- Joined
- Dec 29, 2002
- Messages
- 15,876
- Reaction score
- 1,912
- Pronouns
- He/Him
- Staff
- #1
Hello everyone,
Earlier today, we started getting reports from people that received the following malware warning notice when they browsed the Bulbagarden forums in Google Chrome or Mozilla Firefox.
"The site ahead contains malware. Attackers currently on 194.6.233.8 might attempt to install dangerous programs on your computer that steal or delete your information."
On investigating the issue, we've found that the culprit was a small 1x1 iframe that was somehow injected into the forums copyright notice footer. The IP address of this attack resolves to the Ukraine, which is currently a hotbed for this kind of thing. We are not yet 100% certain how this was achieved, but we believe the attack vector was most likely one of a small number of an out-of-date forums addons that we'd delayed upgrading as we prepared to replace the Bulbagardens forum server (yeah, there's a new forums server coming, surprise!). For now, we've been able to successfully band-aid over the issue by removing the copyright footer entirely, however this is not a permanent fix.
We would also suggest that as a matter of general safe browsing practice, you install a browser extension like NoScript. If you are using that extension and did not allow the rogue IP, there should be nothing whatsoever to worry about. Those of you who accessed the forums and received this warning should run your standard suite of anti-virus and malware checks, just to be safe, but we've received no reports as of yet of anyone actually having something planted onto their computer.
At this point, we do not believe that the Bulbagarden forums server or database has been directly compromised. Your account details should be safe. As a matter of routine security however, you should make sure that you are not using the same password on other websites as you do on Bulbagarden. You may wish to change your password on Bulbagarden as well if you fear something may have been compromised.
We'll keep you posted on how things go. If we're right about the source, then simply upgrading all these addons should fix the problem. If not, then we'll let you know. In the unlikely event there has been a server/database breach, there will be a mandated password reset enforced.
Earlier today, we started getting reports from people that received the following malware warning notice when they browsed the Bulbagarden forums in Google Chrome or Mozilla Firefox.
"The site ahead contains malware. Attackers currently on 194.6.233.8 might attempt to install dangerous programs on your computer that steal or delete your information."
On investigating the issue, we've found that the culprit was a small 1x1 iframe that was somehow injected into the forums copyright notice footer. The IP address of this attack resolves to the Ukraine, which is currently a hotbed for this kind of thing. We are not yet 100% certain how this was achieved, but we believe the attack vector was most likely one of a small number of an out-of-date forums addons that we'd delayed upgrading as we prepared to replace the Bulbagardens forum server (yeah, there's a new forums server coming, surprise!). For now, we've been able to successfully band-aid over the issue by removing the copyright footer entirely, however this is not a permanent fix.
We would also suggest that as a matter of general safe browsing practice, you install a browser extension like NoScript. If you are using that extension and did not allow the rogue IP, there should be nothing whatsoever to worry about. Those of you who accessed the forums and received this warning should run your standard suite of anti-virus and malware checks, just to be safe, but we've received no reports as of yet of anyone actually having something planted onto their computer.
At this point, we do not believe that the Bulbagarden forums server or database has been directly compromised. Your account details should be safe. As a matter of routine security however, you should make sure that you are not using the same password on other websites as you do on Bulbagarden. You may wish to change your password on Bulbagarden as well if you fear something may have been compromised.
We'll keep you posted on how things go. If we're right about the source, then simply upgrading all these addons should fix the problem. If not, then we'll let you know. In the unlikely event there has been a server/database breach, there will be a mandated password reset enforced.