Hacked by bruneii

Started by sobranie, Jan 02, 2011, 10:45:35

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

sobranie

Upon opening idnetters this morning the usual top logos had been replaced by 'Hacked by Bruneii' + large shield type logo. Have run NOD32 and malwarebytes which found nothing.
IDNetters seems to work fine now with no hacked logo BUT no IDNet logo is showing.
Ideas pls folks!!

sobranie

Ah, a message re hacking has just appeared. Will follow advice re password.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

Yep - I saw it and immediately googled it, found the stats page for the hackers and it seems that they have been very busy today :(

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

David

Alls well this end now ..3 scans and a password change ...cant be too careful  ;D
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Den

Ran a quick scan with Norton 2011 and found 32 cookies that were not there yesterday and firewall was very busy blocking all sorts of things  :eek4:
Mr Music Man.

Rik

We think we're sorted now, guys. :fingers:
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

psp83

So did they get access to the SQL DB ?

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

DorsetBoy

This team do not leave any virus/exploit etc. they are just about proving a point. They could as some hackers do, totally destroy the site, generally they just make life difficult.

psp83

Quote from: Rik on Jan 02, 2011, 13:31:44
No idea, Paul, sorry.

IDnet should be able to tell you.

If they got access to the admin side off SMF then they could download a SQL dump anyways.

JB

Quote from: Rik on Jan 02, 2011, 13:29:30
We think we're sorted now, guys. :fingers:

Thanks for your help on TBB Rik. Now using IDNet DNS and all working again. Have changed password also.

Regards,

JB.
JB

'Keyboard not detected ~ Press F1 to continue'

Rik

It's difficult to get hold of anyone today, Paul.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Quote from: 6jb on Jan 02, 2011, 13:45:26
Thanks for your help on TBB Rik. Now using IDNet DNS and all working again. Have changed password also


it will take a while for the new DNS to propagate, JB. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

cavillas

Quote from: DorsetBoy on Jan 02, 2011, 13:35:19
This team do not leave any virus/exploit etc. they are just about proving a point. They could as some hackers do, totally destroy the site, generally they just make life difficult.
There is still no need or any necessity to interfere with everyone's enjoyment and use of the Internet.  They are just nasty evil-minded, juvenile brained idiots who because they have no lives of their own think it's funny to interfere with others lives.  There is no excuse or reason for this sort of action.  It's much like going into a public library and hiding all the books for a time, utterly pointless, futile and childish.  As I said absolutely NO EXCUSE for doing this sort of thing at all.  Time they got a real life. :mad:
------
Alf :)

psp83

Quote from: Rik on Jan 02, 2011, 13:45:30
It's difficult to get hold of anyone today, Paul.

Thats a pain then, I hope IDnet keep logs for longer than 48hrs (most hosts only keep for 48hrs)

It would good to know how they got into the server.. (most likely an php/apache exploit)

Rik

I've asked the questions, Paul. For obvious reasons, I won't be able to make the answers public, but we shall take whatever steps we need to, and I'm sure IDNet will too.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

DorsetBoy

Oh dear .... as my son says "who crapped in your cornflakes?"  :evil:      Alf , it is just one of those things, and as much as this team are a pain in the rump they find weak security and dangerous flaws in peoples server set ups and software. If you ask them nicely they'll probably correct the "hack", they do no lasting damage unlike other "idiots".

They are anything but mindless ,that is for sure.

Ted

Quote from: DorsetBoy on Jan 02, 2011, 14:04:31
Oh dear .... as my son says "who crapped in your cornflakes?"  :evil:      Alf , it is just one of those things, and as much as this team are a pain in the rump they find weak security and dangerous flaws in peoples server set ups and software. If you ask them nicely they'll probably correct the "hack", they do no lasting damage unlike other "idiots".

They are anything but mindless ,that is for sure.

I know it doesn't seem like it now, but they might have done us a favor in the long run. If they haven't done any real damage and all the holes are found and plugged, it may stop someone with really nasty intentions getting in "next time"  :fingers:
Ted
There's no place like 127.0.0.1

psp83

trouble is Ted, nothing is 100% secure, there will always be holes in software (and someone will find it one day)

Simon

It's certainly a wake up call, for sure.  If they were trying to do us a favour, though, they could have kindly made it a working day.  ::)
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

And let me finish breakfast first! ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Ted

Quote from: Rik on Jan 02, 2011, 14:22:59
And let me finish breakfast first! ;D

Gotta keep those priorities in the right order.  ;D

Ted
There's no place like 127.0.0.1

Simon

What was that you were saying about having the day off, Rik?  ;)
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Niall

What exactly did they do to hack the forum? Just curious as my mate is using the same software. All updated, with a couple of scripts he's coded himself to stop certain things, but it may be worth alerting him if there's an actual flaw in something that allows this to happen.
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

Simon

We don't know yet, Niall.  IDNet will have to examine the server logs.
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

We don't yet know, Niall. All I can say is that the entire server was hacked, taking down at least two other sites.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Danni

I'm holding off on changing my password. The one I use for here is only used for forums (and not all of them at that) so in the event that they cracked the password encryption (very unlikely) then they can't do much damage.

