1. Updated Resource Submission Rules: All model & skin resource submissions must now include an in-game screenshot. This is to help speed up the moderation process and to show how the model and/or texture looks like from the in-game camera.
    Dismiss Notice
  2. DID YOU KNOW - That you can unlock new rank icons by posting on the forums or winning contests? Click here to customize your rank or read our User Rank Policy to see a list of ranks that you can unlock. Have you won a contest and still haven't received your rank award? Then please contact the administration.
    Dismiss Notice
  3. Ride into the sunset with the 32nd Modeling Contest.
    Dismiss Notice
  4. This adventure has come to an end. Congratulate our heroes in the 16th Mini Mapping Contest Results.
    Dismiss Notice
  5. From the gates of hell, the 5th Special Effect Contest Results have emerged.
    Dismiss Notice
  6. Race against the odds and Reforge, Don't Refund. The 14th Techtree Contest has begun!
    Dismiss Notice
  7. Check out the Staff job openings thread.
    Dismiss Notice
Dismiss Notice
60,000 passwords have been reset on July 8, 2019. If you cannot login, read this.

Malicious Redirects - change your password

Discussion in 'Latest Updates and News' started by Ralle, Jul 28, 2016.

  1. deepstrasz

    deepstrasz

    Map Reviewer

    Joined:
    Jun 4, 2009
    Messages:
    13,164
    Resources:
    1
    Maps:
    1
    Resources:
    1
    I know that. Mussolini was just Hitler's "peon" on the long run. The important people were those two. We can extrapolate to the Japanese and Mao.
    I just didn't understand what the asterixises had to do with Benito.
    But then again, how about the Enola Gay virus?
     
  2. Kyrbi0

    Kyrbi0

    Joined:
    Jul 29, 2008
    Messages:
    7,978
    Resources:
    1
    Models:
    1
    Resources:
    1
    Asterix? What about Obelix!?
     
  3. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,531
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    Close...
    https://en.wikipedia.org/wiki/Hirohito

    Nothing afaik
     
  4. deepstrasz

    deepstrasz

    Map Reviewer

    Joined:
    Jun 4, 2009
    Messages:
    13,164
    Resources:
    1
    Maps:
    1
    Resources:
    1
    Seriously... I was referring to two different factions.
    Was left out in the past still fighting Romans.
     
  5. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,531
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    @Ralle

    Trying to get back on security topics, is https planned somewhere in the near future?
     
  6. Directive255

    Directive255

    Joined:
    Nov 4, 2010
    Messages:
    2,363
    Resources:
    1
    Models:
    1
    Resources:
    1
    When did (exactly or "as-close-as-possible" range) the malicious redirect happens (mention the timezone please)? Or at least when this redirect ended? I am just wondering if my account was safe (and I check always log on too).



    P.S. Off-Topic Shit:
    What's with all those WW2 stuffs? Psst, do not forget the goodies like Lord Chiang
     
  7. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,531
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    France: I experienced first redirects to third-party junk sites around 08:00/09:00 PM (local time) on July 27

    First Virustotal scan for the ww2 (=fake) THW site was done on July 27 23:56:19 UTC (not by me).

    I guess the end of the issues would depend on one's PC configuration, as well as one's ISP/internet settings. See:
    - locally poisoned DNS cache (solution : purge your local cache, or disable Windows' DNS Client service once and for all if applicable)
    - poisoned non-local DNS server's cache (solution: use another, untainted DNS server, if applicable).

    I would suggest you check your browsing history. If you see the url h**p://ww2.hiveworkshop.com in it, then assume you might mistakenly have logged in on this malicious fake site. Redirects to it were random.



    About WW2
    http://www.hiveworkshop.com/posts/3081177/

    Seriously guys, *read* this thread...
     
  8. Directive255

    Directive255

    Joined:
    Nov 4, 2010
    Messages:
    2,363
    Resources:
    1
    Models:
    1
    Resources:
    1
    Oops, seemed that I have "No History" extension on, so I can't really check. But I think I saw "h**p://ww2.hiveworkshop.com" quite a few times before...
     
  9. Ralle

    Ralle

    Owner

    Joined:
    Oct 6, 2004
    Messages:
    11,334
    Resources:
    22
    Tools:
    3
    Maps:
    5
    Tutorials:
    14
    Resources:
    22
    Yeah, I wanna get in on Let's Encrypt some time soon, but I have more pressing matters to attend to currently.

    So is anyone still experiencing these redirects on machines without Google DNS?
     
