Author Topic: Hacked again..  (Read 12779 times)

0 Members and 1 Guest are viewing this topic.

Offline bubu

  • Homo Erectus
  • **
  • Posts: 131
  • Gender: Female
Re: Hacked again..
« Reply #15 on: January 13, 2013, 04:23:45 PM »
I am having problem with the site, still some pages don't open up, could be related to this problem?

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #16 on: January 13, 2013, 06:19:45 PM »
I know it's fairly simple to reset the root password on MySQL.  Not sure if that applies to other accounts, but once you have the root password, you're pretty much golden for the whole thing.

http://dev.mysql.com/doc/refman/5.0/en/resetting-permissions.html

This assumes we have root access to MySQL.  If we're sharing the MySQL instance with other sites, we might just have a specific user for Diasfora.  In cases like that, the hosting company should have root and should be able to reset the db account password for you.

We can set up as many MySQL user accounts that we want and then set the database to use the credentials from one of those users to operate (that's the tricky part), while keeping the admin account for the site, separate. Then we might have to update the settings here so that the forum still had permission to use the database.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #17 on: January 13, 2013, 08:38:30 PM »
Hey Smokes. There was an undisclosed security vulnerability in SMF 2.0.2, but I have not been able to get a straight answer from anyone over there as to exactly what it was. The 2.0.3 patch through the admin control panel will fix it though, if and only if that is the way they are getting in. The patch doesn't affect any installed mods or customizations, and took less than a minute to implement. 

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #18 on: January 14, 2013, 02:24:03 AM »
Thanks Buster, I'd suspected that the site software might have been the weak link as the main site was still locked down.  I'll run that update immediately and hope that is the last of it.

I am having problem with the site, still some pages don't open up, could be related to this problem?

It was probably a load spike on the server as they happen intermittently. Thanks for mentioning it though.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #19 on: January 14, 2013, 07:51:33 AM »
I suspect that was it, but of course, you know your own setup better than anyone else. The site is responding really fast for me today also.

I understand why they won't tell what the holes are, not wanting every skiddie out there hacking away at all the unpatched sites, but for us that have to deal with the hack attempts, it would be nice to know what they are targeting.

Happy anniversary!

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #20 on: January 14, 2013, 08:32:32 AM »
I suspect that was it, but of course, you know your own setup better than anyone else. The site is responding really fast for me today also.

I understand why they won't tell what the holes are, not wanting every skiddie out there hacking away at all the unpatched sites, but for us that have to deal with the hack attempts, it would be nice to know what they are targeting.

Happy anniversary!

Many thanks again Buster, as you can see we are now 2.0.3.

I have other sites I maintain that also use SMF  2.0.2., and they have also been hacked at least once although not that recently.  I'll run the patch over on them too and see if that puts an end to things.

Is Aelthric using that update I wonder.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #21 on: January 14, 2013, 10:23:25 AM »
Aelthric is still on 2.0.2 as of a little while ago.

Online dweez

  • Global Moderator
  • Q
  • *
  • Posts: 11401
  • Gender: Male
  • Rebel Mod
Re: Hacked again..
« Reply #22 on: January 14, 2013, 02:09:21 PM »
I understand why they won't tell what the holes are, not wanting every skiddie out there hacking away at all the unpatched sites, but for us that have to deal with the hack attempts, it would be nice to know what they are targeting.

I understand the logic behind this, but it's a flawed logic.  Much like DRM, not giving full disclosure only keeps the info out of the hands of the "good people".  The hackers have their own sub-culture and can easily learn of the details of a 0-day vulnerability.
--dweez

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #23 on: January 14, 2013, 03:14:23 PM »
So true. In many, if not most cases, the hacker underground knows about a software vulnerability long before the developers do. Keeping it away from the good guys serves no real purpose that I can see.

Offline 6pairsofshoes

  • Human
  • *****
  • Posts: 2216
Re: Hacked again..
« Reply #24 on: January 14, 2013, 11:57:14 PM »
Thanks for fixing it.

Offline SACPOP

  • Human
  • *****
  • Posts: 1170
Re: Hacked again..
« Reply #25 on: January 15, 2013, 04:23:56 AM »
As dumb as this may sound (and it WILL sound dumb), I was always under the impression that running a forum was a lot more simple than it is.
I figured you just bought a domain, paid the server provider, picked a template, chose some colors, checked a few boxes, and viola! you are now running a forum. After reading a little into it I now know I could not have been more wrong (well, I guess I could if I really tried... ;D ).

Thanks for all the work you do.

Offline xtopave

  • Site Modette
  • Q
  • *
  • Posts: 28876
  • Gender: Female
Re: Hacked again..
« Reply #26 on: January 15, 2013, 05:16:09 AM »
You know, SACPOP... Your post makes me want to say thank you again.

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #27 on: January 15, 2013, 06:28:09 AM »
As dumb as this may sound (and it WILL sound dumb), I was always under the impression that running a forum was a lot more simple than it is.
I figured you just bought a domain, paid the server provider, picked a template, chose some colors, checked a few boxes, and viola! you are now running a forum. After reading a little into it I now know I could not have been more wrong (well, I guess I could if I really tried... ;D ).

Thanks for all the work you do.

Essentially this is true, but forums are "dynamic" sites that require both the front end and a back end. Then have to continually upgrade the site, add modifications - quite often by hand (as Buster will testify), maintain a healthy database as it is this that is the forum, so if that goes, then everything goes (as Aelthric will testify), and fix things that regularly break.

You also have to continually battle your host (as Dweez will testify to due to some hilarious senior management threads) as dynamic sites, as opposed to static ones, require a constant low server load and most of the services to be up and running well - hosts tend to want to oversell their servers which cause high loads which then knocks out other services like MySQL etc - and just chasing the techs that run the servers can be a major struggle by itself. Our first host for instance, took about 36 hours just to reply to an outage ticket let alone deal with the problem.

Then you have hackers and spammers that have nothing better to do than to destroy other people's work.

Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.

Offline busterone

  • Australopithecus
  • *
  • Posts: 54
  • Gender: Male
  • Awaholi Gihli
Re: Hacked again..
« Reply #28 on: January 17, 2013, 01:16:15 PM »
Indeed. Back before I switched from the 1.1.x series to the 2.x series, every single modification had to be hand coded repeatedly for every theme that was installed to the forum. At that time, that would mean several hours of adding code to a dozen or more theme templates, as well as the code the mod added to the core files.  Then, because so many themes are slightly different in their templates and structure, some themes would break or display wonky, and you had to experiment and manipulate the code to bring it back in line.  I don't miss those days at all. :)

Hosting issues are always a potential nightmare, depending on how well they maintain the servers and their own security. Then you always have the good and the bad service reps. God forbid you get one of the idiots for server support.  :D

 Then the worst of them are the hackers and spammers. Spam fighting is an ongoing fight. For every measure we take to keep them out, they soon learn ways to bypass it and get in again. I hate them more than I can speak here.  ;D

Offline smokester

  • Administrator
  • Q
  • *
  • Posts: 14873
  • Gender: Male
  • Da mihi castitatem et continentiam, sed noli modo!
Re: Hacked again..
« Reply #29 on: January 17, 2013, 01:45:04 PM »
I can see the spambots trying to register all the time, but the invite system gives us complete security against spam and self registering robots.  That might be why when they get home empty handed, their coder decides to hack us for good measure.
Don't put off until tomorrow, what you can put off until the day after.

There is an exception to every rule, apart from this one.