Friday, August 1, 2008

Volleyball.com hacked

by Jason Schock at 12:55 AM

Update: The site has been fixed. See comment below.

It appears that Volleyball.com has sustained some kind of hacking attack recently. Various links across the site have some evil JavaScript from Russian Web sites injected into the URL. Just poking around, it appears that it tries to run some kind of a script from a malicious web site.

You don't have to click a link to be affected. Just visiting the site could subject you to attack.

Any decent browser will ignore tags in a link URL, but older browsers may not. The really evil thing is that he attack has infected URLs in RSS feeds. This means that any RSS subscriber that doesn't sanitize the URL is potentially susceptible, and if you republish the feed on your site (like I do - don't worry, it's clean), the attack propagates to your site, too. Clever.

Google has some info about the malicious site if you're curious.

Let's hope they get that fixed soon. Screenshot attached.

Screen capture of malicious script in URL

 

2 comments:

Dan said...

Hello FatSpike:

Our techs have restored the Blogs and the Blogs RSS feeds. They are working to be sure of no future issues with the Volleyball.Com public content site.

Important Good News: Please note this did not involve our e-commerce site at shop.volleyball.com - all is normal and fine there, the two sites are on two completely separate networks and platforms.


We have always kept the two sites separate for security reasons:

1. Volleyball.Com is for publicly generated volleyball content.

2. Shop.Volleyball.Com is for volleyball e-commerce and therefore locked down tight. Shop.Volleyball.Com is also tested daily for security by 3rd party McAfee security screening (formerly called HackerSafe)

Sorry for any inconvenience.

Thanks everyone for your support of Volleyball.Com !

We will be blogging from Beijing at the Olympics! Stay tuned!

pndglobal said...
This comment has been removed by a blog administrator.