Welcome, Guest. Please login or register.

Author Topic: Utilitybase Infected  (Read 11919 times)

Description:

0 Members and 1 Guest are viewing this topic.

Offline orb85750Topic starter

  • Hero Member
  • *****
  • Join Date: Aug 2007
  • Posts: 1237
    • Show only replies by orb85750
Utilitybase Infected
« on: January 31, 2011, 01:11:57 AM »
Quote from: desiv;611043
WTH??
I google for Amiga UtilityBase, it comes up with the main site.
I click it, and my Avast Antivirus starts screaming about some javascript malware?????
:angry:

desiv


That is exactly what happened to me previously.  I posted it, but nobody confirmed it.  Now I know it's not just my computer acting strangely.
 

Offline Minuous

Re: Help needed with programming Amiga development forum
« Reply #1 on: January 31, 2011, 01:46:14 AM »
But what is wrong with it? You could just turn off JavaScript if there is JS-based malware, JS isn't useful for much anyway.
 

Offline desiv

  • Hero Member
  • *****
  • Join Date: Oct 2009
  • Posts: 1270
    • Show only replies by desiv
Re: Help needed with programming Amiga development forum
« Reply #2 on: January 31, 2011, 02:03:55 AM »
Well, apart from the fact that it's infected (which does happen to sites from time to time, but as orb says he mentioned it before) it makes me question how well it's monitored..

But apart from that, I just went there with AWeb..
It renders OK..  Better than some sites...
Still a bit slow..

I really don't see a problem with wanting a site that has fewer features / bells & whistles that works well on Classic Amigas..

It's pretty clear, and I agree, that trying to keep a site modern and still maintaining good backwards compatibility  isn't worth the work.

You're not going to get the site admins here or other places spending a lot of time making sure their pages render well and fast on iBrowse and AWeb.
And that's OK.  Their main audience are people who prefer more modern browsers.

But at the same time, I think its perfectly fine for someone to want a site that does cater to that crowd..

And as for the "fragmenting the user base" argument..  Really?  This is the internet...
That's what it's all about..  ;-)

I only wish I was better with PHP, as I'd love a "classic Amiga" site without Javascript, CSS, and built for speed...

desiv
Amiga 1200 w/ ACA1230/28 - 4G CF, MAS Player, ext floppy, and 1084S.
Amiga 500 w/ 2M CHIP and 8M FAST RAM, DCTV, AEHD floppy, and 1084S.
Amiga 1000 w/ 4M FAST RAM, DUAL CF hard drives, external floppy.
 

Offline matthey

  • Hero Member
  • *****
  • Join Date: Aug 2007
  • Posts: 1294
    • Show only replies by matthey
Re: Help needed with programming Amiga development forum
« Reply #3 on: January 31, 2011, 02:54:19 AM »
Quote from: desiv;611057
Well, apart from the fact that it's infected (which does happen to sites from time to time, but as orb says he mentioned it before) it makes me question how well it's monitored..


It's updated often enough with developer file links to Aminet. Making a site virus and hack proof isn't easy. Some anti-virus software gives virus warnings long after the virus is removed, too. The Amiga is immune to the viruses.

Quote

But apart from that, I just went there with AWeb..
It renders OK..  Better than some sites...
Still a bit slow..


Turn off background loading to speed rendering. If you have to have the background then consider a patch for exec.library/CopyMem() as that is what is used to copy the background to the window before rendering over it. My CopyMem patch for the 68060 and 68040 gives about a 35% and 40% speedup over AmigaOS 3.9 respectfully...

http://aminet.net/util/boot/CopyMem.lha

Sorry, I don't have a 68020/68030 version but there are older patches that probably give an acceptable speed up.

Quote

I really don't see a problem with wanting a site that has fewer features / bells & whistles that works well on Classic Amigas..


