Xenonauts website

[Pascal]

Why does every page at http://www.xenonauts.com have four hidden links after the /html?

Edited October 7, 2014 by Pascal

[Solver]

Very good catch, should be fixed now.

[Pascal]

The hidden links are back. Just in a different position this time. Do you have a virus on one of your computers? Search for "elektronik sigara" to find the first one.

[Pascal]

I am concerned that whoever was able to access the website source code and insert arbitrary code may have been able to do the same to the game itself. Have you been able to determine how this hack was achieved? The link spam is still in place on the website.

[iycgtptyarvg]

Yikes!

Developers, could you please respond to this?

I use the same computer I play Xenonauts on for work and banking.

If there is a virus in Xenonauts we REALLY need to know!

[Chris]

There's no virus in Xenonauts. Our code repo isn't hosted on the same server as our website so there couldn't have been any contamination even if the culprits were more than just simple script kiddies.

The hack happened because we had an outdated version of Wordpress that happened to have a security loophole in it and someone with an automated vulnerability scanner found our website and replaced it with Alegerian jihadi propaganda for a day or two. I wouldn't worry too much about it.

[Pascal]

https://archive.org/ indicates the unauthorized links appeared on http://www.xenonauts.com/ by 10/29/13. They did not get removed until after I started this thread on 8/13/14, for a total of at least 9.5 months. They then re-appeared by 10/7/14 and are still there (coming up on another month now).

It appears the hack you are referring to was a separate incident and whoever removed the links on 8/13/14 just removed the links but didn't actually fix the backdoor that allowed the hacker in in the first place.

Saying "there couldn't have been any contamination" is premature when you have not yet even identified and fixed the currently existing backdoor.

If anyone has access to both the website and Xenonauts repositories and used the same username and password on both, or the admin account uses the same password on both, or the website hack was achieved via the use of a backdoor installed on one or more computers at GoldhawkInt, or <insert many other common scenarios here>, then it is possible Xenonauts itself could be compromised as well.

[Chris]

Yeah, the jihadi hack happened on exactly that date: http://www.goldhawkinteractive.com/forums/showthread.php/7643-Xenonauts-com-hacked-%28seriously%29

I appreciate your concern and you're correct to point the issue out but I think you're overstating the potential risks; I've already told you that the code and the website are on entirely separate servers and the only person with access to both is me (and I do indeed have different passwords for each).

The reason that the links re-appear is almost certainly because I avoid updating Wordpress because our template and extensions are hacked together and I really want to avoid anything that might break them. Probably something I shouldn't be doing (and we'll update again shortly), but it's not the same as there being a hacker filling Xenonauts with rogue code that will steal your bank details.