Warning: Do Not Use Entropedia [NOTE: now cleared by Google Safebrowsing]
- Thread starter Gewitter
- Start date
Chuck Wholrey
Dominant
- Joined
- Feb 21, 2012
- Posts
- 399
- Location
- Missouri, USA
- Society
- Benevolence
- Avatar Name
- Chuck Jarrdhead Wholrey
This is not a new problem there was another Thread a Soc mate had started, and some blooming Idiot reported him for spreading a malicious website in twin peaks, when he tried to warn players.
https://www.planetcalypsoforum.com/...ast-finding-false-positive-on-entropedia-info
I hate to say it but I think MA would have had a quicker response time to this problem
https://www.planetcalypsoforum.com/...ast-finding-false-positive-on-entropedia-info
I hate to say it but I think MA would have had a quicker response time to this problem
Mega
Chaotic Good
- Joined
- Sep 30, 2006
- Posts
- 16,733
- Location
- UK
- Society
- Kaos
- Avatar Name
- MegaVolt
I've heard reports about Entropedia for the past couple of days with Chrome, but was able to access it yesterday without issue, but today I got this using Firefox:
So even though I've used the site for years I will await a fix.
So even though I've used the site for years I will await a fix.
Aeris_is_back
Stalker
- Joined
- Mar 2, 2007
- Posts
- 2,258
- Location
- Edmonton Eh
- Society
- My FL
- Avatar Name
- Darcy Aeris Wood : was Darcy Aeris is Back Wood
addblock plus and no script addons, provided you take 10 to learn how to use no script will offer outstanding protecting from browsing threats. a minor pain in the ass the first few days but after that you can surf all the por... er um gaming related websites you want.
forgo
Elite
- Joined
- Apr 13, 2006
- Posts
- 3,524
- Location
- US
- Society
- Freelancer
- Avatar Name
- Forgo Forgorth Lundain
Arkadia forum was hacked a few months ago (there was a pic in place of the site one day I visited, this link is the post.)
Since entropedia acts as an intermediary for some of that information, I guess it infected entropedia? or entropedia infected it.... but I do recall Arkadia forum being hacked last year for certain, it was the only time i've seen a site completely taken over.
From google:
Safe Browsing
Diagnostic page for entropiawiki.com
What is the current listing status for entropiawiki.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 22 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 879 pages we tested on the site over the past 90 days, 378 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-01-17, and the last time suspicious content was found on this site was on 2014-01-16.
Malicious software is hosted on 1 domain(s), including pintura-escultura.es/.
This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, entropiawiki.com appeared to function as an intermediary for the infection of 1 site(s) including arkadiaforum.com/.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
I have databases on my site for alot of information at the bottom under general information, not all up to date though(I essentially cloned everything off of entropedia a couple years ago to use for learning database programming, most recent update was last year). My presentation of the data is admittedly clunky, testing and coding different layouts, but there is a bit info safe in the meantime. (safelock security verification on bottom checked and updated daily, I pay to keep it safe)
Since entropedia acts as an intermediary for some of that information, I guess it infected entropedia? or entropedia infected it.... but I do recall Arkadia forum being hacked last year for certain, it was the only time i've seen a site completely taken over.
From google:
Safe Browsing
Diagnostic page for entropiawiki.com
What is the current listing status for entropiawiki.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 22 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 879 pages we tested on the site over the past 90 days, 378 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-01-17, and the last time suspicious content was found on this site was on 2014-01-16.
Malicious software is hosted on 1 domain(s), including pintura-escultura.es/.
This site was hosted on 1 network(s) including AS36351 (SOFTLAYER).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, entropiawiki.com appeared to function as an intermediary for the infection of 1 site(s) including arkadiaforum.com/.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:
Return to the previous page.
If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
I have databases on my site for alot of information at the bottom under general information, not all up to date though(I essentially cloned everything off of entropedia a couple years ago to use for learning database programming, most recent update was last year). My presentation of the data is admittedly clunky, testing and coding different layouts, but there is a bit info safe in the meantime. (safelock security verification on bottom checked and updated daily, I pay to keep it safe)
Last edited:
It seems that someone (still) has access to change the paypal.html on entropedia.
