Poe.xyz.is; suspected cause for compromised accounts?

I don't want to say I actually know what I am talking about. However, 2 hours ago I got hacked.

I think I am a pretty responsible person. I have specific emails with unique passwords for PoE and my email account. I haven't actually logged in since December when I first joined.

Anyway to the point.

I have only visited 2 sites that are not affiliated with PoE. The curse wiki, and poe.xyz.is.

Link to the forum post for poe.xyz.is.
http://www.pathofexile.com/forum/view-thread/109153/

Looking at the source code for poe.xyz.is I noticed this in the source code.




Piwik is a free and open source web analytics application. Which has been known to have malicious code injected. Now, again. I am no expert. But, this is a quote from Piwik website.

"
enableLinkTracking( enable ) - Install link tracking on all applicable link elements. Set the enable parameter to true to use a pseudo-click handler to track browsers (such as Firefox) which don't generate click events for the middle mouse button. By default only "true" mouse click events are handled.


It seems rather suspect. And, I wish to bring discussion about this. Talking with a friend in game, whom was also hacked; was hacked after visiting this website.


"


A hacker recently breached Piwik.org and added malicious code to the .zip file containing Piwik 1.9.2.

"Created in 2007 by New Zealand-based French national Matthieu Aubry, the web analytics platform is currently used by 460,000 websites in 150 countries, according to Piwik," notes CSO Online's Liam Tung.

"You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC," the Piwik team stated in a security announcement. "If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe."

"Customers who believe they might be impacted are advised to check for a piece of malicious code at the end of the Loader.php file located in the Core directory," writes Softpedia's Eduard Kovacs. "If the code is present, they must back up config.ini.php, delete the Piwik directory, and download a clean version from piwik.org."

"In their report they say it was compromised through a vulnerability on a WordPress Plugin, but didn’t provide any details on which one caused it," writes Sucuri CTO Daniel Cid.

"The hack is only the latest to compromise a popular provider of open-source software," notes Ars Technica's Dan Goodin. "In September, malicious code was found in phpMyAdmin after one of the mirror sites for SourceForge, which hosts more than 324,000 open-source projects, was compromised. In June 2011, WordPress required all account holders on WordPress.org to change their passwords following the discovery that hackers contaminated it with malicious software. Three months earlier, maintainers of the PHP programming language spent several days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached."
Last edited by PSGMud on Feb 28, 2013, 2:53:45 PM
no
"
sage2050 wrote:
no


explain please.
I don't understand any of this, can somebody with the details explain, please?
Oh Fuck.
IGN: TsuruyaNyro
And that's why you should never click any links you don't know for 100% Certainty is not a phising site. And open source sites is a big no no
Last edited by Burmeister99 on Feb 28, 2013, 3:01:58 PM
I was also hacked after the usage of this website. Coincidental or not I think every non-official website such at these ones should be taken into consideration as being potentially harmful.
ive been using it since the day it opened and haven't been hacked. im sure if it was malicious someone who knows what they're talking about would have said something by now.
"
sage2050 wrote:
ive been using it since the day it opened and haven't been hacked. im sure if it was malicious someone who knows what they're talking about would have said something by now.


Same...I've been using this site, and even have it on my favs since I saw it posted. I have yet to be hacked. I will continue to use this site until someone shows me concrete evidence that it is a hacking site.

Something concrete like having to sign into my account on this site. Which you dont have to so...it searches the fucking forums for you, idiot.
'It is good to contact a moderator if you feel someone is being a twat' Charan, Forum Moderator

Sometimes, we have to cross a ditch.
Sometimes, we have to cross an ocean.-Rhys, GGG
That's the wrong attitude to have. Many websites such as these go over a number of changes, some for the better or for the worse.

Hell, there even a time the e-sports team Evil Geniuses had malicious scripting within the site.

http://www.reddit.com/r/starcraft/comments/riy18/malware_on_evilgeniusesnet_egs_website_second/
Last edited by FILM on Feb 28, 2013, 3:11:35 PM

Report Forum Post

Report Account:

Report Type

Additional Info