State of the forum(s) + changelog

[Christopher]

Everything was cool at my house (and the car is still mint), but not for others. I have some pictures in my myspace blog..

All other skins are off for two weeks until we get all new ones. And they will be good, much better than what we've had. Thanks for your patience..

[Stuge]

All other skins are off for two weeks until we get all new ones. And they will be good, much better than what we've had. Thanks for your patience..

Will check your blog

Looking forward to those new skins as well..

[Christopher]

We were comprimised twice by Russian hackers earlier today. They gained full SQL and forum admin access. We've applied some security changes and that method of entry will never occur again. Thankfully there is no visible damage nor nothing important lost (that I could see from my observations), but it was definitely an extremely complex scripting method involving SQL injections via a simple forum post.

Sigh.

[mercury_in_flames]

meh, at least the sites still ok. Could they have got access to our email addresses on our profiles? That would lead to a rather large amount of spam in our email in boxes if thats the case

[rayzray]

i'll be watching for Russians and Tornadoes here in RI. RI is Sooooo small that we get one tornado every 20 years (i've see two little ones; and actually tried to chase the last one with the new/old 69 THunderbird.

soooo, we had a Russian on the member list for a while? *concerned a little but not worried too much*

[Fat Tires]

Sadly, the Spamming has begun...

Minidisc Community Forums

<noreply@minidisc.org> to me

More options 11:42 am (26 minutes ago)

Our new application.

Just check it out:

http://traffdollars.biz/dl/loadadv598.exe

[Richard]

Sadly, the Spamming has begun...

Yes IE users Don't click on the View New Posts link for the moment as this seems to trigger it - at least it has done on my 2 machines in IE6 / 7. I haven't had an issue with Firefox yet.

[Stuge]

Yup ,I alsao using FireFox right now ..those terrible Russian internet Terrorists.Go away from here ..

[rayzray]

are we going to be able to use "view New posts" later; or, is this a permanet thing?

i do have Firefox (i think); soooo , that means i am safe? (my piano students instaall all this bling bling; i just sing sing).

[Fat Tires]

You ought to be safe Ray. I've used the view new posts button today with Firefox and had no ill affects.

[rayzray]

thanks ,Nismo; been a long time; huh?

how's your boy; must be getting big. i swear i see him all over RI on the "Billboards" promoting some education thing; looks just like him.

i will start using "View New Posts" again; then; Ben.

[tinwhistle]

Sadly, the Spamming has begun...

We were comprimised twice by Russian hackers earlier today. They gained full SQL and forum admin access. We've applied some security changes and that method of entry will never occur again. Thankfully there is no visible damage nor nothing important lost (that I could see from my observations), but it was definitely an extremely complex scripting method involving SQL injections via a simple forum post.

Sigh.

I´ve just received the same spam mail. So they must have gotten our Email Adresses

Edited May 3, 2006 by tinwhistle

[Richard]

I´ve just received the same spam mail. So they must have gotten our Email Adresses

They sent the email by making themselves an admin so I don't know if this necessarily means they can see the full email addresses or not.

[greenmachine]

Having used IE without updates before, my 'puter has been attacked by simply clicking a link in these forums. After having it cleaned (i hope so), i have to run a more secure browser now. I hope everyone ignores the spam mail.

[jadeclaw]

Got one of these mails as well.

Since the crackers got our e-mail addresses, they possibly had access to the member registry.

I think, it is better to change passwords now.

[rayzray]

how do i know you are Jackclaw; or a Russian; what's the pass word?

[Justin42]

It might be good to PM everyone who got the original PM as to the fact it was a hack and to NOT click the link they provided. I looked (I thought) all over the forum for info and ended up sending some PMs, not realising it was already well-known...

I know admitting a hack isn't the easiest thing to do but the info is kinda buried and could lead to some people getting some nasty viruses...

[atrain]

everymember should have got it as they used the mailout.

change your passwords & ignore anyemails with unknown links in them.

[streaml1ne]

I've received no email or PM from any admins or the forum itself.

[jaylen]

Same here.

[greenmachine]

There's an option in your control panel to disable receiving emails from the administration. You might have checked that. I agree with Justin42, but it must be hard to admit indeed.

[Christopher]

I'm not sure how to warn people.

Apparently the patch I applied a few days ago didn't go through as intended and they broke in again, yesterday. 12,245 spam e-mails (which had a direct link to a virus) were sent through the bulk mail feature on the forum and iframe'd spyware was put at the bottom of the forum in the global footer (thousands of people hit it).

I caught the spamming whilst in progress (it was going to send e-mails to all 37,000+ registrants) and stopped that, and then discovered the spyware and neutralized it. I reapplied a security patch and realized that I didn't do it right the first time.

The way they got in is amazing. I'll save you guys from the technical hyperbabble, but they used SQL injection techniques that use the forum's skin as the trojan horse. From there, the Russian hacker(s) had full forum admin and SQL access. It was extremely complex code, and I can say some of the people I showed it to were quite surprised.

I hope that future legitimate mass e-mails we send don't get marked as spam because of this action. It ruined some of the credibility of the forum.

