XiozZe / XioScript

XioScript
11 stars 16 forks source link

Malicious fake scripts?? #102

Closed Marloan closed 6 years ago

Marloan commented 8 years ago

Is it possible that new altered versions of your script since it is open source are out there availble....

version 7.3 is still available on greasemonkey website, of course many functions dont work. Altered versions are available aswell.... like the xio script reborn and the xio superscript. Would it be possible that such scripts could be also maliciously?? Like extract account and password information from your browser.

Virtonomics sent me a message that there was a hack attack causing problems on their servers.

Since the builders part from the xio script was removed, I am sure many people look for working older versions or alternatives... and experiment with scripts that are out there... like and Ibk builders script that does not work in english obviously. but is promoted in the russian forum.

seawerst commented 8 years ago

I'm the author of XioScript Reborn. I manage this branch version until this project come out with a release version. As you should never blindly trust someone on the Interne, I create a file comparison between my version and Xio one. Even if your not a programmer, you will be able to see the only modifications are for new type of buildings.

https://www.diffnow.com/?report=b9n2p

XiozZe commented 8 years ago

I vaguely remember Xio's SuperScript as my own work. Not sure what it did again.

A malicious script is certainly possible, however I have never encountered a virtonomics one before. You can always just check who has written and posted the script and look if they have posted more scripts under the same username. Check the times downloaded (if available), and whether the user has posted a reference to the script on the forums.

Marloan commented 8 years ago

wow I wish Virtonomics support was as fast as this forum here....

I wrote them about security issues, since they have problems with hacking and I played with some scripts a bit to see if they work and what they do and 2 days later i get a notice from virtonomics that my account is on the list of possible hacked accounts. So far I dont see any damage luckily, but this issue got me to thinking if scripts could be the problem since my friend didnt get any hack messages.

btw. did you know that you can stay logged in with your old password for ever if you change it on another device if you dont logg out, just close the browser. in a game where login names and real names are displayed in politics. So your political opponents could use a simple hack tool to find out your password and just disable you even in real life. Handling money without Https or any bitdefender or kaspersky or avira cooperation.

I am not a programmer but java script is a very selfexplainatory language if written in english, so i can read it a bit ... and yes I tried to find the line that disables the builders script ;) and I have a suspect... hehe... havent had the time to fiddle with it yet.... and I am a bit reluctant since its a quite extensive script with a lot of interweaving variables.

XiozZe commented 6 years ago

Well, the new XS14 is an add-on. No more fake scripts!