Web Site Hack

What's new
Post Reply
User avatar
Weygold
Level 2
Level 2
Posts: 31
Joined: Sun Nov 04, 2001 4:00 pm
Location: Orange, CA
Zodiac: Libra
Contact:

Web Site Hack

Post by Weygold » Tue Dec 21, 2004 11:34 am

There was an exploit in the board scripts that was used to overwrite EVERY php and html file in the entire web site last night.

The site should be back up now and working properly. The exploits have been patched, and all themes for this board have been removed until I can get around to patching those as well.

User avatar
Librarian
Moderator
Moderator
Posts: 760
Joined: Mon Nov 05, 2001 4:00 pm
Location: Tustin, CA
Zodiac: Capricorn
Contact:

Apparently, we are not alone.

Post by Librarian » Tue Dec 21, 2004 7:28 pm

Santy worm defaces thousands of sites

http://www.theregister.co.uk/2004/12/21/santy_worm/

By John Leyden
Published Tuesday 21st December 2004 23:38 GMT

A worm which attacks web servers running the popular phpBB discussion forum software to deface vulnerable systems spread widely across the net today.

The Santy worm searches for vulnerable forum sites using Google. When a suitable target is found, Santy uses a remote exploit to gain access and deface it before resuming its scanning activity. Content on defaced sites is replaced by the following text string.

"This site is defaced!!!" NeverEverNoSanity

Apart from defacing infected sites with this text, the worm has no payload. It will not infect PC used to view infected sites. F-Secure, the Finnish anti-virus firmm estimates there more than one million sites use the vulnerable phpBB software, of which tens of thousands have already been defaced. Users of phpBB are advised to update to version 2.0.11. ®

User avatar
davisherm
Moderator
Moderator
Posts: 977
Joined: Thu Dec 18, 2003 7:00 pm
Location: The Wood
Zodiac: Aries
Contact:

Post by davisherm » Wed Dec 22, 2004 1:44 am

I figured it was something like that. Kudos on getting everything back up and running so quickly.
"I just want to play on my Panpipes..." Cake

User avatar
Librarian
Moderator
Moderator
Posts: 760
Joined: Mon Nov 05, 2001 4:00 pm
Location: Tustin, CA
Zodiac: Capricorn
Contact:

Post by Librarian » Wed Dec 22, 2004 8:12 am

Thanks. It gave me a chance, also, to do some housecleaning. Wb is going to look at additional themes, as am I, and I'll apply the mods to them.

Her board also got cleaned out, so I'll apply the same themes and mods to hers as well. That way it'll be easier to maintain both.

User avatar
Stormy
Moderator
Moderator
Posts: 733
Joined: Sun Jan 18, 2004 6:11 pm
Location: Pittsburgh Area, PA
Contact:

Post by Stormy » Wed Dec 22, 2004 10:46 am

I missed the actual attack portion of the show - been fighting the flu/cold and have been on rather sporadically. At least it didn't have a payload to attack users too.
Oh, I don't see spell check yet - are you going to put it back or was it one of the vunerable areas?

Stormy
Stormy ~~}~}-:>
Aut viam inveniam aut faciam

User avatar
Wbdsgnr1
Moderator
Moderator
Posts: 457
Joined: Mon Nov 18, 2002 1:16 pm
Location: Glasgow, KY
Contact:

Post by Wbdsgnr1 » Wed Dec 22, 2004 4:33 pm

my roommate was the first one who noticed the site being defaced and woke me up, man i have never shot out of bed so fast!!

but i called librarian and left him online messages about the attack.
I hate seeing crap like that happen to my online home :)


blessed be
<img>

User avatar
Librarian
Moderator
Moderator
Posts: 760
Joined: Mon Nov 05, 2001 4:00 pm
Location: Tustin, CA
Zodiac: Capricorn
Contact:

Post by Librarian » Wed Dec 22, 2004 6:54 pm

Everything will come back, and then some.

User avatar
Librarian
Moderator
Moderator
Posts: 760
Joined: Mon Nov 05, 2001 4:00 pm
Location: Tustin, CA
Zodiac: Capricorn
Contact:

Post by Librarian » Thu Dec 23, 2004 9:08 am

Ok! We have themes back up again. A couple of "dark" ones for Wb, one for those who have older eyes, and, my favorite, noteBored. :-D

User avatar
Wbdsgnr1
Moderator
Moderator
Posts: 457
Joined: Mon Nov 18, 2002 1:16 pm
Location: Glasgow, KY
Contact:

Post by Wbdsgnr1 » Thu Dec 23, 2004 8:51 pm

YAY dark ones for me. yay yay yay

blessed be
<img>

User avatar
davisherm
Moderator
Moderator
Posts: 977
Joined: Thu Dec 18, 2003 7:00 pm
Location: The Wood
Zodiac: Aries
Contact:

Post by davisherm » Sat Dec 25, 2004 8:42 pm

did my emails actualy make it through?

I sent one to webmaster and one to webmistress and didn't get a bounceback, but I wasn't sure if those were still in use.
"I just want to play on my Panpipes..." Cake

User avatar
Wbdsgnr1
Moderator
Moderator
Posts: 457
Joined: Mon Nov 18, 2002 1:16 pm
Location: Glasgow, KY
Contact:

Post by Wbdsgnr1 » Sun Dec 26, 2004 8:45 am

the webmaster is Librarian and the webmistress is me..... I haven't checked that email account of mine in a while but I will here in a few moments Davish.


blessed be
<img>

User avatar
Librarian
Moderator
Moderator
Posts: 760
Joined: Mon Nov 05, 2001 4:00 pm
Location: Tustin, CA
Zodiac: Capricorn
Contact:

Post by Librarian » Sun Dec 26, 2004 9:44 am

No wonder! I sent you an email at your excite address. Go! Go check now! :P

User avatar
Wbdsgnr1
Moderator
Moderator
Posts: 457
Joined: Mon Nov 18, 2002 1:16 pm
Location: Glasgow, KY
Contact:

Post by Wbdsgnr1 » Sun Dec 26, 2004 3:11 pm

i didnt get an email from you at that address..... but I did get 2 ecards from you from the [email protected] address.

And i called to thank you, so maybe YOU need to check your voicemail and try calling me back! ha ha

blessed be
<img>

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests