Page 5 of 50

Re: Active forums

Posted: Fri Aug 16, 2013 6:08 pm
by Metalfist
Evilgrins why do you share that link if you get a malware warning from it?! It is obviously infected!
Anyway google is your friend: http://www.avgthreatlabs.com/virus-and- ... ploit-kit/ and u can check the wiki.

Re: Active forums

Posted: Fri Aug 16, 2013 6:19 pm
by EvilGrins
Metalfist wrote:Evilgrins why do you share that link if you get a malware warning from it?! It is obviously infected!
Of the lot of UT forums there are out there, ut99.org seems to be the hub, the center-point, for most of them... and seeing as the 1st post of this thread has had that Unreal-Mayhem link since back when, I think anyone else that might go there should get a heads up the place is now, for the first time ever, a risk.

Not everybody has got 2 viral-checkers looking their system over 24 hours a day, like me.

Re: Active forums

Posted: Fri Aug 16, 2013 6:23 pm
by Metalfist
I appreciate you warning us about it, but you should not make it a link, just say the unreal mayhems website or just break the link with spaces.

Re: Active forums

Posted: Fri Aug 16, 2013 6:27 pm
by EvilGrins
Wait... are you saying that just posting the link, without anyone clicking on it, is a threat?

News to me!

Re: Active forums

Posted: Fri Aug 16, 2013 6:30 pm
by Metalfist
Anyone could click on it out of curiousity. Better break it so if they want to see it so bad they have to do effort. Dont make it easy for pll to get infected (by accident).

Re: Active forums

Posted: Fri Aug 16, 2013 9:33 pm
by VatcilliZeitchef
Metalfist wrote:Anyone could click on it out of curiousity. Better break it so if they want to see it so bad they have to do effort. Dont make it easy for pll to get infected (by accident).
+1

Don't forget to add "Possibly infected" to the link in the first post.

Re: Active forums

Posted: Sat Aug 17, 2013 12:24 am
by EvilGrins
VatcilliZeitchef wrote:Don't forget to add "Possibly infected" to the link in the first post.
Good idea... at least until it clears up.

Re: Active forums

Posted: Sat Aug 17, 2013 12:36 am
by papercoffee
EvilGrins wrote:
VatcilliZeitchef wrote:Don't forget to add "Possibly infected" to the link in the first post.
Good idea... at least until it clears up.
Well done ...but I did also break the link in the first post for now.
If this page is no threat anymore later, can you reedit the first page.

Re: Active forums

Posted: Sat Aug 17, 2013 1:02 am
by EvilGrins
papercoffee wrote:If this page is no threat anymore later, can you reedit the first page.
Yeah, no prob. Not the first issue that forum's had...

...though the last one wasn't a big deal. During December they set it up so snow was falling across the screen, over all threads. It seriously lagged down the bandwidth something fierce.

Re: Active forums

Posted: Sat Aug 17, 2013 9:36 am
by $carface
Metalfist wrote:Evilgrins why do you share that link if you get a malware warning from it?! It is obviously infected!
Anyway google is your friend: http://www.avgthreatlabs.com/virus-and- ... ploit-kit/ and u can check the wiki.
Forget evilgrins post. Why do you keep flooding ut with fake player servers? You think you're doing some favour to ut, you aren't. You're giving the impatiens who only visit one or two 'populated server ' (which apparently are yours) and those people either leave or uninstall because they assume all servers are fake.

Stop flooding ut with your fake shit. I'm going to keep on harassing your servers and reporting to gametracker like I have been.

Re: Active forums

Posted: Sat Aug 17, 2013 10:54 am
by papercoffee
$carface wrote:
Metalfist wrote:Evilgrins why do you share that link if you get a malware warning from it?! It is obviously infected!
Anyway google is your friend: http://www.avgthreatlabs.com/virus-and- ... ploit-kit/ and u can check the wiki.
Forget evilgrins post. Why do you keep flooding ut with fake player servers? You think you're doing some favour to ut, you aren't. You're giving the impatiens who only visit one or two 'populated server ' (which apparently are yours) and those people either leave or uninstall because they assume all servers are fake.