I need to think of new passwords anyway, so when I've done that I'll change it.
IDNet Customer (ex-partner's name): 6th January 2006 - 23rd March 2007
IDNet broadband Customer (my name): 11th June 2008 - 21st April 2010

Now with Be for internets, IDNet for phone.

klipp

With any luck the passwords are stored in the database as MD5 or SHA1 hash strings which are non-reversible.

Niall

Ah right so it was server side, rather than the actual forum software itself most likely.

That's what happened with my old host on 34sp, there was some form of SQL injection allowing access to anything stored on the servers. Still, it's not the end of the world and when it's a larger forum it will always attract attacks like this. It's a sad state of affairs, especially when these hackers are trying to claim that they're helping by pointing out vulnerabilities. If they really were they'd hack it, do no harm and inform the webmasters to correct it, but no, they need to make a name for themselves, which in itself is pointless as they hide behind aliases anyway. It's all a bit retarded really.
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

vitriol

Regarding the hacking, I've changed my password, but as I use linux is there still a requirement to scan my machine ?  if so can anyone recommend some av solution to use ?

Thanks

Rik

No, you should be fine, Vit.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

RogerP

Hi Rik

Sorry to hear and see your problems glad you have got it all mainly back to normal, as said before cyber thugs and a complete waste of space.

I have changed my password thanks for the info, do I need a scan on a Mac ??

Keep up the good work and I am sure the site will be more resilient in the future for all your efforts.

Rogerp


Rik

No scan needed on a Mac, Roger, but I didn't want to start a platform war. ;D

It may take us several days to resolve all the issues, but we're going as fast as wee can, not helped by IDNet's shutdown.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

RogerP

Hi Rik

Nothing of the sort in my question just self preservation of my laptop, if I could help I would offer, it's just the damned inconvenience it all causes not to me but for you.

Anyway good look with it all.

rogerp

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Ted

Quote from: vitriol on Jan 02, 2011, 15:49:18
Regarding the hacking, I've changed my password, but as I use linux is there still a requirement to scan my machine ?  if so can anyone recommend some av solution to use ?

Thanks

AVG

Clamav

Root kit hunter

You could try these for peace of mind, but I don't expect you'll have any problems. I haven't used them for a while but they all come with a gui, if I remember correctly.

You'll more than likely get Clamav from your distro repos.
Ted
There's no place like 127.0.0.1

Baz

sorry to hi jack but one for Simon/Rik or any one else,  is Pals still down too or is it just me.When I type in the address I get sent here  :dunno:

Rik

Pals is down, Baz, only Netters got fixed today.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

Yes, we don't quite know where the redirect came from, but Pals was also hit, as it's on the same server, Baz.  I think IDNet prioritised getting things up and running here first. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Baz

thanks  Guys :thumb:


thought it was suspicious when I tried first thing this morning and had to try Pals and the other site you say uses the server too to double check...its also still down  :(

pctech

Looks like the forum is under attack again, just got the hacked by Bruneii message again momentarily.


JB

Could be a DNS glitch pointing to the old server, which is still running.
JB

'Keyboard not detected ~ Press F1 to continue'

Rik

Certainly could be, which DNS are you using, Mitch?
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Zen's own and it only happened momentarily.

DNS caching is disabled on my system so all lookups are fresh.


Steve

I think it's DNS,if you use Google or Norton I end up with the Brunei. My trace routes are all to pot as well still.
Steve
------------
This post reflects my own views, opinions and experience, not those of IDNet.

pctech

Hasn't happened again, perhaps their secondary resolver is slightly behind the first and it serviced the query instead.


JB

Quote from: pctech on Jan 02, 2011, 18:05:22
Hasn't happened again, perhaps their secondary resolver is slightly behind the first

I'm sure that's right. My Linux box has Norton DNS hard coded and it it still resolving to the Bruneii page on 212.69.36.28 which is the old server.
JB

'Keyboard not detected ~ Press F1 to continue'

zappaDPJ

Quote from: pctech on Jan 02, 2011, 17:55:11
Looks like the forum is under attack again, just got the hacked by Bruneii message again momentarily.

I fully expect further attacks and we are doing everything we can under difficult circumstances to prevent this from reoccurring. Over the next few days, when IDNet are back in the office, I will be taking further steps to ensure we are as secure as possible.

