Bitcoin Forum>Economy>Marketplace>Service Discussion
Author

Topic: Preev.com compromised? Script injection ? (Read 580 times)

Kprawn
legendary
Activity: 1904
Merit: 1074
Preev.com compromised? Script injection ?
December 24, 2015, 06:25:24 AM
#9
Quote from: Pollak on December 23, 2015, 05:57:20 PM
I use FF no script. The only scripts loading are
Google Analytics and some jquery.

On which location did you find the script?


It could be a secondary script, injecting it with every visit to the site. I am going to do a quick re-image to restore everything to it's default status, but I would like to determine

where the infection / hack is coming from. No need doing a whole re-image and you cannot identify the exploited site. It will just re-inject the script and continue as normal.

I have APP's in place to stop the payload, but it disables key features on some of the sites and cancel it's functionality.  Angry ... I guess it's back to VM.
Pollak
full member
Activity: 182
Merit: 100
Pollak
Re: Preev.com compromised? Script injection ?
December 23, 2015, 05:57:20 PM
#8
I use FF no script. The only scripts loading are
Google Analytics and some jquery.

On which location did you find the script?
mexxer-2
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
Re: Preev.com compromised? Script injection ?
December 23, 2015, 05:27:06 PM
#7
Quote from: Kprawn on December 23, 2015, 05:20:17 PM
http://hidcptqmerifcusymaqddcomolsujibeptsmycmqsrwgrcmywshgnfpjhcc.com/filter.aspx?partner=910345&f=popup-u  --> DO NOT CLICK ON THIS LINK <---

I'm good at not following warnings so I opened the link, in a VPS though. And it seems to redirect to google adwords if you do not insert the showme.html part, and if you do, it redirects to a youtube video
Kprawn
legendary
Activity: 1904
Merit: 1074
Re: Preev.com compromised? Script injection ?
December 23, 2015, 05:20:17 PM
#6
I debugged the code and it seems to inject this script :

http://hidcptqmerifcusymaqddcomolsujibeptsmycmqsrwgrcmywshgnfpjhcc.com/filter.aspx?partner=910345&f=popup-u  --> DO NOT CLICK ON THIS LINK <----



There is definitely something strange going on...  Huh

butcherboss
sr. member
Activity: 338
Merit: 250
Re: Preev.com compromised? Script injection ?
December 23, 2015, 09:19:32 AM
#5
I dont think there is any problem. My pc does not show anything. Scan your pc for virus maybe it was your pc or maybe you ended up on a wrong site made just like preev.com
teddy5145
hero member
Activity: 714
Merit: 528
Re: Preev.com compromised? Script injection ?
December 23, 2015, 09:08:58 AM
#4
Fine on me too Smiley
Maybe it was false alarm ?
Or maybe it was coming you pc did you try to check your pc ?
rammy2k2
legendary
Activity: 1974
Merit: 1003
Re: Preev.com compromised? Script injection ?
December 23, 2015, 06:29:48 AM
#3
all good here too
pedrog
legendary
Activity: 2786
Merit: 1031
Re: Preev.com compromised? Script injection ?
December 23, 2015, 05:32:55 AM
#2
Virustotal.com doesn't detect anything.
Kprawn
legendary
Activity: 1904
Merit: 1074
Re: Preev.com compromised? Script injection ?
December 23, 2015, 05:18:17 AM
#1
I get script injection problems with Preev.com .... Could someone verify if this site might be compromised with a bad script? I have no problems with other sites.

I have counter measures in place for script injection attacks, but the warning flags are being raised for Preev.com. Please double check this for me, and correct me if I am wrong.

The site could have been compromised without the owner knowing it.  Huh
Bitcoin Forum>Economy>Marketplace>Service Discussion
Jump to: