Website hacked? :(

Discuss about anything related to the Irrlicht Engine, or read announcements about any significant features or usage changes.
Locked
REDDemon
Developer
Posts: 1044
Joined: Tue Aug 31, 2010 8:06 pm
Location: Genova (Italy)

Website hacked? :(

Post by REDDemon »

Website got hacked again I think. I have a strange layout now
Junior Irrlicht Developer.
Real value in social networks is not about "increasing" number of followers, but about getting in touch with Amazing people.
- by Me
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Website hacked? :(

Post by CuteAlien »

Hm, not seeing anything. Maybe SF server was overloaded - when that happens it messes things up sometimes (not loading certain files etc). But corrects itself usually again after a while.
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
Brainsaw
Posts: 1183
Joined: Wed Jan 07, 2004 12:57 pm
Location: Bavaria

Re: Website hacked? :(

Post by Brainsaw »

I got a "database connection error" this morning and was afraid the site got hacked again. But half an hour later all seemed fine so I guess it was some sourceforge problem
Dustbin::Games on the web: https://www.dustbin-online.de/

Dustbin::Games on facebook: https://www.facebook.com/dustbingames/
Dustbin::Games on twitter: https://twitter.com/dustbingames
REDDemon
Developer
Posts: 1044
Joined: Tue Aug 31, 2010 8:06 pm
Location: Genova (Italy)

Re: Website hacked? :(

Post by REDDemon »

Yeah it seems gone. I was displaying only half webpage.
Junior Irrlicht Developer.
Real value in social networks is not about "increasing" number of followers, but about getting in touch with Amazing people.
- by Me
Cube_
Posts: 1010
Joined: Mon Oct 24, 2011 10:03 pm
Location: 0x45 61 72 74 68 2c 20 69 6e 20 74 68 65 20 73 6f 6c 20 73 79 73 74 65 6d

Re: Website hacked? :(

Post by Cube_ »

generally any database errors is a server problem, showing half the web page is a resource problem (typically either on your end or on server end) such as the css failing to load or send.
"this is not the bottleneck you are looking for"
MartinVee
Posts: 139
Joined: Tue Aug 02, 2016 3:38 pm
Location: Québec, Canada

Re: Website hacked? :(

Post by MartinVee »

Hum... With the developer tool in Chrome, I can see that the shadow-root has a CSS that contains links to websites I did not expect to see on the Irrlicht website.

I'm not entirely sure what loaded this content, but there's a suspicious-looking script at the bottom of the DOM (you can see it here) that seems to be loading an iframe.
Cube_
Posts: 1010
Joined: Mon Oct 24, 2011 10:03 pm
Location: 0x45 61 72 74 68 2c 20 69 6e 20 74 68 65 20 73 6f 6c 20 73 79 73 74 65 6d

Re: Website hacked? :(

Post by Cube_ »

I can't find the shadow-root css linked anywhere in the document and a quick ctrl+f in the chrome developer view didn't find it either, but it's possible ublock or one of my user scripts stripped it if it's part of an ad or other known intrusive element.
It's also possible that it's only included in some pages, I only checked this topic page and the root page at irrlicht.sourceforge.net


As for the include script, that's part of wordpress oembed module for embedding content iirc - you can do a cursory google search on part of it and you'll find plenty of results, you can find very similar scripts on a lot of other pages like this government page (Seems to be the unminimzed version of the script at cursory glance):
https://gapanalysis.usgs.gov/padus/wp-j ... 2Fpadus%2F
"this is not the bottleneck you are looking for"
MartinVee
Posts: 139
Joined: Tue Aug 02, 2016 3:38 pm
Location: Québec, Canada

Re: Website hacked? :(

Post by MartinVee »

Image

Here's the screenshot of the DOM Explorer in Chrome that shows the shadow-root for the main page at [url]http://irrlicht.sourceforge.net/[url].
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Website hacked? :(

Post by CuteAlien »

Uhu - that doesn't look good :-(

But that other file doesn't seem to be the problem, that's an original file from wordpress: https://core.svn.wordpress.org/branches ... bed.min.js

Now... I have to learn about what a Shadow-DOM is (I'm not a web developer...)
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Website hacked? :(

Post by CuteAlien »

Hm, not seeing anything so far (no shadow-dom at all). There's 2 more options. One is - you are not seeing the current homepage but still our hacked version. Is the newest post you see already about "Schwarzerblitz" or do you have some older news? And second option - it might be your system that's compromised. Did you check if other websites are fine?
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
MartinVee
Posts: 139
Joined: Tue Aug 02, 2016 3:38 pm
Location: Québec, Canada

Re: Website hacked? :(

Post by MartinVee »

Argh, you're right! That comes from Adguard AdBlocker! I'm so sorry!

In and of itself, the shadow DOM isn't a problem. It's a way of having two separate DOM trees in the browser. This enables you, for example, to develop a widget that you can reuse and include everywhere without fearing of having it's style messed up because another website uses the same CSS style than your widget.
CuteAlien
Admin
Posts: 9734
Joined: Mon Mar 06, 2006 2:25 pm
Location: Tübingen, Germany
Contact:

Re: Website hacked? :(

Post by CuteAlien »

Ah ok. Well, glad we're fine for now :-)
IRC: #irrlicht on irc.libera.chat
Code snippet repository: https://github.com/mzeilfelder/irr-playground-micha
Free racer made with Irrlicht: http://www.irrgheist.com/hcraftsource.htm
Cube_
Posts: 1010
Joined: Mon Oct 24, 2011 10:03 pm
Location: 0x45 61 72 74 68 2c 20 69 6e 20 74 68 65 20 73 6f 6c 20 73 79 73 74 65 6d

Re: Website hacked? :(

Post by Cube_ »

I saw google ads there so for a moment I was about to say "well there it is, ad code - of course that won't be in my version of the page since it gets stripped" but then you pointed out it's from your adblocker so that makes a bit more sense to me now.
"this is not the bottleneck you are looking for"
Locked