Author Topic: Hacked again..  (Read 12780 times)

0 Members and 1 Guest are viewing this topic.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Hacked again..
« on: January 12, 2013, 07:36:44 AM »
I thought I'd set up a thread with info about when we are hacked or an attempted hack that has caused the site to fail.

Today we were hacked and when that happens access is restricted to only my IP so I can get in and fix things.  It was awkward because I had to go to East London to a client so I could only inspect half of the site before I had to leave.  It looks ok now and I will try and get full access back to the members.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 6430
  • Gender: Male
  • Who yous looking ats
Re: Hacked again..
« Reply #1 on: January 12, 2013, 10:23:26 AM »
seems ok for me know.
I wont post a picture of the screen i got when i tried to log in  as all seems ok

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #2 on: January 12, 2013, 10:36:27 AM »
We were hacked at around 9am (GMT) which really pissed me off as that it a bad time for me to sit down and wade through the site files. Next time can the hacker (if you are reading this) hack us around 1pm as I'll be all calm and drinking tea at that time.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline xtopave

  • Site Modette
  • Q
  • *
  • Posts: 28876
  • Gender: Female
Re: Hacked again..
« Reply #3 on: January 12, 2013, 01:40:10 PM »
 >:(

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #4 on: January 12, 2013, 02:26:20 PM »
Any idea on how we were compromised?  Is there a SMF exploit we need to look into?
--dweez

Offline Beatrix

  • Cro-Magnon
  • ****
  • Posts: 777
Re: Hacked again..
« Reply #5 on: January 12, 2013, 02:55:45 PM »
Sorry there Smokes.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #6 on: January 12, 2013, 05:54:18 PM »
Any idea on how we were compromised?  Is there a SMF exploit we need to look into?

Tricky one really.  In the past when the site shared the same password with the database, I assume they exploited a vulnerability to obtain it, and then created FTP user accounts and had a field day.  But now that is not the case and just last week we upgraded to MySQL 5.5, I have no idea how they got to upload some crap, even bypassing the SMF firewall while they did?

You could have always done it?  If it's more pay your after then consider your salary doubled as of today.

 
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline ohcheap1

  • Q
  • *
  • Posts: 19080
  • Gender: Female
Re: Hacked again..
« Reply #7 on: January 12, 2013, 07:50:01 PM »
I did email dweez when I saw it. Sadly he never responded. :(

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #8 on: January 13, 2013, 01:09:07 AM »
Sorry oc1, I don't normally get a chance to check my e-mail on the weekend.
--dweez

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #9 on: January 13, 2013, 05:34:04 AM »
I did email dweez when I saw it. Sadly he never responded. :(

Did you get the "...forbidden" page?  The system is pretty good now as when malicious files are detected, access is automatically forbidden to all IPs.  Then when I see the notification they grant access to my IP and then I can go in a fix things.

Essentially this means if the site is hijacked, no one can unsuspectingly fall foul to a phishing scam or the like. 
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 6430
  • Gender: Male
  • Who yous looking ats
Re: Hacked again..
« Reply #10 on: January 13, 2013, 05:36:19 AM »
I had the forbidden page and the 403 also
looked pretty impressive.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #11 on: January 13, 2013, 05:47:41 AM »
I had the forbidden page and the 403 also
looked pretty impressive.

The problem is that if the hack was to do with a MySQL vulnerability, it is not that straightforward to change the password for the database (that I know of). You have to rebuild it using a new user account which then has new credentials and then use that new database for the site.

What I am saying, without saying too much, is it could happen again.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 6430
  • Gender: Male
  • Who yous looking ats
Re: Hacked again..
« Reply #12 on: January 13, 2013, 05:49:21 AM »
O well
s==t happens 

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #13 on: January 13, 2013, 05:51:22 AM »
O well
s==t happens

I don't think it will as it was futile, and tomorrow I'll be able to do the above.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #14 on: January 13, 2013, 12:58:30 PM »
I know it's fairly simple to reset the root password on MySQL.  Not sure if that applies to other accounts, but once you have the root password, you're pretty much golden for the whole thing.

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

This assumes we have root access to MySQL.  If we're sharing the MySQL instance with other sites, we might just have a specific user for Diasfora.  In cases like that, the hosting company should have root and should be able to reset the db account password for you.
--dweez

Offline bubu

  • Homo Erectus
  • **
  • Posts: 131
  • Gender: Female
Re: Hacked again..
« Reply #15 on: January 13, 2013, 04:23:45 PM »
I am having problem with the site, still some pages don't open up, could be related to this problem?

