Is Videohelp protected against this type of attack?

[El Heggunte]

http://forum.doom9.org/showthread.php?t=168919

Just out of curiosity, and hoping to read a big "YES"

--- or "not"

[Baldrick]

Nope. No site has 100% protection against attacks. They can find an exploit in vbulletin,php,apache,addons,etc and insert a javascript code that steals your autocomplete login data.

But I'm monitoring all pages for such javascript code.

[vhelp]

to my knowledge, i have autocomplete off, and have remember me (pass/logon) set to off. i prefer to manully do these things. and, to be safe, (i always assume such) i usually log off right after i post something. my private messages are mostly boring stuff anyway.

[jman98]

God forbid that someone might be stealing logins and passwords at Doom9. Why that would mean that automated bots would be receiving the snarky replies instead of humans as was intended. It's a travesty I tell you!

[jagabo]

Many people use the same username and passwords at multiple sites. If you're stupid enough to do so with doom9 and Amazon.com, or your bank, look out.

[aedipuss]

oh yeah. and add adobe to that list. i started adding individual site names to my commonly used passwords long ago. i.e. videohelpXXXXXXX, bankXXXXXXX, etc. to prevent a password stolen on one site from being a gateway to all my stuff.

[DarrellS]

A strange thing happened to me a couple of weeks ago. I had just visited a sports blog that I had never visited before and then came here to Videohelp and a couple of minutes later, Avast popped up and started trying to delete all my command line encoders. It started with cmd.exe and ffmpeg.exe and then onto my CLIs'. I thought it was just Avast screwing up again after an update since I had told it not to scan my programs so I installed Avira but it popped up with the same warnings so I ran a scan and it fixed everything. Maybe it was just coincidence that I was on this site and it attacked all my command line encoders and nothing else. It didn't attack cmd.exe in my Windows folder, just copies that I had placed in folders with my encoders and also copies of ffmpeg.exe.

I was afraid that I'd have to replace all the files but everything seems to be working OK, so far.

[Hoser Rob]

Many people use the same username and passwords at multiple sites. If you're stupid enough to do so with doom9 and Amazon.com, or your bank, look out.

Thanks for the intelligent answer.

There is no 100% safe activity on the web. Whatsoever.

Even the ubuntu forums got hacked. And they're run by geeks that make the doom9 people look like complete noobs.

[El Heggunte]

.......
Even the ubuntu forums got hacked. And they're run by geeks that make the doom9 people look like complete noobs.

Well-spotted --- now I finally know why Mr. Doom9 chose the expression "clueless n00b" for defining himself on his own forum.

[lordsmurf]

That was just a generic exploit from what I can tell.

I doubt Doom9 is secured that well, as old as it is, given the lack of web knowledge shown by some of the mods, and given the completely MIA status of admins. At least, that's been my observation.

Somebody, at best, customize the injected JS for doom9, but I doubt it.

[vhelp]

can we at least have the last time we logged on, as part of the log on process, so we can see. i know the info in linked to one's profile page, but you have to navigate to it, and this is one too many steps each time we long on. the info should be provided during log on. that would ease everyone sigining on. i know a few websites that i log onto that provide that convenience. thank you.