  10. IcemanBo

    IcemanBo

    Joined:
    Sep 6, 2013
    Messages:
    6,265
    Resources:
    22
    Maps:
    3
    Spells:
    11
    Template:
    1
    Tutorials:
    4
    JASS:
    3
    Resources:
    22
    Chrome users, get uMatrix addon, it can block everything unknown for you and worked here, too.
     
  11. TheLordOfChaos201

    TheLordOfChaos201

    Joined:
    Jul 2, 2011
    Messages:
    1,732
    Resources:
    0
    Resources:
    0
    how do you know if staff is still your staff?

    they could have all already been replaced!

    isn't there some kind of test we can run?

    shadowfury has been acting a bit weird, but that was before the attack....

    how do we know you are who you say you are?
     
  12. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,531
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    By knowing your 1982 horror / SF movies classics? :xxd:

    If you are *not* a kid, then you may search for:
    The Thing (6/10) Movie CLIP - Tainted Blood Sample (1982) HD
     
  13. Azsure

    Azsure

    Joined:
    Dec 24, 2008
    Messages:
    586
    Resources:
    6
    Models:
    5
    Maps:
    1
    Resources:
    6
    Are there any instructions for Windows XP users? VeljkoM seems unable to browse hive at all in his computer now even unlogged ever since this incident.
     
  14. Chaosy

    Chaosy

    Joined:
    Jun 9, 2011
    Messages:
    10,732
    Resources:
    18
    Maps:
    1
    Spells:
    11
    Tutorials:
    6
    Resources:
    18
    Not gonna bother to change my password.
    I doubt someone is interested in my account.
     
  15. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,531
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    There are many easy-to-find tutos on that topic.
    First, did he try to flush his local DNS cache (by typing at the command prompt ipconfig /flushdns) ?
    (and dammit, why can we not send direct private e-mail to fellow Hive members anymore?) :confused:2

    May I have it please so I can express my darker self, by spreading wanton havoc here using you name? :xxd:
    Joking aside, I myself changed mine. Safety first.
     
  16. Azsure

    Azsure

    Joined:
    Dec 24, 2008
    Messages:
    586
    Resources:
    6
    Models:
    5
    Maps:
    1
    Resources:
    6
    That didn't work for him either, and he's unable to even log in with Google now, so if someone wants to help him, you can contact him through skype, his username is veljko.m.91
     
  17. Alok

    Alok

    Joined:
    Sep 6, 2015
    Messages:
    577
    Resources:
    17
    Models:
    6
    Icons:
    4
    Maps:
    3
    Tutorials:
    4
    Resources:
    17
    Right now, when I clicked the sixth page of approved icons, my Firefox closed and a process called *something*.tmp started installing random stuff and starting processes on my computer. It installed a new search engine called "hohosearch", but it didn't get to install anything else, although the processes for installing that other stuff started too, since I immediately ended the mother trojan process and the installing processes in the task manager. This happened to me once before too since these malicious things had started happening on this site.
     
  18. Deathcom3s

    Deathcom3s

    Joined:
    Dec 24, 2007
    Messages:
    1,282
    Resources:
    1
    Models:
    1
    Resources:
    1
    Yeah, I've heard of a number of people moving away from FreeDNS lately, I no longer recommend using them either.

    Glad you got it resolved quickly, DNS changes are always a pain because of how long it can take to propagate.

    For those unsure of what Ralle means when he talks about DNS, a very rudimentary way of thinking of DNS is to think of a massive phone book that contains references to which domain is linked to which server IP address. As Ralle said, if anyone can mess around with that, they can do a lot of damage.
     
  19. pyf

    pyf

    Joined:
    Mar 21, 2016
    Messages:
    2,531
    Resources:
    2
    Tutorials:
    2
    Resources:
    2
    Those curious may want to have a look at DNS Benchmark.
    https://www.grc.com/dns/benchmark.htm

    Forget about DNS Name servers' performance, it is not worth the trouble imho.
    However, the Conclusions tab might provide interesting (and possibly scary) information.


    There are different kinds of DNS Name servers. Some are supposedly better fit for specific uses. A program like ChrisPC DNS Switch (freeware/nagware) categorizes them as 'regular', 'secure', 'family safe', and 'anonymous'. I make no endorsement on the validity of such assumptions, though.
     
  20. ~Nightmare

    ~Nightmare

    Joined:
    Jan 25, 2011
    Messages:
    2,109
    Resources:
    145
    Models:
    3
    Icons:
    111
    Packs:
    5
    Skins:
    26
    Resources:
    145
    What about those who didn't encountered the redirects. Well, I didn't encountered it. So am I safe?