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #16 on: January 13, 2013, 06:19:45 PM »
I know it's fairly simple to reset the root password on MySQL.  Not sure if that applies to other accounts, but once you have the root password, you're pretty much golden for the whole thing.

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

This assumes we have root access to MySQL.  If we're sharing the MySQL instance with other sites, we might just have a specific user for Diasfora.  In cases like that, the hosting company should have root and should be able to reset the db account password for you.

We can set up as many MySQL user accounts that we want and then set the database to use the credentials from one of those users to operate (that's the tricky part), while keeping the admin account for the site, separate. Then we might have to update the settings here so that the forum still had permission to use the database.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #17 on: January 13, 2013, 08:38:30 PM »
Hey Smokes. There was an undisclosed security vulnerability in SMF 2.0.2, but I have not been able to get a straight answer from anyone over there as to exactly what it was. The 2.0.3 patch through the admin control panel will fix it though, if and only if that is the way they are getting in. The patch doesn't affect any installed mods or customizations, and took less than a minute to implement. 

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #18 on: January 14, 2013, 02:24:03 AM »
Thanks Buster, I'd suspected that the site software might have been the weak link as the main site was still locked down.  I'll run that update immediately and hope that is the last of it.

I am having problem with the site, still some pages don't open up, could be related to this problem?

It was probably a load spike on the server as they happen intermittently. Thanks for mentioning it though.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #19 on: January 14, 2013, 07:51:33 AM »
I suspect that was it, but of course, you know your own setup better than anyone else. The site is responding really fast for me today also.

I understand why they won't tell what the holes are, not wanting every skiddie out there hacking away at all the unpatched sites, but for us that have to deal with the hack attempts, it would be nice to know what they are targeting.

Happy anniversary!

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #20 on: January 14, 2013, 08:32:32 AM »
I suspect that was it, but of course, you know your own setup better than anyone else. The site is responding really fast for me today also.

I understand why they won't tell what the holes are, not wanting every skiddie out there hacking away at all the unpatched sites, but for us that have to deal with the hack attempts, it would be nice to know what they are targeting.

Happy anniversary!

Many thanks again Buster, as you can see we are now 2.0.3.

I have other sites I maintain that also use SMF  2.0.2., and they have also been hacked at least once although not that recently.  I'll run the patch over on them too and see if that puts an end to things.

Is Aelthric using that update I wonder.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #21 on: January 14, 2013, 10:23:25 AM »
Aelthric is still on 2.0.2 as of a little while ago.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #22 on: January 14, 2013, 02:09:21 PM »
I understand why they won't tell what the holes are, not wanting every skiddie out there hacking away at all the unpatched sites, but for us that have to deal with the hack attempts, it would be nice to know what they are targeting.

I understand the logic behind this, but it's a flawed logic.  Much like DRM, not giving full disclosure only keeps the info out of the hands of the "good people".  The hackers have their own sub-culture and can easily learn of the details of a 0-day vulnerability.
--dweez

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #23 on: January 14, 2013, 03:14:23 PM »
So true. In many, if not most cases, the hacker underground knows about a software vulnerability long before the developers do. Keeping it away from the good guys serves no real purpose that I can see.

Offline 6pairsofshoes

  • Human
  • *****
  • Posts: 2216
Re: Hacked again..
« Reply #24 on: January 14, 2013, 11:57:14 PM »
Thanks for fixing it.

Offline SACPOP

  • Human
  • *****
  • Posts: 1170
Re: Hacked again..
« Reply #25 on: January 15, 2013, 04:23:56 AM »
As dumb as this may sound (and it WILL sound dumb), I was always under the impression that running a forum was a lot more simple than it is.
I figured you just bought a domain, paid the server provider, picked a template, chose some colors, checked a few boxes, and viola! you are now running a forum. After reading a little into it I now know I could not have been more wrong (well, I guess I could if I really tried... ;D ).

Thanks for all the work you do.

