Hacker News new | comments | show | ask | jobs | submit login
MySQL.com currently Hacked (and serving javascript malware) (sucuri.net)
118 points by sucuri2 2070 days ago | hide | past | web | 20 comments | favorite



That's a relief, for a minute there it looked like MySQL had been bought by Oracle.


I needed to access the mysql forums today and Google kept blocking me, claiming malware. I had almost overrode it thinking that google must be wrong and am glad I didn't.

Looks like they are still infected --- anyone know of a way to tell if a site is infected (kind of like a "is it down or just me" ) outside of Google search?



There is a site scanner here: http://sitecheck.sucuri.net (free)


Scanning "http://www.mysql.com returns "Verified Clean"...


They fixed it..


I visited the site during the affected time on Mac OS X 10.7, with Safari - I'm worried I might be infected. How can I check?


Are Linux users susceptible to these kind of attacks too? In the video the exploit is presented on a Windows machine.



Does anyone understand what that javascript code is doing?


It seems to hide an iframe call to http://falosfax.in/info/in.cgi?


There has been quite a flurry of open source projects getting hacked as of late (kernel.org comes to mind, but I think there were 1 or 2 others as well). Does anyone know if these different hacks are related to each other in any way?


If you're countryX and want to bring down everything, hacking sites like mysql, apache, kernel and the likes would do the most damage


No doubt, but that doesn't explain why all these sites have suddenly become vulnerable. Unless someone with unusual hacking capabilities only started trying recently.


Unless someone with unusual hacking capabilities only started trying recently.

'Usual' hackers are probably a step above script kiddies. On the top end you have state sponsored PHDs


I don't see your point. There are no countries that would have only recently developed an interest in hacking such sites and have the capability to do so. Clearly you're trying to imply that some country is behind this, so feel free to just say it out loud instead of being cute about it and wasting everyone's time.


Clearly you're trying to imply that some country is behind this, so feel free to just say it out loud instead of being cute about it and wasting everyone's time.

It's an internet forum, not a court of law. OK? I am speculating. When someone does something this big, I tend to think of someone way out there, like those that tried to hack Google, defense companies etc. For all we know they did to get the info from one company, steal CC from a million of them, or just have the option to take million of sites offline. Relax.


Apparently, this is the infected resourse[1], although it's not infected when (or rather where) I load it.

[1] https://www.mysql.com/common/js/s_code_remote.js?ver=2009101...


They fixed it.


This may be fallout from Google flagging a larger network.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: