most Time Online? (Either way, I'm going to have to pay in installments.)


Fantastic news!