I thought UtilityBase already lacked most of the bells and whistles and worked well on old browsers. UtilityBase seems to be a nice cross Amiga platform developer site without the red vs blue wars. It could be a little more used though. There is also the EAB developer forum that is pretty active and works ok with old browsers. Nice atmosphere but maybe geared more for retro classic programming.
 

Offline Hans_

Utilitybase
« Reply #4 on: January 31, 2011, 06:12:09 AM »
Quote from: Minuous;611091
Well, if you refuse to explain why this new site is needed and what is wrong with UtilityBase, then I refuse to help with this project. Because I see it as splittism of the Amiga community.

Is the problem then that AWeb has issues with UtilityBase? This would indeed be a valid reason, I will confirm whether there is an issue.


I stopped visiting utilitybase because it has been infected with malware for about a year, and still isn't fixed. It's not the first time that it has been infected with malware for months either. Sure, it hasn't done any damage to my machine, and I could use an Amiga browser, but I don't trust a site that has been infected, and not fixed.

Added to that, submitted news articles tend to take days/weeks to get approved.

Hans
Join the Kea Campus - upgrade your skills; support my work; enjoy the Amiga corner.
https://keasigmadelta.com/ - see more of my work
 

Offline Trev

  • Hero Member
  • *****
  • Join Date: May 2003
  • Posts: 1550
  • Country: 00
    • Show only replies by Trev
Re: Help needed with programming Amiga development forum
« Reply #5 on: January 31, 2011, 06:57:18 AM »
The malware in UtilityBase is a script src reference to a site that no longer exists. (It's not accessible from my ISP, anyway.)

I'd be happy with any forum with a PRE-compatible format tag. Syntax highlighting and standarized indenting would be cool, too.
 

Offline Minuous

Re: Help needed with programming Amiga development forum
« Reply #6 on: January 31, 2011, 12:38:10 PM »
>Added to that, submitted news articles tend to take days/weeks to get approved.

That they are only ever about OS4.0 is an even worse problem. But the forums are good, I have been given help there on obscure matters many times.
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show only replies by Piru
    • http://www.iki.fi/sintonen/
Re: Help needed with programming Amiga development forum
« Reply #7 on: January 31, 2011, 02:58:44 PM »
Quote from: Trev;611094
The malware in UtilityBase is a script src reference to a site that no longer exists. (It's not accessible from my ISP, anyway.)
It was taken down because of hosting Neosploit Toolkit content. However, it is only the 2nd URL that is broken, the actual script src URL works. Thus the attack could easily be made functional again...

Even more worrying is the fact that someone is able to modify the site content at will.
« Last Edit: January 31, 2011, 03:20:23 PM by Piru »
 

Offline johnklos

  • Full Member
  • ***
  • Join Date: Feb 2010
  • Posts: 190
    • Show only replies by johnklos
Re: Utilitybase Infected
« Reply #8 on: January 31, 2011, 06:38:57 PM »
First, any site can be made to be secure. When you have a large hosting environment run by a huge corporation which hires trained monkeys, the servers typically do not get the kind of personal attention they should and things like security become less of a priority than they should be.

What's more distressing, though, is that the exploit was added AND NEVER REMOVED. I'm not sure which is worse - a site which has an admin who is simply not capable of fixing the issue and preventing future intrusion or a site which has an admin who just doesn't care.

Rewriting parts of sites to render functionally on older browsers is neither rare nor difficult. Lots of people are having their sites redesigned to work properly on iPhones and other small devices, and the sites are offering smaller page loads, too. This part isn't insurmountable. Heck, I still use links (which is like lynx) from time to time, and I think because of iPhones and the like MORE sites are working just fine. Only a neophyte makes a site which only has Flash content or which won't work without Java these days.

What really matters, though, is having an environment which is cared for and run by people who care. A typical hosting company isn't going to really care much beyond the possibility that they'd look bad if they don't make things run properly. They're certainly not going to care about the $10 a month they'd lose should a problem customer leave when they've got 10,000 other customers.