Now the previous URL referred to was changed into another one.
I dug a bit into it, and though currently broken, it's using obfuscated javascript code to redirect to a possibly well known webpage, that uses even more obfuscated javascript code (there I gave up).
To sum it up,
- the web server needs to be monitored for unauthorized changes (uploads).
- as it's at least 2 levels of javascript redirects it seems "serious".
Found threat: JS/BlackoleRef.CZ
See here for more info:
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:JS/BlacoleRef.CZ
Now the previous URL referred to was changed into another one.
I dug a bit into it, and though currently broken, it's using obfuscated javascript code to redirect to a possibly well known webpage, that uses even more obfuscated javascript code (there I gave up).
To sum it up,
- the web server needs to be monitored for unauthorized changes (uploads).
- as it's at least 2 levels of javascript redirects it seems "serious".
Found threat: JS/BlackoleRef.CZ
See here for more info:
http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:JS/BlacoleRef.CZ
Last edited:
raynopssgold
Stalker
- Joined
- Dec 6, 2009
- Posts
- 1,680
- Location
- Southeast Dreamland
- Society
- Virtual Legends
- Avatar Name
- Onyar Loorden PSS
When I visited Entropedia.info a moment ago, I got this "Big Red Warning Page"
Witte
Marauder
- Joined
- May 21, 2005
- Posts
- 5,713
- Society
- Delta Force Elite
- Avatar Name
- Vlugge Witte Harrie
I have taken a quick look, the file "paypal.htm" no longer contains the same data as the file I have locally. It looks like someone figured out how to get admin access to the site and overwritten the file. I will see if I can fix this.
Neil Stockton
Stalker
- Joined
- Aug 12, 2011
- Posts
- 2,069
- Location
- USA
- Avatar Name
- Neil Greenleaf Stockton
That was completely different and unrelated to entropedia. There was no virus or trojan involved, just a simple exploit in Vbulletin that allowed the hackers to replace the main page with a pic. They also did it to other websites using the same software.
Witte
Marauder
- Joined
- May 21, 2005
- Posts
- 5,713
- Society
- Delta Force Elite
- Avatar Name
- Vlugge Witte Harrie
I removed the malicious code. But the cause of it is not fixed yet. I noticed there is no virus scanner on the web server, so my guess is that the web server itself is infected. I tried to install one but I do not have the required access level. If its a virus/tojan it seems to target htm files, as the site has only two htm files and those were the only two files that were affected.
minim
Elite
- Joined
- Dec 15, 2010
- Posts
- 3,990
- Location
- Bergen, Norway
- Society
- Rangers
- Avatar Name
- Mini MiniM Mine
Hi witte, could you please respond to the request I sent trough entropiawiki.com to use information from the weapon database (extracted .csv files) from the whole db on my own website? Looking forward to a reply trough email so I can continue my work if this is ok
forgo
Elite
- Joined
- Apr 13, 2006
- Posts
- 3,524
- Location
- US
- Society
- Freelancer
- Avatar Name
- Forgo Forgorth Lundain
read lower arkadia has been infected...
again from google:
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, entropiawiki.com appeared to function as an intermediary for the infection of 1 site(s) including arkadiaforum.com/.
Last edited:
Stormdancer
Dominant
- Joined
- Jul 29, 2013
- Posts
- 436
- Location
- Under the third rock east of 8 Coins
- Society
- Bravo Three-Nil
- Avatar Name
- Tarcoula Stormdancer Uluru
thanks for the efforts guys losing entropedia is like losing my left arm in this game
I will be *very* glad when it is accessible again. Appreciate the efforts to get it back safe.
losing entropedia is like losing my left arm in this game I will be *very* glad when it is accessible again. Appreciate the efforts to get it back safe.
Neil Stockton
Stalker
- Joined
- Aug 12, 2011
- Posts
- 2,069
- Location
- USA
- Avatar Name
- Neil Greenleaf Stockton
I did read lower but whatever that refers to it had nothing to do with the image hacking incident.
Aeris_is_back
Stalker
- Joined
- Mar 2, 2007
- Posts
- 2,258
- Location
- Edmonton Eh
- Society
- My FL
- Avatar Name
- Darcy Aeris Wood : was Darcy Aeris is Back Wood
I had a virus that took similar action on a group of Apache servers I managed. I ended up having to boot from a usb hdd with with a clean install of windows. scan / remove then do a manual search for every *.htm *.html and *.php file then I used think it was note pad ++ to do batch find and replaces for a single line added to every such file removing a line to the black hole content and replaced it with <!-- whoops --> and /* whoops *\ it was nice I did not even have to open and edit each file the whole thing took 10 min for thousands of files.
- Joined
- Aug 31, 2006
- Posts
- 5,346
There is a lot of uninformed speculation and misinformation in this thread, which I will try to clear up below.
Just to be clear, EntropiaForum was never 'hit with a virus', and no forum or member data was ever at risk. The issue you are referring to (nearly 4 years ago) was caused by OpenX Adserver, one of the most popular banner delivery platforms on the internet at that time. The issue in question also affected thousands of other websites. As soon as the issue was brought to my attention, all OpenX content was removed from the EF website within minutes.
It does not appear that the issue affecting Entropedia has anything to do with Java.
Entropedia is hosted on its own (Windows) server, with free hosting provided by me for over 5 years.
EntropiaForum and PCF are hosted on completely separate servers from Entropedia.
EntropiaBay has no relation to EF or PCF, and is not hosted on any of the same servers. EntropiaBay is operated by a member named Dr.D.C.
It is possible that the html code was corrupted from outside the server, without the server itself being infected or compromised. For maximum security, I am performing virus scans on the server and will of course remove any issues discovered.
Indeed, the new server should provide much better performance and security for Entropedia. Even if we plan to move Entropedia to a new host next week though, I will do my best in the meanwhile to ensure that the old host is virus-free, and get the malware warnings removed ASAP so the community has access to wealth of info that Entropiedia offers.
Just to be clear, EntropiaForum was never 'hit with a virus', and no forum or member data was ever at risk. The issue you are referring to (nearly 4 years ago) was caused by OpenX Adserver, one of the most popular banner delivery platforms on the internet at that time. The issue in question also affected thousands of other websites. As soon as the issue was brought to my attention, all OpenX content was removed from the EF website within minutes.
It does not appear that the issue affecting Entropedia has anything to do with Java.
Entropedia is hosted on its own (Windows) server, with free hosting provided by me for over 5 years.
EntropiaForum and PCF are hosted on completely separate servers from Entropedia.
EntropiaBay has no relation to EF or PCF, and is not hosted on any of the same servers. EntropiaBay is operated by a member named Dr.D.C.
It is possible that the html code was corrupted from outside the server, without the server itself being infected or compromised. For maximum security, I am performing virus scans on the server and will of course remove any issues discovered.
Indeed, the new server should provide much better performance and security for Entropedia. Even if we plan to move Entropedia to a new host next week though, I will do my best in the meanwhile to ensure that the old host is virus-free, and get the malware warnings removed ASAP so the community has access to wealth of info that Entropiedia offers.
forgo
Elite
- Joined
- Apr 13, 2006
- Posts
- 3,524
- Location
- US
- Society
- Freelancer
- Avatar Name
- Forgo Forgorth Lundain
I was just reporting Firefox disabled Java on its own, upon detection of some sort of threat related directly to Java.
And if it didn't automatically turn it off like in my case, the steps involved to do so.
I guess not everyone has the dev tools installed to detect these kinds of risks to this degree, or apparently the knowledge on how these things work via Java security issues atm. Ignorance is your risk.
as
I would post the exact error message I had related to Java, but I get a completely new message from google. (which I did post)
Java (as a web browser plugin) has been one of the most common ways malware enters computers through hit-and-run (infected web pages). Often there are computers out there that has an old version, with several security holes, installed by the computer manufacturer and because few end-users doesn't even know it's installed or what it does, the old bad version remains.
