My virus protection (avast, free version) warned me immediately when I opened site for two past days, but I don't see any discussion of this. Was it just me or Brazil users?
The site is not fully functional. The new tab doesn't work. Edits don't work. Reply with quotes don't work.
Sometimes if multiple domains are accessed from the same IP, a "malware warning" can be triggered by one domain and effect the other. That *might* be what happened in your case Billy. The problem has been dealt, however the site/software has been upgraded and might have a few kinks that need ironing out.
I have been experiencing all of the complaints that others have raised. Will just wait until it all gets sorted out...
I notified Plazma Inferno Via PM: I get error messages: Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in ..../packages/vbforum/item/socialgroupmessage.php on line 261 Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in ..../packages/vbforum/item/socialgroupdiscussion.php on line 337 At http://www.sciforums.com/search.php and http://www.sciforums.com/search.php?search_type=1
Okay I thought I would inform you all know since I've done a little bit of digging and wanted to be absolutely sure before I freaked everyone out. The current problems we have on sciforum's currently is due to an attempted Injection attack which replaces elements of the Javascript. The injection technique at present I don't know (But I will get to the bottom of it) The person (or botnet) that attempted the injection didn't complete the full payload, it apparently was cut short* leaving both it's own attached code and the code we usually use to have all our functionality broken. The attempted exploit would have cloned all Cookies that were set during login and sent them to a different URL along with user agent information. This would allow someone to attempt a session hijack to either get greater privileges of the user accounts or even potentially the server. *There is a small chance that this attack did actually work the other weekend and that the code that is left is after the someone has attempted to erase their tracks, for that reason I suggest that everyone after the problems been fix replace their passwords again. I've already suggested to Plazma to test the current software files against a full install zip/tarball to see if there are any other altered files. (This should allow any compromised scripts to be "factory reset")
It's always a bit of fun however there is only ever so much data forensics you can do when you don't actually have access to any real data (all completely speculative, well other than the actual injected code which is now fixed.) The main problem is that throughout working it out, I flooded Plazma with updates :xctd: <--- way too much caffeine