| ioi said: How are we being hacked though?? Can anyone see an obvious flaw or problem in our site security |
Someone could be getting credentials through XSS, for example. They could be using your ad host, and they could have gained credentials to VGChartz using XSS. Otherwise, the server hosting VGChartz has a variety of protocols I wouldn't use with authentication in practice because they're cleartext: ftp, telnet, smtp, etc. These may not be the source of your problems (I'd wager XSS is) but they're sloppy and if you have people authenticating in the clear and they use wireless, especially in public -- at a games-related show, or an internet cafe, for example -- it's very likely that someone else knows their authentication.
Take a look at your apache plugins and verify that they're not vulnerable versions. Pay particular attention to anything that sends client-side HTML to be modified, as this is one of the most common XSS attack vectors for IE. Make sure that the forum software here isn't vulnerable to type-2 XSS attacks.
It may be worth connecting to this site on a computer that displays the behavior (attempts to get a drive-by install of malware) and use wireshark or something of the like to give you a clue as to how/where this is coming from.
