Would like to inform you that the sajha guild came down under a malicious attack. About a week back I got a notification from google saying that the pages of sajha guild has been compromised. In checking out the data, I found that there was a string containing reference to a javascript was appended to most of the data. In essense what this does is to force uses to run a javascript when they loaded any guild page which showed partially blank pages.
I hoped this would be a random thing so I took care of the database and remove all inserted codes and just waited to see what happens.
Today also same thing from the morning, it may have been before this but thats when i noticed it. So in doing a little research this is what is going on:
Click here to see info on this script injection hackI need a little time to get to the bottom of this so I'm disabling sajha blogs for few days until the time I have figured out a good solution. Please do read up on the above to see if you are infected. If anyone has any good ideas, please feel free to share!
It is very interesting that the exerpt from the above link reads: "excluding all end-users with the following language preferences set in
their browser—Russian (RU), Chinese (ZH-CN, ZH-TW, ZH), Korean (KO),
Hindi (HI), Thai (TH), and Vietnamese (VI)—as the ngg.js script
suggests."
It will be interesting to find out why only these language users are excluded from the effects of the exploit.
