Lost Marble website defaced?

[Rasheed]

Just when I thought this server was safe, after I had notified Lost Marble of some random directory on his server (see here). I saw this afternoon (15:00 GMT) that the main LM website was apparently defaced.

Of course, I notified LM with a PM, but this is really alarming. How can someone from the outside get so much access to this server?

[heyvern]

Uh...

Rasheed? Is this a danger to the forum? Could someone gain access to this database???!!!!

Good lord... I hope it's backed up.

p.s. I don't have a cell phone so I don't need any ringtones.

-vern

[Rasheed]

If the ringtone seller is smart, he doesn't mess with the forum, because this will get noticed quite soon. Now no-one, but for some geeks like me, visit the LM index page, this page was up for grabs, without anyone noticing.

However, this could just as well be a new start of spam attacks to the forum. I've seen a lot of bogus accounts coming by in the last months. They lay dormant until some spammer claims them to do his evil thing.

[cribble]

I don't know what's worse at the moment. Religious, theoretical rants... or ringtone ads?

I do like the look of the usher ringtone though

[Rasheed]

LM has answered my PM. For some reason the links didn't show up in his browser, but he is taking them down.

[heyvern]

When I first checked out your warning the links didn't show in my browser either. But half the page was missing.

So I viewed the source code.

Apparently hackers are good with some stuff... but not good at writing compliant HTML. They really should use validation when defacing a web site.



-vern

[Rasheed]

Perhaps it is because I use FireFox and the NoScript extension (JavaScript disabled, unless I deem it to be a trusted site). IE has security zones, which is roughly the same. I wouldn't put the LM site in my list of trusted sites, because it has been hacked at least twice.