Stop flooding ut with your fake shit. I'm going to keep on harassing your servers and reporting to gametracker like I have been.
:shock: what ...who?

Re: Active forums

Posted: Sat Aug 17, 2013 11:01 am
by Metalfist
I am helping the ut community the best I can. Please don't attack the person, formulate a polite argument on what might be the problem instead of rushing in and screaming death and murder.
I haven't received any complaints either untill now.
flooding ut with fake player servers
1. I don't "own" a server, I maintain them for the slv community. I didn't buy them, someone else did.
2. We only have 1 server with a fake player count, not multiple. This is the NY server and the fake players are indicated with a * before the name so you can see that they are fake. Also those are normally set to 4, so it's not on the toplist. The NY server is one of the oldest servers and when I got admin for it, it already had a fake player count. If you want to see if there are players, you could also look here: http://slv.clanservers.com/universalunreal/

Idk if the slv community supports the fake player count, but I think it doesn't matter anymore for the amount of players that enter. So I will try and see if I can remove it.

Re: Active forums

Posted: Sat Aug 17, 2013 9:01 pm
by EvilGrins
$carface wrote:Forget evilgrins post.
Not possible.
Image Image Image
My post was pretty.
Metalfist wrote:Anyway google is your friend: http://www.avgthreatlabs.com/virus-and- ... ploit-kit/ and u can check the wiki.
Good to know, thanks!

Re: Active forums

Posted: Mon Sep 23, 2013 7:28 pm
by EvilGrins
Just an indirect heads-up:
While the Unreal-Mayhem forum is still down, according to Dr. Flay their files section is still up and completely safe.

So, until that forum is accessible again, here ยท http://unreal-mayhem.com/files/

Re: Active forums

Posted: Tue Sep 24, 2013 1:49 am
by Dr.Flay
According to Yandex Unreal-Mayhem contains the Troj/Iframe-JH
http://yandex.com/infected?l10n=en&url= ... mayhem.com
Troj/Iframe-JH and variants
http://www.sophos.com/threat-center/thr ... me-JH.aspx

Unless any fake downloads have been added to the folders, browsing via the basic directory structure will avoid anything being injected into the html.

BTW. webby-types, this is what can happen when you use iFrames.
iFrames are very useful but you need to be more aware of the potential for hijacking.

And Grins, please if you want to quote me, change that to "is much safer".
There is no such thing as completely safe, unless you do not connect to anything.

My security principal is based upon the fact that malware does not want to be seen. I never assume that because my AV has not rang an alarm there is no threat.
Spoiler
A new piece of malware just got written, and another is about to be created.
Consider that I actively hunt this stuff, so in theory am more likely to get infected than normal users.
However due to my security practices, I have only been actively "infected" about 2 or 3 times, in the last 10 years or more.
I use Opera in a secure manner that the people in the Firefox forum only dream about (maybe the penny will drop soon and they will add the same options).
I have never trusted the default settings in any browser or Java (bag-of-shite). Users MUST learn to check the setup of these before ever using them in the wild.

I look for new malware as much as possible, as the quicker it gets reported, the quicker AV packages can be updated.
When I find a new threat depending on how it works, possibly no AV package will spot it.
Depending on the AV program, it may spot or block the activity it does but It can often be waiting for you to reboot before it infects.

I do not compare my browsing security or knowledge to others, and would categorically never, ever say "completely safe".
To be honest, one of the biggest helps you can get is by replacing taskmanager with Process Explorer, from day-1 of your installation.
Part of being secure is knowing when "one of these does not belong", and knowing what all of those mysterious background tasks are for.
In those 2 or 3 times I have been infected, I have been able to kill it without using AV software, only because I know what I am looking at, and spotted them as they launched.
I like the challenge of getting personal with it, and ripping it out by hand. Much more satisfying, but far more risky as the longer it lives the more infested it can get.