Welcome Guest [Log In] [Register]
Welcome to Dansk Spil Forum. We hope you enjoy your visit.


You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
22th April 2005 - Warning Fansite Users Hijacked
Topic Started: Apr 22 2005, 10:35 PM (78 Views)
benneburg
VIP
Warning: fansite users getting hijacked
It has come to our attention that several users of a large RuneScape fansite have recently had their RuneScape password stolen. The fansite is an independent website, and isn't run by us or affiliated with us, but many of our users do choose to use it.

We don't know for sure, and we are basically trying to work this out from the pattern of attack, but it seems quite likely this was done by posting malicious content or images on the forums of the 3rd party fansite. People viewing that page then got infected with a keylogger which could be used to steal all their passwords.

I know it's hard to believe that just viewing a page on a forum could be enough to be infected with a keylogger, but there have actually historically already been a number of security flaws in the image code in web browsers which allowed exactly that!

Our own forums deliberately don't allow users to post images or html exactly because of this security risk. Lots of people complain that we don't offer this feature, but we believe security is far more important than features. Unfortunately many third party fansites aren't as secure as ours with regards to this. Indeed we've noticed the attacker spreading recent rumours to try to pursuade more people to use fan-site forums instead of ours, presumably so he can hack more people through them.

I would like to emphasize that we believe the security of our own servers and forums is in no way compromised. It appears that the accounts are being stolen not by targeting our servers, but by instead targeting the home computers of users. Possibly via fansite forums.

We have of course very thoroughly double checked our own server security as well, but can find no sign of intrusion, and the fact that the people being hijacked are users of the same fansite seems unlikely to be a coincidence.

We take our own security very seriously here, but our users still have to take good care of their own computer as well. It is essential that you are careful to keep your computer secure to prevent a keylogger being installed on it, we recommend EVERYONE pays close attention to the following advice:

1) Ensure your computer is fully patched. Go to www.windowsupdate.com and make sure you have all the latest patches for your machine and web-browser. You may have to reboot and visit the site several times to get all patches.

2) If you use Internet Explorer it might be worth considering using an alternative web-browser which historically has been less targetted by attacks, and appears to often patch such critical problems more quickly. Here at Jagex we use Firefox, because we believe it offers better security. Although even if you do this it is still VERY important to make sure you always only use the latest version of the browser. Because firefox has previously had security problems too.

3) DON'T use your password anywhere except runescape.com. It is very important NOT to use the same password for RuneScape and other websites.

4) DON'T believe that just having anti-virus software instantly makes you 100% immune. It doesn't. There are many less common threats and attacks which you will still not be protected from. Anti-virus software helps, and is worth having, but it doesn't mean you can ignore all other security advice!

Unfortunately if you've already been infected then this particular keylogger doesn't appear to be picked up by anti-virus software yet, and the only sure way to get rid of it is a total reformat and reinstall of your computer (which should only be done by a professional). If anybody knows an easier way to detect or get rid of it then please let us know and we'll pass the info on. Of course your best bet is to be careful and not get infected in the first place!
Posted Image
do quests...NOT walktroughs
Offline Profile Quote Post Goto Top
 
skibden
Member Avatar
Slayer
hijacked.... fun word.. :P

Mødte en der kun ville bruge Tip.it fordi han var bange for at blive det... Tror ikke han har set at tip.it dl'er en fil.... :W
My tribute to benneburg: ROLF copter rules !
Posted Image
SkibDen | High Council | Clan leader | Forum Admin
Join clan S.O.D today.. The Slayers of Death..
It roxz to be an emergency medic...
Offline Profile Quote Post Goto Top
 
« Previous Topic · RuneScape Opdateringer · Next Topic »
Add Reply