View previous topic :: View next topic |
Author |
Message |
Beecham
Wind In The Grass
Joined: 20 May 2005
Post Count: 988
Location: Zexen Forest
33221 Potch
75 Soldiers
0 Nation Points
|
Posted: Tue Dec 21, 2004 5:41 pm Post subject: Well, THAT was fun |
|
|
Talk about an eventful day at Suikox.com. Looks like I'm the first one back after that? *pokes the boards lightly, wondering if the post'll go through alright*
So what's our status precisely? Are we still vulnerable? And I'm vaguely confused too: was this an attack on this site directly, or was it more generally directed at our host?
Well, here goes... let's see if this puppy works!
Whee, it works, it does! |
|
Back to top |
|
|
Vextor
Joined: 09 Mar 2004
Post Count: 12086
Location: Hell
11331071 Potch
23689 Soldiers
160 Nation Points
|
Posted: Tue Dec 21, 2004 5:58 pm Post subject: |
|
|
Nah, it was a google worm. Some little shit decided to disperse a worm using google, abusing a vulnerability in phpBB called the "highlight vulnerability." This allows a hacker to get into the phpBB directory through the viewtopics.php, bypassing all other security measures. The hacker finds the message board by simply typing "viewtopics.php" in google. How incredible, eh?
Then they slipped in a backdoor script inside my server, which seemed to have a bot program coded in there as well. Basically, what it did is re-write every single file on suikox.comwith .html and .php extensions with a simple file that says, "This site has been dafaced!" I'm sure you saw that. Along with that, the backdoor script also automatically conducted similar searches via google, spreading itself to other sites. The one that infected Suikox.com was "Generation 11" which means 10 other sites were infected by the same worm before it came to suikox.
A lot of other sites using phpBB were hit this morning. Unfortunately, many sites did not keep backups so they lost a crap-load of data.
Suikox.com is backed up every hour, so nothing was lost at all. Your messages and user data is stored in a mySQL database, which is located in a separate, secure server. Thus, nothing was lost. Restoration did take a few hours, but it's infinitely better than redoing the entire site from scratch. |
|
Back to top |
|
|
Beecham
Wind In The Grass
Joined: 20 May 2005
Post Count: 988
Location: Zexen Forest
33221 Potch
75 Soldiers
0 Nation Points
|
Posted: Tue Dec 21, 2004 6:36 pm Post subject: |
|
|
Very much so. I was quite relieved earlier when you told me I hadn't lost my account :) Being only two days old here, I feared the worst ^_^;;;
Side note: odd that I thought I was the first back. The front page insisted there were no new posts in any forums, but I see now on the error forum there was. Guess I posted in the wrong place about this, but I forgot we -had- an error forum ^_^ |
|
Back to top |
|
|
Lunarblade
White Wolf Templars
Joined: 02 Aug 2004
Post Count: 2081
Location: L'renouille
1428 Potch
0 Soldiers
0 Nation Points
|
Posted: Wed Dec 22, 2004 12:17 am Post subject: |
|
|
Phew...thanks SARSadmin, Backups = Instant WIN. _________________
Sinocard wrote: |
I dont think I am above women, I think I am above everyone. |
|
|
Back to top |
|
|
Beecham
Wind In The Grass
Joined: 20 May 2005
Post Count: 988
Location: Zexen Forest
33221 Potch
75 Soldiers
0 Nation Points
|
Posted: Wed Dec 22, 2004 1:17 am Post subject: |
|
|
More like, secure server == instant win. After speaking to him again I realized my own boards, both of which run a similar set to phpbb, were vulnerable too, I nearly had a heart attack; both, however, seem to have dodged the bullet. |
|
Back to top |
|
|
Daniel Blackhand
siswai'aman Brotherhood of Pain
Joined: 18 Jun 2004
Post Count: 4503
Location: Yashuna
330059 Potch
0 Soldiers
5731866 Nation Points
|
Posted: Thu Dec 23, 2004 1:26 pm Post subject: |
|
|
I am glad the site came through okay. I think people that send out viruses are just one rung up from lawyers on the scum scale. _________________
|
|
Back to top |
|
|
Filipe
The Executors of Harmonian Order
Joined: 10 Jul 2004
Post Count: 2030
Location: Montmittel
35712 Potch
0 Soldiers
0 Nation Points
|
Posted: Thu Dec 23, 2004 7:33 pm Post subject: |
|
|
To say the least well done Sarsadmin making sure that everything was backed up completely and after a few hours things were completely back up and running like we have all come to know, love and expect from this forum. Now if only I could find this twerp or whoever it is I would give him good reason to never do anything of this sort to anyone again. What I will do has not been determined yet and never will considering I doubt I will ever find out but eventually I will uselessly come up with some sort of vengance plot. Who's with me in this? _________________
|
|
Back to top |
|
|
|
|