PSA: It appears FLVs website may have been compromised.

submitted over 9 years ago by BendroRodrigo

Was doing my thing earlier, browsing the sub and stumbled upon this. /u/nmsmith89 found an oddity on FLVs blog, so I decided to investigate.

I looked at the source code and inspected the site with chrome's devtools. I found this: http://i.imgur.com/IOtJCMk.jpg

Basically other than the wonky post, links are being hidden from sight. I have seen this type of thing before and is most likely a result of the website(wordpress) being compromised and the attacker using access to try to sneak in some external links to their website to boost their SEO rankings.

I have emailed FLV regarding this and will update this thread if I get any reply from them.

tl;dr I recommend avoiding purchasing anything from the FLV website directly until the issue described above is rectified. It doesn't appear their online storefront is connected to their wordpress installation, but as such information is unclear at the time, I would not risk it.

Edit: Wording is hard (spelling)

UPDATE 05/16: Flavorah has responded and is fully aware of and has fixed the security vulnerability.

Comments

9 points

by lucaswildeover 9 years ago

I deal with these type of malware injections in WordPress all of the time, and they've never in my experience been anywhere close to obtaining transaction data - nor is it their aim. They're just injecting spam to inflate the search engine rankings. It'd be a very good idea for them to fix it ASAP as Google will blacklist their site if they don't, and it would even be wise to pause on making a new order, but I really don't believe anybody who has already made an order need worry, especially considering that this is a WordPress exploint and the shop is run on 3dcart, not WordPress.

3 points

by BendroRodrigoover 9 years ago

Yeah, I couldn't find any link between their storefront and their wordpress install. I rather err on the side of safe, haha.

3 points

by surfishermanover 9 years ago

Always wise to err on the cautious side , malware is freaking everywhere these days.

1 points

by OpiumPhroggover 9 years ago

Ransomware is the new big thing and they are straight nasty. No better time to make sure your AdBlock is enabled and you have a good offline backup and a decent and up to date antivirus.

6 points

by BigStankover 9 years ago

My job would be so much easier if Wordpress would literally just go away or if Devs would patch. :). Nice find.

Bug Bounty for free flavors? :)

2 points

by Raybait1over 9 years ago

I don't think they want to fix it (or maybe they cant?). This has been a problem for at least the last 3 years.

2 points

by BigStankover 9 years ago

Wordpress, seems like weekly, has vulnerability patches made available. It's fixable.

1 points

by Raybait1over 9 years ago

I'm no security expert. I just like to write. Even with their patches and updates, I was cleaning up these links almost monthly. Complex and frequently changed passwords didn't seem to matter. So "fixable" may be a relative term.

3 points

by aftli_workover 9 years ago

Oh, and PSA for spammers: Google is not dumb. Google knows these links are hidden from the user viewing the site. This is not helping you.

1 points

by SNOTFANover 9 years ago

good catch. thanks for this.

1 points

by ljab26over 9 years ago

Xss attacks don't affect SEO. Neither does linking. Hasn't for a while ( on Google at least). These phishing attacks are used so you click the trusted sources link, end up there thinkng its related and trusted - and attempt a download resulting to spyware. Also, this won't affect shopping on their site. Just make sure not to download anything