Offline xtopave

  • Site Modette
  • Q
  • *
  • Posts: 28876
  • Gender: Female
Re: Hacked again..
« Reply #26 on: January 15, 2013, 05:16:09 AM »
You know, SACPOP... Your post makes me want to say thank you again.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #27 on: January 15, 2013, 06:28:09 AM »
As dumb as this may sound (and it WILL sound dumb), I was always under the impression that running a forum was a lot more simple than it is.
I figured you just bought a domain, paid the server provider, picked a template, chose some colors, checked a few boxes, and viola! you are now running a forum. After reading a little into it I now know I could not have been more wrong (well, I guess I could if I really tried... ;D ).

Thanks for all the work you do.

Essentially this is true, but forums are "dynamic" sites that require both the front end and a back end. Then have to continually upgrade the site, add modifications - quite often by hand (as Buster will testify), maintain a healthy database as it is this that is the forum, so if that goes, then everything goes (as Aelthric will testify), and fix things that regularly break.

You also have to continually battle your host (as Dweez will testify to due to some hilarious senior management threads) as dynamic sites, as opposed to static ones, require a constant low server load and most of the services to be up and running well - hosts tend to want to oversell their servers which cause high loads which then knocks out other services like MySQL etc - and just chasing the techs that run the servers can be a major struggle by itself. Our first host for instance, took about 36 hours just to reply to an outage ticket let alone deal with the problem.

Then you have hackers and spammers that have nothing better to do than to destroy other people's work.

Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #28 on: January 17, 2013, 01:16:15 PM »
Indeed. Back before I switched from the 1.1.x series to the 2.x series, every single modification had to be hand coded repeatedly for every theme that was installed to the forum. At that time, that would mean several hours of adding code to a dozen or more theme templates, as well as the code the mod added to the core files.  Then, because so many themes are slightly different in their templates and structure, some themes would break or display wonky, and you had to experiment and manipulate the code to bring it back in line.  I don't miss those days at all. :)

Hosting issues are always a potential nightmare, depending on how well they maintain the servers and their own security. Then you always have the good and the bad service reps. God forbid you get one of the idiots for server support.  :D

 Then the worst of them are the hackers and spammers. Spam fighting is an ongoing fight. For every measure we take to keep them out, they soon learn ways to bypass it and get in again. I hate them more than I can speak here.  ;D

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #29 on: January 17, 2013, 01:45:04 PM »
I can see the spambots trying to register all the time, but the invite system gives us complete security against spam and self registering robots.  That might be why when they get home empty handed, their coder decides to hack us for good measure.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #30 on: February 05, 2013, 05:32:59 AM »
Either I'm going mad or some of the previously deleted hack files, reappeared.

MarkMonitor then got us temporarily shut down and saved the world in the process ::)
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline xtopave

  • Site Modette
  • Q
  • *
  • Posts: 28876
  • Gender: Female
Re: Hacked again..
« Reply #31 on: February 05, 2013, 06:34:25 AM »
I've been scared for the last half hour or so when I got "Forbidden".  :)

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #32 on: February 05, 2013, 07:10:41 AM »
I've been scared for the last half hour or so when I got "Forbidden".  :)

For me it was "ACCOUNT SUSPENDED" which was odd as I do the suspendin' and stuff for individual accounts.  Then I read my mail which included the MarkMonitor request to the host to shut us down.

I am second guessing myself now but I am sure I checked every single file individually and deleted all that shouldn't have be there.  I also checked the code of files that had been modified post the SMF installation to check that they hadn't been altered in some way.

It may be another conspiracy.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline ohcheap1

  • Q
  • *
  • Posts: 19080
  • Gender: Female
Re: Hacked again..
« Reply #33 on: February 05, 2013, 07:53:18 AM »
Got an IM from Goldie and he was getting the "ACCOUNT SUSPENDED" message too.

Offline mishca09

  • Q
  • *
  • Posts: 11386
Re: Hacked again..
« Reply #34 on: February 05, 2013, 08:54:45 AM »
I got acct suspeneded @ like 5am and then later in the morning got the forbidden message.
Every seems to be okay now, thank goodness.

Offline Autumn

  • Account on hold
  • Cro-Magnon
  • ****
  • Posts: 648
  • Gender: Female
  • No regrets
Re: Hacked again..
« Reply #35 on: February 05, 2013, 09:13:19 AM »
^same for me. I gotta say, I was freaking out. I already lost the noid, I can't lose you guys too!

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #36 on: February 05, 2013, 09:22:15 AM »
For everyone's interest, we cannot disappear or be shut down for very long as I essentially control the domain (as a reseller). I could have re-activated the site myself this morning but seeing as it was a serious request from the real authorities, I thought it better to liaise with the host to ensure they were fully aware of the current situation and could check the site files themselves.

