posted
The front page of another forum I frequent currently redirects you here. So very charming. Direct links to internal categories work fine. A message posted by one of the admins over 2 hours ago implies that they are attempting to deal with the problem, but perhaps do not know how.
Some of you must know of a patch(es)?
Posts: 32919 | Registered: Mar 2003
| IP: Logged |
posted
Patches and what not will depend on what version of which bulletin board system they're using. phpBB, for example, is commonly hacked and targeted because a. it's fairly easy, relatively speaking and b. it's fairly popular, so it's easy to find targets.
They should go to the support site for the software they use and see what's available.
Posts: 8355 | Registered: Apr 2003
| IP: Logged |
posted
They are using phpBB 2.0.10, according to what I can see.
And likely they ARE in contact with the support site. I just thought one of the Hatrack Experts might have a suggestion I could pass along.
Posts: 32919 | Registered: Mar 2003
| IP: Logged |
posted
Yeah, there's a long known vulnerability for the version of phpBB they're running. Do as the hackers suggest and all will be fine.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Should it take long for them to update to the newer version? Judging by the lack of recent posts, not many people know about the back doors.
Posts: 32919 | Registered: Mar 2003
| IP: Logged |
posted
It happened at my site a while back. What happens is a hacker can get in basically as if they were the admin account. What I was able to do was edit the database of the board (via mysqladmin) and change the e-mail address of the main admin account back to my own. Then I could do the e-mail to change the password back. Once they've done that, they should deactivate the board and apply the update, followed by restoring the backup of the DB. Assuming they have a recent one, which I didn't.
Posts: 5422 | Registered: Dec 2001
| IP: Logged |
posted
It sounds like rivka's forums are pretty much intact, there's just a redirect in place of the front page.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Unless someone actually got the login for the hosting account and not just the forum admin stuff, they should be able to make the site redirect anywhere. That I can see.
Posts: 5422 | Registered: Dec 2001
| IP: Logged |
posted
One thing to consider, though, is that frequently, the hackers will leave behind a file that will allow them access to the forum again, even after the site has been hacked. The webmaster, if s/he knows what s/he's doing, will go through all the logs and/or all the files/folders and search for any such things or any other changes that were made.
There is also at least one hack out there that allows for full access to the webserver. As in, that harddrive where hundreds or thousands of websites are stored. Bad, very very bad.
Posts: 8355 | Registered: Apr 2003
| IP: Logged |
posted
Yes, the easiest way to do that is often to have all the files in question restored from backup, then add any modifications since the (hopefully nightly) backup.
Since most things should be stored in a database, this shouldn't take long with cooperation by the ISP. In fact, since in the case of a message board most of the files will just be stuff used by the message board, in the upgrade most of them will be ditched anyways.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
While one can't be sure without an audit or a pave-and-replace, most hackers are actually pretty good about not leaving back doors to uninteresting servers like theirs -- they just have an intense dislike of unpatched sofware that leads to their illicit behavior. In fact, some hackers patch minor problems after they crack them (this happened at Beloit a while ago, where Bernard works -- they hacked them through an exploit in a single file, put up a notice, fixed the exploit, and left).
One reason hackers are particularly annoyed at this security vulnerability is its the result of some particularly atrocious programming practices.
Note: while I'd guess most hackers wouldn't leave a back door around, partly because most hackers aren't in it for evil purposes, but out of feelings of rebellion, a lot certainly would. Always check, or take steps that preclude the possibility.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Fahim is a sys-admin for a web hosting company in the US, and he gets to deal with the customers who've been defaced or otherwise exploited and don't have a clue what's going on or what to do. It's from him that I've been hearing about back-door files left in place and all the rest.
In other words, he probably hears a bit more about it than most folks.
Posts: 8355 | Registered: Apr 2003
| IP: Logged |
posted
Oh, and you should point out its not extortion -- its right out there in public that they haven't been following security issues with their software properly, and there's no threat of anything further should they not comply (though I suppose there's the implied threat -- if they don't upgrade, some other hacker is going to come by and do the same thing again and again!).
Theoretically they could find a way to fix it by hand, but I severely doubt they're that competent.
I'm not saying email the guy, that would be a step to far, but the upgrade is widely known about and used, plus easy to perform.
*shakes head at some of the people they allow out on the complicated internet*
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Looks like we pay a visit to Montevideo and pick up the thread from there...
<dons black hat and swirly cape> <selects appropriate cane tips>
quote:Registration and WHOIS Service Provided By: directNIC.com
Intercosmos Media Group, Inc. provides the data in the directNIC.com Registrar WHOIS database for informational purposes only. The information may only be used to assist in obtaining information about a domain name's registration record.
directNIC makes this information available "as is," and does not guarantee its accuracy.
Registrant: Live Interactive S.R.L. Wilson F. Aldunate 1342 Montevideo, Montevideo 11100 UY (2) 901 50 64 Fax:(2) 209 15 18
Domain Name: TRANS69.COM
Administrative Contact: Caetano, Martin hosting@liveinteractive.net Wilson F. Aldunate 1342 Montevideo, Montevideo 11100 UY (2) 901 50 64 Fax:(2) 209 15 18
Technical Contact: Caetano, Martin hosting@liveinteractive.net Wilson F. Aldunate 1342 Montevideo, Montevideo 11100 UY (2) 901 50 64 Fax:(2) 209 15 18
Record last updated 02-26-2003 07:47:06 AM Record expires on 09-13-2005 Record created on 09-13-2002
Domain servers in listed order: NS1.SPONSORADULTO.COM 66.115.176.75 NS2.SPONSORADULTO.COM 66.115.176.77
By submitting a WHOIS query, you agree you will use this data only for lawful purposes. You also agree that, under no circumstances, will you use this data to: a) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or to (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar.
The compilation, repackaging, dissemination, or other use of this WHOIS data is expressly prohibited without the prior written consent of directNIC.com.
directNIC.com reserves the right to terminate your access to its WHOIS database in its sole discretion, including without limitation, for excessive querying of the database or for failure to otherwise abide by this policy.
directNIC reserves the right to modify these terms at any time.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
posted
Well, it was bad enough when we used to have to worry about SPAM.
But now we have to worry about SPIM (spam over IM) and SPIT (spam over internet telephony)
and likewise,
Now, instead of just Phishing we have to worry about Pharming -- a new technique for Internet fraud which involves interfering with the name resolution process on the Internet. Name resolution system modification so user thinks they are accessing the IP of the named site, with anonymous proxy servers being particularly vulnerable
quote: I just wish they would do it already. I was in the middle of several discussions.
Rivka sweetie, umm, just HOW many internet forums do you really need? Is it time for a virtual intervention at one of your many forums? I'll bring the dip.
Posts: 6316 | Registered: Jun 2003
| IP: Logged |
Anyway, if I had to choose between this one (where I can use Hebrew and Yiddish phrases, and be understood) and some of my others, I'd choose this one.
Not over Hatcrack, of course, but that goes without saying.
Posts: 32919 | Registered: Mar 2003
| IP: Logged |
In other news, the front page is fixed. And we're still using the old version. The good news is that I'm now one of several people agitating for an upgrade.
Posts: 32919 | Registered: Mar 2003
| IP: Logged |