I told Invision Power Board (the creators of the forum software) that if this were to keep occuring we'd switch to a different software. I'm sure some of you remember how things went with phpbb, and it if becomes that with Invision then we'll just migrate to vBulletin.

[Stuge]

I hope it all goes well now .Yeah, this incident does ruine some credibility of the forum but since this forum has given lot of knowledge about MiniDisc & it is of one of the best forums i have visted(Including T-board & Atraclife ) .

Edited May 4, 2006 by stuge

[mercury_in_flames]

jeeeeez. As long as they dont come back :mad:

[jaylen]

There's an option in your control panel to disable receiving emails from the administration. You might have checked that.

I have both of these options checkmarked:

(1) Hide my email address from other members

Enabling this option will deny other members sending you an email via the board.

(2) Send me any updates sent by the board administrator

Enabling this option will add your email address to the administrators mail list and you will receive any updates sent.

So, was it option #1 (and not the administrator mail list) that prevented me from receiving that e-mail? Nothing in my spam folder either.

[jadeclaw]

I'm not sure how to warn people.

Maybe a short news-entry on the frontpage, outlining the problem and what has been done to contain the problem, plus an advice, what should be done with this spammail.

but they used SQL injection techniques that use the forum's skin as the trojan horse.

SQL-Injection? Neat. Looks like something, somewhere isn't filtered correctly.

It ruined some of the credibility of the forum.

I think, by being straight and honest about it, much of that credibility can be gained back quickly.

I told Invision Power Board (the creators of the forum software) that if this were to keep occuring we'd switch to a different software. I'm sure some of you remember how things went with phpbb, and it if becomes that with Invision then we'll just migrate to vBulletin.

I don't think, that this is the solution. phpBB had a bunch of problems with leaky code, SQL-Injection and other niceties. They learned their lesson well. And so will IPB. Therefore I don't think, changing the board-software again will prevent you from similar problems in the future. You don't know, what kind of surprises vBulletin or any other forum system might contain. Plus, will another forum system keep up with the load?

[sharpsony]

Could they have got access to our email addresses on our profiles? That would lead to a rather large amount of spam in our email in boxes if thats the case

I think: yes! At least, I have received six spam mails from U.S. addresses since yesterday advertising discount pharmacy, Rolex watches etc.

I had never received ANY spam before...

[Christopher]

Forum upgraded to Invision 2.1.6.

[Richard]

Forum upgraded to Invision 2.1.6.

Looked like a very quick upgrade (not much downtime) - good job

[Christopher]

It was mostly security updates and some other things admin side. Invision is feeling the heat with this one, as I'm not the only one to get hit.

Anyway, a Gallery update is coming up on the hour, nothing real fancy but apparently it resolves some problems with the bulk uploader. I'll be posting pics from life soon, it's been too long (and I've been guilty of using flickr).

[Richard]

I'll be posting pics from life soon, it's been too long (and I've been guilty of using flickr).

Off- topic but... I checked out your blog and the associated photos - nice. Personally I quite like flickr.

[Justin42]

I have both of these options checkmarked:

(1) Hide my email address from other members

Enabling this option will deny other members sending you an email via the board.

(2) Send me any updates sent by the board administrator

Enabling this option will add your email address to the administrators mail list and you will receive any updates sent.

So, was it option #1 (and not the administrator mail list) that prevented me from receiving that e-mail? Nothing in my spam folder either.

I have both of those checked as well. I think the spam was sent because of option #2, but I haven't received any other email from the board admins about the problem...

I do think it warrants a short front page mention and link to a writeup, explaining the board has been upgraded, it might be smart to change passwords, etc.

[Christopher]

Might've been a search engine collecting data from the forum, but noteworthy nonetheless..

Most users ever online was 655 on Today, 01:20 PM (EST)

Anyone remember when the forum would freeze at like 50 people? lol

[Richard]

Most users ever online was 655 on Today, 01:20 PM (EST)

At the moment about 400 of those are guests.. What's the big attraction..??

[Christopher]

Not sure..

I merged two forums today; the Pre-NetMD/MDLP and the MDLP/NetMD forum.

[SlowMo]

They sent the email by making themselves an admin so I don't know if this necessarily means they can see the full email addresses or not.

i've received 6 spam-mails today, on my previously spam free email account. could still be coincidence, but i just wanted to tell, so you know...

(and i'm not talking about that spoof mail with that virus containing exe wich i didn't get since the checkbox is unchecked)

Edited May 15, 2006 by SlowMo

[KrazyIvan]

They sent the email by making themselves an admin so I don't know if this necessarily means they can see the full email addresses or not.

i've received 6 spam-mails today, on my previously spam free email account. could still be coincidence, but i just wanted to tell, so you know...

(and i'm not talking about that spoof mail with that virus containing exe wich i didn't get since the checkbox is unchecked)

I can confirm this.. I started receiving spam on an email account that was previously spam free.

[Ishiyoshi]

I can confirm this.. I started receiving spam on an email account that was previously spam free.

I can confirm this as well. Once again, we apologize for this unfortunate event.

[atrain]

really? i got the email but didn't get any spam & i dont have a filter. odd.

[Stuge]

Neither i got any e-mail or any spam ..but what happened last night ???

Edited May 16, 2006 by stuge