« previous next »
Pages: [1]   Go Down

Author Topic: Injection attack  (Read 22526 times)

0 Members and 1 Guest are viewing this topic.

Offline bitcoinforum.comTopic starter

  • Administrator
  • Legendary Member
  • *******
  • Joined: Nov 2011
  • Location: bitcoinforum.com
  • Posts: 1498
  • Country: bz
  • Thanked: 88 times
  • Karma: +416/-10
  • Gender: Male
  • The Bitcoin genie is already out of the bottle.
    • facebook.com/bitcoinforum
    • flickr.com/bitcoinforum
    • bitcoinforum.livejournal.com
    • reddit.com/user/bitcoinforum
    • stumbleupon.com/stumbler/bitcoinforum
    • bitcoinforum.tumblr.com
    • twitter.com/bitcoinforumcom
    • bitcoinforum.wordpress.com
    • View Profile
    • bitcoinforum.com
Injection attack
« on: April 28, 2012, 05:58:50 AM »

your ads here
Today we received an e-mail reporting an injection attack to our community.

The malicious files have been removed.

A big thank you to the email author - someone who has done a very good investigative job.
« Last Edit: May 18, 2012, 10:38:01 AM by bitcoinforum.com »
Logged
"Your keys, your Bitcoin. Not your keys, not your Bitcoin." (Andreas Antonopoulos)
Latest stable Bitcoin version
Latest stable Electrum version

Offline dodoking

  • King of the coins!
  • Sr. Member
  • ***
  • Joined: Dec 2011
  • Location: Underwater
  • Posts: 283
  • Country: 00
  • Thanked: 1 times
  • Karma: +5/-0
  • DDK ALL DAY
    • twitter.com/dodoking1
    • View Profile
    • Under Construction
  • Bitcoin Address: 1AAmdfuC3psSNWgFmUUzqFCdVmCco7ZiRx
Re: Injection attack
« Reply #1 on: April 28, 2012, 06:21:46 PM »
What sort of injection? I take it they were attempting to get user data?
Glad it was caught, send my Thanks down the line.

Should my password be changed or is there nothing to worry about?

Thanks for the head up. Keep up the good work.
Logged

Offline bitcoinforum.comTopic starter

  • Administrator
  • Legendary Member
  • *******
  • Joined: Nov 2011
  • Location: bitcoinforum.com
  • Posts: 1498
  • Country: bz
  • Thanked: 88 times
  • Karma: +416/-10
  • Gender: Male
  • The Bitcoin genie is already out of the bottle.
    • facebook.com/bitcoinforum
    • flickr.com/bitcoinforum
    • bitcoinforum.livejournal.com
    • reddit.com/user/bitcoinforum
    • stumbleupon.com/stumbler/bitcoinforum
    • bitcoinforum.tumblr.com
    • twitter.com/bitcoinforumcom
    • bitcoinforum.wordpress.com
    • View Profile
    • bitcoinforum.com
Re: Injection attack
« Reply #2 on: April 28, 2012, 10:53:10 PM »
No it has nothing to do with user data.

The email content is bellow (some content removed ***):
Quote
To the administrators of bitcoinforum,

Dear sir or madam

I received a spam email containing a link to your site.

Investigating the url ([your domain]/******), I found that the head of ******.html contains an http-equiv attribute that triggers a redirect a russian scammer-domain,

Further redirects leads the unsuspecting to one of several sites presenting the opportunity to join some kind of ponzi-scheme.

I hope you can remove the offending page and prevent further injection attacks on your community-site. If bitcoin advocates can't guarantee the security of their forums, how will they convince the world that bitcoin is a secure and viable currency!

Sincerely,

****
Logged
"Your keys, your Bitcoin. Not your keys, not your Bitcoin." (Andreas Antonopoulos)
Latest stable Bitcoin version
Latest stable Electrum version
Pages: [1]   Go Up
« previous next »
 


About Recommended links Partners/Sponsored links Network Social network
Blog Bitcoin Litecoin Forum Follow us on Twitter
Choose your Bitcoin wallet Bitcoin whitepaper Facebook
Bitcoin Charts Bitcoin clients r/bitcoinforum
IRC Channel Bitcoin Wiki Flickr
Advertise with us! Bisq - Open source decentralized exchanger