Skip to content
View in the app

A better way to browse. Learn more.
Guys from Andromeda Community

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SQN "hacked"

pcj
in Website Talk

Featured Replies

I know, I know, it's a bit ironic for me to be the one posting this, but...

 

Someone is changing .htaccess files on the server to point to another site, and adding trojans to the Archive pages (the main site seems to be safe as it's all in its own database with a separate password). This is the second time in a month we've noticed it.

 

We've repaired the damage and cleaned up, and with Frans' blessing we've changed the main password - hopefully that will stop it, though it's possible they're using an undocumented IP.Board bug.

 

Several of you have been affected by this as well and reported various oddities, and that's why I'm posting about it here. From what we can tell no passwords, PMs, or personal data, or anything in the IP.Board database has been accessed or changed - the rogue agent appears to be purely trying to redirect people to another site (which is unrelated to Space Quest at all) through means of an htaccess file, and adding trojans (weak ones, any current AV will detect it) to the archives.

 

All this to say, if you see any weirdness with SQN, please let one of the admins know. Thank you and sorry for any problems you may have encountered.

  • Quote

    Eh stinks to have stuff like that happen. Unfortunately it happens more often with PHP sites due to the language not helping programmers write secure code AND having more than their fair share of vulnerabilities in the interpreter itself[1]. I felt lucky when we were able to discontinue the PHP app at our company site, having had a PHP compromise that got us onto spam black lists (despite having kept up with patches).

     

    I've heard Drupal is one of the better-run PHP projects security-wise, in case this gets really bad and you need to switch. Of course there are some non-PHP options for forum apps like Django, but not all hosting services offer python. There's probably a ruby-on-rails forum out there that would be suitable as well.

     

    [1] http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/

  • Quote

    OH NO

    COULD IT BE

    OH NO...

    THE LESUIRE SUIT LARRY VIRUS!!!!!

    HE'S HIT THE SQMC SERVER,NOW HE'S HITTING LE FORUMS!!!!!!!!!!

    WATCH OUT GUYS!

     

     

     

     

     

     

    HE'S HERE

  • Quote

    Ooh! It's a "Space Quest"-ARG!

     

    Sucks about the hacking, of course... but really, an SQ ARG would be cooler than sliced bread.

  • Quote

    • Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.

    Guest
    Reply to this topic...
    Go to topic listing

    Account

    Navigation

    Search

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.