Miscellaneous > The Lounge

XSS attack from LiveLeak

(1/1)

davidnix71:
Sunday when I visited LiveLeak, NoScript pitched a fit. Instead of giving me the usual warnings at the bottom, I got a bunch of XSS warnings at the top. I read the console log and it looks like porn spammers from Holland hacked the site. The ads were in Dutch, but they had logged my IP correctly so the city was Fort Lauderdale. They looked like AdultFriendFinder ads.

The phrase in the ad header was "Maak contact met opwindende vrouwen" in Fort Lauderdale. If you Google that phrase, you get sponsored Google ads on the right for Russian women, milfs and cheating wives. The sites listed in the search results have vulgar words in their names.

As of today, LiveLeak is back to normal. Our main Mac IT guy at work said someone is practicing for a larger attack. I tried adding extra filters to NoScript, and reloading the page, but the page scripts kept changing the top domain and I couldn't block it completely.

Lead Head:
Crazy how vulnerable some websites are. If they practiced on a video site like liveleak, perhaps they are going to go after youtube?

SiMuLaCrUm:
YouTube is too big and probably has more security. They would be able to stop them quickly or clean up the problems quickly.

Lead Head:
Never really thought about that. Forgot they were owned by google. I don't think google has ever been successfully hacked either?

SiMuLaCrUm:
I don't think so...

Navigation

[0] Message Index

Go to full version