If we are ever offline/suspended/giving you errors, it shouldn't take very long for me to sort things out - as long as I haven't had too many beers.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline xtopave

  • Site Modette
  • Q
  • *
  • Posts: 28876
  • Gender: Female
Re: Hacked again..
« Reply #37 on: February 05, 2013, 10:28:48 AM »
as long as I haven't had too many beers.

Aaaaand we're doomed.  :D

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #38 on: February 05, 2013, 02:06:14 PM »
I've just realised that our legitimate smileys have now gone.  That was the folder that had the hidden poo in it and why they may have been harder to detect (although I'm sure I did).  I'll get 'em back asap.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #39 on: February 05, 2013, 07:07:24 PM »
smokester, did you get an e-mail from SMF on Feb. 4th titled "SMF 2.0.4 and 1.1.18 critical security patches released"?  Maybe it was a new exploit that nailed us?  Let me know if you need me to forward it to you.
--dweez

Offline 6pairsofshoes

  • Human
  • *****
  • Posts: 2216
Re: Hacked again..
« Reply #40 on: February 05, 2013, 09:32:22 PM »
I missed the excitement, but I'm glad you have the matter well in hand.  Thanks.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 6430
  • Gender: Male
  • Who yous looking ats
Re: Hacked again..
« Reply #41 on: February 06, 2013, 12:27:48 AM »
Missed all the "fun" it seems.
glad its all ok now. phew

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #42 on: February 06, 2013, 02:42:34 AM »
smokester, did you get an e-mail from SMF on Feb. 4th titled "SMF 2.0.4 and 1.1.18 critical security patches released"?  Maybe it was a new exploit that nailed us?  Let me know if you need me to forward it to you.

I may have but haven't checked the email attached to my SMF account this year.

When I had to replace the smileys folder last night, I did so using an archive I made of the site files after the hack last month or whenever it was.  The phishing files were not in that but were yesterday after the suspension, so someone is still meddling by the looks of it.  I need to change all the passwords again especially that of the database so if you all bump into the maintenance page sometime in the near future, you'll know what's happening.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline townie2

  • Neandertal
  • ***
  • Posts: 468
  • Gender: Male
Re: Hacked again..
« Reply #43 on: February 06, 2013, 06:07:12 PM »
i was getting the "forbidden" message too. anybody piss off Anonymous?  ;D

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #44 on: February 07, 2013, 08:45:43 AM »
i was getting the "forbidden" message too. anybody piss off Anonymous?  ;D

That would have been me.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 6430
  • Gender: Male
  • Who yous looking ats
Re: Hacked again..
« Reply #45 on: February 08, 2013, 12:47:08 AM »
doesn't take alot these days to piss off Anonymous.
The standards of the hacker today have certainly dropped

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #46 on: February 08, 2013, 02:18:54 AM »
These days it seems to be all about "phishing". We have never had a hack from a bored, probably spotty, teen trying to hone his skills, nor have WikiLeaks made any attempt to out us.  What does happen every time one of my sites are hacked, is that bogus phishing pages and files are added in an attempt to defraud someone.

It's pretty futile to as these files are almost immediately picked up and either quarantined or the site disabled.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Online 8ullfrog

  • Human
  • *****
  • Posts: 2316
Re: Hacked again..
« Reply #47 on: February 08, 2013, 02:29:32 AM »
Have you ever considered kicking off a new week/month/year by completely firebombing the database and starting from scratch? I always thought the demonoid fora could be improved by a short exposure to a black hole.
just one little time change so a draft board in 1968 turns down the bribe to accept "bone spurs" and we are home-free.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #48 on: February 08, 2013, 02:40:53 AM »
The database is never touched.  What they seem to do is find a vulnerability that gets them FTP access and then they upload the files. 

There was one hack when all the index pages (SMF has a lot of them) had the code altered with a redirect script, but as some of the index pages were remote and only called back the main index, I presume this was also an automatic hack that just searched and altered all instances that it found.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Online 8ullfrog

  • Human
  • *****
  • Posts: 2316
Re: Hacked again..
« Reply #49 on: February 08, 2013, 04:24:48 AM »
Any idea what makes them target this site specifically?
just one little time change so a draft board in 1968 turns down the bribe to accept "bone spurs" and we are home-free.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #50 on: February 08, 2013, 03:05:17 PM »
Any idea what makes them target this site specifically?

I would guess that in part it may be the SMF installation as few, if any, versions have been bulletproof. It could also be that on paper it looks like we have a lot of traffic so if you are going to go phishing, you will need the phish. Lastly, you have to consider that dweez is a hacker-magnet.  He had signed up to be a chick-magnet but the ink ran.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #51 on: February 08, 2013, 10:29:39 PM »
Dang!



It's probably an automated thing.  Hacker runs a script and plugs in a range of IP addresses then walks away.  Script checks each IP to see if it's vulnerable to any of a number of exploits.  Script reports back to hacker, either when the scan is complete or as each vulnerable IP/server is found to let him/her know what it's vulnerable to.

The smart hackers do what's called a "slow scan".  It takes much longer but can help avoid "threshold" security on the server (server locks out offending IP and/or alerts the server owner if too many malicious looking "hits" occur during a pre-set up timeframe).
« Last Edit: February 09, 2013, 09:36:04 AM by dweez »
--dweez

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #52 on: February 09, 2013, 03:34:57 AM »
I'm confused now: where's the twitching eye?
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #53 on: February 15, 2013, 12:34:37 PM »
Sorry all. Had to work and then this one was difficult to remedy once I got home and started on it.

Must eat and bathe and will update later.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline 6pairsofshoes

  • Human
  • *****
  • Posts: 2216
Re: Hacked again..
« Reply #54 on: February 16, 2013, 12:16:20 AM »
encore une fois?

Offline bubu

  • Homo Erectus
  • **
  • Posts: 131
  • Gender: Female
Re: Hacked again..
« Reply #55 on: February 16, 2013, 02:37:04 AM »
Happy you are back  :)

Offline brickbatz

  • Cro-Magnon
  • ****
  • Posts: 801
  • Gender: Male
  • Politically Incorrect
Re: Hacked again..
« Reply #56 on: February 16, 2013, 06:45:03 AM »

Offline tarascon

  • Cro-Magnon
  • ****
  • Posts: 698
  • Gender: Male
  • Try again. Fail again. Fail better.
Re: Hacked again..
« Reply #57 on: February 16, 2013, 07:15:20 AM »
Thank you for the good work smokester. >bows<
Estragon: I can't go on like this.
Vladimir: That's what you think.

Offline Discover99

  • Cro-Magnon
  • ****
  • Posts: 693
  • Gender: Female
Re: Hacked again..
« Reply #58 on: February 16, 2013, 10:21:45 AM »

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #59 on: February 16, 2013, 01:15:57 PM »
encore une fois?

Yep, they were at it again.

Thank you for the good work smokester. >bows<

Thanks tarascon. 

I have taken some additional measures in an attempt to stop this happening again.  I'm not entirely sure why we have had such interest recently when we have gone years without a squeak. 

Keeps it interesting I suppose.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline tarascon

  • Cro-Magnon
  • ****
  • Posts: 698
  • Gender: Male
  • Try again. Fail again. Fail better.
Re: Hacked again..
« Reply #60 on: February 17, 2013, 06:51:51 AM »
People like that do not deserve the name Hacker; there's nothing creative about what they do.
(and I'm not referring to the hacker/cracker dichotomy either...)
Estragon: I can't go on like this.
Vladimir: That's what you think.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #61 on: February 17, 2013, 09:57:23 AM »
You're absolutely right t.  Most of the time, they don't do anything except download a script from an underground hacker site.  These kinds of <fingerquote>hackers</fingerquotes> get the nom de plume of "script kiddiez".
--dweez

Offline goldshirt*9

  • Super Hero
  • *******
  • Posts: 6430
  • Gender: Male
  • Who yous looking ats
Re: Hacked again..
« Reply #62 on: February 18, 2013, 07:31:07 AM »
You're absolutely right t.  Most of the time, they don't do anything except download a script from an underground hacker site.  These kinds of <fingerquote>hackers</fingerquotes> get the nom de plume of "script kiddiez".
very now ish http://www.bbc.co.uk/news/technology-21371609

Offline tarascon

  • Cro-Magnon
  • ****
  • Posts: 698
  • Gender: Male
  • Try again. Fail again. Fail better.
Re: Hacked again..
« Reply #63 on: February 19, 2013, 08:47:17 AM »
Estragon: I can't go on like this.
Vladimir: That's what you think.