Jump to content

State of the forum(s) + changelog


Christopher

Recommended Posts

  • Replies 572
  • Created
  • Last Reply

Top Posters In This Topic

We were comprimised twice by Russian hackers earlier today. They gained full SQL and forum admin access. We've applied some security changes and that method of entry will never occur again. Thankfully there is no visible damage nor nothing important lost (that I could see from my observations), but it was definitely an extremely complex scripting method involving SQL injections via a simple forum post.

Sigh.

Link to comment
Share on other sites

i'll be watching for Russians and Tornadoes here in RI. RI is Sooooo small that we get one tornado every 20 years (i've see two little ones; and actually tried to chase the last one with the new/old 69 THunderbird.

soooo, we had a Russian on the member list for a while? *concerned a little but not worried too much*

Link to comment
Share on other sites

Sadly, the Spamming has begun...

Yes IE users Don't click on the View New Posts link for the moment as this seems to trigger it - at least it has done on my 2 machines in IE6 / 7. I haven't had an issue with Firefox yet.

Link to comment
Share on other sites

thanks ,Nismo; been a long time; huh?

how's your boy; must be getting big. i swear i see him all over RI on the "Billboards" promoting some education thing; looks just like him.

i will start using "View New Posts" again; then; Ben.

Link to comment
Share on other sites

Sadly, the Spamming has begun...

We were comprimised twice by Russian hackers earlier today. They gained full SQL and forum admin access. We've applied some security changes and that method of entry will never occur again. Thankfully there is no visible damage nor nothing important lost (that I could see from my observations), but it was definitely an extremely complex scripting method involving SQL injections via a simple forum post.

Sigh.

I´ve just received the same spam mail. So they must have gotten our Email Adresses :angry:

Edited by tinwhistle
Link to comment
Share on other sites

I´ve just received the same spam mail. So they must have gotten our Email Adresses :angry:

They sent the email by making themselves an admin so I don't know if this necessarily means they can see the full email addresses or not.

Link to comment
Share on other sites

Having used IE without updates before, my 'puter has been attacked by simply clicking a link in these forums. After having it cleaned (i hope so), i have to run a more secure browser now. I hope everyone ignores the spam mail.

Link to comment
Share on other sites

It might be good to PM everyone who got the original PM as to the fact it was a hack and to NOT click the link they provided. I looked (I thought) all over the forum for info and ended up sending some PMs, not realising it was already well-known...

I know admitting a hack isn't the easiest thing to do but the info is kinda buried and could lead to some people getting some nasty viruses...

Link to comment
Share on other sites

I'm not sure how to warn people.

Apparently the patch I applied a few days ago didn't go through as intended and they broke in again, yesterday. 12,245 spam e-mails (which had a direct link to a virus) were sent through the bulk mail feature on the forum and iframe'd spyware was put at the bottom of the forum in the global footer (thousands of people hit it).

I caught the spamming whilst in progress (it was going to send e-mails to all 37,000+ registrants) and stopped that, and then discovered the spyware and neutralized it. I reapplied a security patch and realized that I didn't do it right the first time.

The way they got in is amazing. I'll save you guys from the technical hyperbabble, but they used SQL injection techniques that use the forum's skin as the trojan horse. From there, the Russian hacker(s) had full forum admin and SQL access. It was extremely complex code, and I can say some of the people I showed it to were quite surprised.

I hope that future legitimate mass e-mails we send don't get marked as spam because of this action. It ruined some of the credibility of the forum.

I told Invision Power Board (the creators of the forum software) that if this were to keep occuring we'd switch to a different software. I'm sure some of you remember how things went with phpbb, and it if becomes that with Invision then we'll just migrate to vBulletin.

Link to comment
Share on other sites

I hope it all goes well now .Yeah, this incident does ruine some credibility of the forum but since this forum has given lot of knowledge about MiniDisc & it is of one of the best forums i have visted(Including T-board & Atraclife ) .

Edited by stuge
Link to comment
Share on other sites

There's an option in your control panel to disable receiving emails from the administration. You might have checked that.

I have both of these options checkmarked:

(1) Hide my email address from other members

Enabling this option will deny other members sending you an email via the board.

(2) Send me any updates sent by the board administrator

Enabling this option will add your email address to the administrators mail list and you will receive any updates sent.

So, was it option #1 (and not the administrator mail list) that prevented me from receiving that e-mail? Nothing in my spam folder either.

Link to comment
Share on other sites

I'm not sure how to warn people.

Maybe a short news-entry on the frontpage, outlining the problem and what has been done to contain the problem, plus an advice, what should be done with this spammail.

but they used SQL injection techniques that use the forum's skin as the trojan horse.

SQL-Injection? Neat. Looks like something, somewhere isn't filtered correctly.

It ruined some of the credibility of the forum.

I think, by being straight and honest about it, much of that credibility can be gained back quickly.

I told Invision Power Board (the creators of the forum software) that if this were to keep occuring we'd switch to a different software. I'm sure some of you remember how things went with phpbb, and it if becomes that with Invision then we'll just migrate to vBulletin.

I don't think, that this is the solution. phpBB had a bunch of problems with leaky code, SQL-Injection and other niceties. They learned their lesson well. And so will IPB. Therefore I don't think, changing the board-software again will prevent you from similar problems in the future. You don't know, what kind of surprises vBulletin or any other forum system might contain. Plus, will another forum system keep up with the load?

Link to comment
Share on other sites

Could they have got access to our email addresses on our profiles? That would lead to a rather large amount of spam in our email in boxes if thats the case :o

I think: yes! At least, I have received six spam mails from U.S. addresses since yesterday advertising discount pharmacy, Rolex watches etc. :angry:

I had never received ANY spam before...

Link to comment
Share on other sites

It was mostly security updates and some other things admin side. Invision is feeling the heat with this one, as I'm not the only one to get hit.

Anyway, a Gallery update is coming up on the hour, nothing real fancy but apparently it resolves some problems with the bulk uploader. I'll be posting pics from life soon, it's been too long (and I've been guilty of using flickr).

Link to comment
Share on other sites

I have both of these options checkmarked:

(1) Hide my email address from other members

Enabling this option will deny other members sending you an email via the board.

(2) Send me any updates sent by the board administrator

Enabling this option will add your email address to the administrators mail list and you will receive any updates sent.

So, was it option #1 (and not the administrator mail list) that prevented me from receiving that e-mail? Nothing in my spam folder either.

I have both of those checked as well. I think the spam was sent because of option #2, but I haven't received any other email from the board admins about the problem...

I do think it warrants a short front page mention and link to a writeup, explaining the board has been upgraded, it might be smart to change passwords, etc.

Link to comment
Share on other sites

They sent the email by making themselves an admin so I don't know if this necessarily means they can see the full email addresses or not.

i've received 6 spam-mails today, on my previously spam free email account. could still be coincidence, but i just wanted to tell, so you know... ;)

(and i'm not talking about that spoof mail with that virus containing exe wich i didn't get since the checkbox is unchecked)

Edited by SlowMo
Link to comment
Share on other sites

They sent the email by making themselves an admin so I don't know if this necessarily means they can see the full email addresses or not.

i've received 6 spam-mails today, on my previously spam free email account. could still be coincidence, but i just wanted to tell, so you know... ;)

(and i'm not talking about that spoof mail with that virus containing exe wich i didn't get since the checkbox is unchecked)

I can confirm this.. I started receiving spam on an email account that was previously spam free. :(

Link to comment
Share on other sites




×
×
  • Create New...