Daggerfall unity website

kust · Post by **kust** » Thu Dec 09, 2021 6:06 pm

When trying to go to the daggerfall unity's website a malaware popup appears. Press allow to confirm you are human.

Shapur · Post by **Shapur** » Thu Dec 09, 2021 6:47 pm

kust wrote: ↑Thu Dec 09, 2021 6:06 pm When trying to go to the daggerfall unity's website a malaware popup appears. Press allow to confirm you are human.

Hi,
could you post a link? I have a feeling that's some fake.
This is the only official one.

Shapur · Post by **Shapur** » Thu Dec 09, 2021 6:49 pm

Nevermind, that is the real one.
Did the website get hit by some malware?
It's not how it's supposed to be.

Shapur · Post by **Shapur** » Thu Dec 09, 2021 6:50 pm

Do not click on any of those weird popups.

BadLuckBurt · Post by **BadLuckBurt** » Thu Dec 09, 2021 6:52 pm

Shapur wrote: ↑Thu Dec 09, 2021 6:47 pm
kust wrote: ↑Thu Dec 09, 2021 6:06 pm When trying to go to the daggerfall unity's website a malaware popup appears. Press allow to confirm you are human.
Hi,
could you post a link? I have a feeling that's some fake.
This is the only official one.

He's talking about dfworkshop.net, the main site. I just tried and got redirected as well.

@Admins / moderators, I think there has been some malicious content injected to the Wordpress (I think it uses Wordpress?) database. It's usually Javascript <script> tags being added to the page content.

Shapur · Post by **Shapur** » Thu Dec 09, 2021 6:57 pm

BadLuckBurt wrote: ↑Thu Dec 09, 2021 6:52 pm
Shapur wrote: ↑Thu Dec 09, 2021 6:47 pm
kust wrote: ↑Thu Dec 09, 2021 6:06 pm When trying to go to the daggerfall unity's website a malaware popup appears. Press allow to confirm you are human.
Hi,
could you post a link? I have a feeling that's some fake.
This is the only official one.
He's talking about dfworkshop.net, the main site. I just tried and got redirected as well.

@Admins / moderators, I think there has been some malicious content injected to the Wordpress (I think it uses Wordpress?) database. It's usually Javascript <script> tags being added to the page content.

Yep, seems like the website got attacked.

Magicono43 · Post by **Magicono43** » Thu Dec 09, 2021 6:59 pm

Yeah, can confirm here as well that it instantly gets redirected to spam/malware type stuff.

XJDHDR · Post by **XJDHDR** » Thu Dec 09, 2021 7:43 pm

I've found that a malicious script seems to have become attached to the website, which is causing these redirects.

If you have Adblock Plus, uBlock Origin or some other similar blocking addon, you can add this rule to stop these redirects in the meantime:

Code: Select all

||stat.belonnanotservice.ga^

Interkarma · Post by **Interkarma** » Thu Dec 09, 2021 8:41 pm

Thanks for the alert. I've taken website down while I investigate.

Interkarma · Post by **Interkarma** » Fri Dec 10, 2021 12:01 am

I've restored whole site and database from recent backup prior to redirect hack. Restored site scans clean and currently has additional paid protection in place for some peace of mind.

As a precaution, I've reset all passwords for the few users who have access to blog (only myself and a couple of other members here) and purged all non-essential plugins. This might break some older posts that embed rich content such as gfycat animations or code formatting. I'd rather keep plugins to a bare minimum for now until I can complete review.

The site and all plugins are always kept up to date, so not certain how hack was initially executed. I'll keep monitoring site proactively and dig through logs to discover more.

Daggerfall Workshop Forums

Daggerfall unity website

Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website

Re: Daggerfall unity website