I'm not sure I understand the rationale behind the suggestion that people should use a site which isn't cared for and which has security issues - why would anyone want to do that when Cammy is putting in the effort to set something up properly?
 

Offline djrikki

  • Sr. Member
  • ****
  • Join Date: Mar 2010
  • Posts: 346
    • Show only replies by djrikki
Re: Utilitybase Infected
« Reply #9 on: January 31, 2011, 07:35:43 PM »
@Hans

The very very first time I ever visited UtilityBase Safari told me the page was infected with Malware - not that I am bothered no-one writes viruses for MacOS X either lmao

But joking aside, I highly recommend OS4 Coding as its nature successor.  Still new, slowly zzzzz gathering pace.  UB looks old, but at the end of the day its activity that matters and well UB fails there as well.  There have been only 10 thread updates since 9th January.

Offline Trev

  • Hero Member
  • *****
  • Join Date: May 2003
  • Posts: 1550
  • Country: 00
    • Show only replies by Trev
Re: Help needed with programming Amiga development forum
« Reply #10 on: January 31, 2011, 08:51:41 PM »
@Piru

Quote
It was taken down because of hosting Neosploit Toolkit content. However, it is only the 2nd URL that is broken, the actual script src URL works. Thus the attack could easily be made functional again...

Yes, and I'm sure the authors are waiting for a fresh, undocumented exploit to abuse.

Quote
Even more worrying is the fact that someone is able to modify the site content at will.

What makes you sure it wasn't placed there by the site or hosting administrators in the first place? Buffy said it best: "... there's definitely something unnatural going on here. And that doesn't usually lead to hugs and puppies."

@johnklos

Quote
First, any site can be made to be secure.

No. All any developer or administrator can do is manage risk.
 

Offline Piru

  • \' union select name,pwd--
  • Hero Member
  • *****
  • Join Date: Aug 2002
  • Posts: 6946
    • Show only replies by Piru
    • http://www.iki.fi/sintonen/
Re: Help needed with programming Amiga development forum
« Reply #11 on: February 01, 2011, 07:37:46 AM »
Quote from: Trev;611304
What makes you sure it wasn't placed there by the site or hosting administrators in the first place?
Of course I can't be sure. But it is far more likely that some automated bot using google and/or brute force scanning found the vulnerable forum software/cms and exploited it. The exploited site may have been sold to highest bidder on bulk pwned sites market even.
 

Offline Trev

  • Hero Member
  • *****
  • Join Date: May 2003
  • Posts: 1550
  • Country: 00
    • Show only replies by Trev
Re: Help needed with programming Amiga development forum
« Reply #12 on: February 01, 2011, 07:11:24 PM »
Perhaps, but it's not of much value to anyone who doesn't hold a grudge against the ten or so developers that still use it.
 

Offline Minuous

Re: Utilitybase Infected
« Reply #13 on: February 01, 2011, 11:26:29 PM »
>I highly recommend OS4 Coding as its nature successor.

No, that won't do, as it is OS4-specific.
 

Offline Jose

  • Hero Member
  • *****
  • Join Date: Feb 2002
  • Posts: 2871
    • Show only replies by Jose
Re: Utilitybase Infected
« Reply #14 on: February 04, 2011, 08:24:53 PM »
Regarding utilitybase.com I visited it today and Firefox is constantly redirecting it to another site (some pub thing...). I fear I got infected as using a free proxy (i.e. http://www.freesslproxy.com) doesn't get it redirected.
Can anyone confirm the redirection ?

And then people say x86 should be the only way, I still see a huge advantage to using another processor which is security, I'm allways a bit nervous when I use paypal on an x86 machine, specially windows of course (using xp64 here).

I miss the days when there were some dev discussions here on A.Org but it turned out to be so few of us I felt I was almost the last one posting my doubts in here.
\\"We made Amiga, they {bleep}ed it up\\"