(Theoretically, java is designed to be safe, but there has been several loopholes practically allowing malicious web sites from installing and running everything.)
If you do use java, make sure it's updated - remove all old versions (through add/remove programs), install new version from java.com, and make sure you stay updated.
If you don't use java/visit webpages where it's used, go to add/remove programs and remove it.
Other plugins and installed programs, such as acrobat reader, flash, and even application programs such as winword (and even dll files to interpret certain image formats and even true type fonts installed automatically by web pages) has been ways for malware to get installed.
The "threat" that is on entropedia was said to check client computers for several potentially vulnerabilities, not just one.
But again: Java, especially old versions, has been a very common way to get bad programs into the computer.
- Joined
- Aug 31, 2006
- Posts
- 5,346
Indeed, members should absolutely take measures to protect their browsers and computers from malicious software. It is also a good policy to use a completely unique email address, username and password for one's Entropia Universe account that is not used on any other website or service, including community websites like PlanetCalypsoForum. And of course, it is madness to have any significant value on one's EU avatar without making use of the Gold Card protection system.
I was simply pointing out, to avoid confusion and further speculation, that in this case the issues being experienced on Entropedia do not appear to be Java related.
Infinity Ixius
Young
- Joined
- Jul 4, 2013
- Posts
- 11
- Location
- Australia
- Society
- Swunt Enterprises
- Avatar Name
- Dace Infinity Ixius
I have the same thing using Avast. While avast has now calmed its farm, now Chrome goes crazy if I open the page...
I also get a warning coming from the Entropiabay graphs etc. Both Chrome and Avast seem to dislike them greatly. I wonder if this is where it's all stemming from?
I also get a warning coming from the Entropiabay graphs etc. Both Chrome and Avast seem to dislike them greatly. I wonder if this is where it's all stemming from?
- Joined
- Nov 1, 2006
- Posts
- 5,356
- Location
- Australia
- Society
- Antipodean Army
- Avatar Name
- Harena Serica Turbinis
Firefox seems to have cleared Entropedia as a 'malicious site', cos I'm not getting the warning page any more, but soc mate now tells me that Chrome still has it.
Note that entropiabay.com still has the warning on it, and so it's probably best not to drill down any pricing links from Entropedia to that site.
Note that entropiabay.com still has the warning on it, and so it's probably best not to drill down any pricing links from Entropedia to that site.
Last edited:
Angel O2 Mercer
Marauder
- Joined
- Mar 1, 2010
- Posts
- 7,238
- Location
- Spain
- Society
- Rangers
- Avatar Name
- Angel O2 Mercer
Google will not clear the status of entropedia until any relation to entropiabay is removed, that's the way they spot dangerous sites.
And even then, it will take a few days, maybe a week. The quickest way is for Witte to submit entropedia to Google Webmaster Tools and request a malware review.
Again, the review will fail if any links are found to infected sites...
And even then, it will take a few days, maybe a week. The quickest way is for Witte to submit entropedia to Google Webmaster Tools and request a malware review.
Again, the review will fail if any links are found to infected sites...
Axel Foley Head
Guardian
- Joined
- Feb 1, 2012
- Posts
- 319
- Location
- Sweden
- Society
- Guess Who
- Avatar Name
- Axel Foley Head
HardWrath
Marauder
- Joined
- Dec 8, 2005
- Posts
- 6,038
- Location
- Wisconsin, USA
- Society
- Freelancer
- Avatar Name
- Max HardWrath Mayhem
The loss of Entropedia has detrimental effects on the game economy. People DEPEND on the wiki to get vital information about items... when they cant get that, they tend to not buy new things until they are sure of what they are buying.
It needs to get fixed ASAP
It needs to get fixed ASAP
- Joined
- Nov 1, 2006
- Posts
- 5,356
- Location
- Australia
- Society
- Antipodean Army
- Avatar Name
- Harena Serica Turbinis
So far as I understand it, everyone (Witte, 711, Dr.D.C.) has done as much as they can, and are now waiting on Google etc to update their malware listings.