This was not an attack specifically aimed against us, but an attack on the hosting server which to the best of my knowledge resulted in all the packages hosted there being compromised. The culprits have a history of taking out many thousands of websites. The ultimate purpose has been speculated upon by various organisations but I'd rather not add to that speculation at this time.
zap
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

kinmel


Well done to the Staff for getting it all back up so quickly  :admin:
Alan  ‹(•¿•)›

What is the date of the referendum for England to become an independent country ?

Rik

Thanks, Alan, they've been working their socks off to fix all the things I keep breaking. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

 :clap: :cheers:

I will echo the sentiments of Alan well done and this INCLUDES you Rik and the whole team   :thumb:

You seem to exclude yourself Rik and it must have been so hectic for all concerned thanks
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

pctech


Rik

It's hectic, David, but I'm primarily liaison and poke a stick at things until I've broken them. ;D It's been a team effort with Zap and Martin at the forefront, but every member of the team has been beavering away trying to get things as normal as possible as quickly as we can. I've also managed to interrupt Simon & Tim's Xmas break, for which apologies to them.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

We'd like to thank Martin, at iDNet, for taking the time out this morning to get us moved to, and running on, a new server. Everyone else on the old server is still down until at least tomorrow.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

David

Ahhhh good old beavering away ...its been a while but I remember it well.......................oops sorry I drifted there  ;D

Of course I excluded no-one except myself as I was having a cup of tea but appreciation to all but your humility suits you sir....wouldlnt suit me I am too big for this  ;) ;D ;D
Many hammer all over the wall and believe that with each blow they hit the nail on the head.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Niall

I reckon this was all just a cunning ploy by Rik to see how many people registered to the forum actually have active accounts/email accounts :D
Flickr Deviant art
Art is not a handicraft, it is the transmission of feeling the artist has experienced.
Leo Tolstoy

Lona

The hackers would wonder what we all do on here and probably wondered why the bothered hacking into us.  Perhaps they knew the answer to "Who is this Oldie". ;) >:D


If one took the Scots out of the world, it would fall apart
Dr. Louis B Wright, Washington DC, National Geographic (1964), from Donald MacDonald, Edinburgh :thumb:

Rik

Quote from: Niall on Jan 02, 2011, 23:39:06
I reckon this was all just a cunning ploy by Rik to see how many people registered to the forum actually have active accounts/email accounts :D

Damn, I've been rumbled. ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Quote from: Lona on Jan 02, 2011, 23:52:05
The hackers would wonder what we all do on here and probably wondered why the bothered hacking into us.  Perhaps they knew the answer to "Who is this Oldie". ;) >:D

Interesting theory. ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

cavillas

Quote from: DorsetBoy on Jan 02, 2011, 14:04:31
Oh dear .... as my son says "who crapped in your cornflakes?"  :evil:      Alf , it is just one of those things, and as much as this team are a pain in the rump they find weak security and dangerous flaws in peoples server set ups and software. If you ask them nicely they'll probably correct the "hack", they do no lasting damage unlike other "idiots".

They are anything but mindless ,that is for sure.

But what gives them the right or responsibility to hack something that does not belong to them?  Did they decide to become the Internet Police or something?  How would people feel if someone broke into their house and left notes all over the place just to show that it can be done?  These people are irresponsible and do not have the right to decide what is safe and what is not by hacking into sites that they do not own or run.  It's like saying that i have a cr that can do 150mph so I am allowed to do it because I can, not because it is safe or legal.  There can nevwer be any excuse, no matter how reasoned, for these people to attack other peoples sites.  By mindless I mean totally slef centred and only thinking of their own technicle prowess, they are not needed and not wanted.
------
Alf :)

Rik

How we agree with that last sentence, Alf. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

I understand that you cant give full details Rik but in the announcement you said  "....one of the other sites which shared the server with us allowed the hackers to take control ".   

what does that mean? did they do it deliberately?

Glenn

The server hosts multiple sites, the security of one of those sites was compromised allowing access to the server. That is how I understand it, Baz.
Glenn
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Rik

What Glenn said, Baz, coupled with some careless coding on that site.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Simon

And in case anyone is wondering, it wasn't PC Pals. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

I never suggested that Simon........did I?  :dunno:

:D

Rik

You'll find out when Pals re-opens, Baz. If you're banned, Simon took umbrage. ;D
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

 ;D ;D ;D

thought I was banned from here a few times today,    stupid change of password  :laugh: :laugh: :laugh: :laugh:

Rik

I noticed you were having trouble remembering. ;D It's safe to change back if you want to.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

Baz

 :slap: :slap:  that'll just confuse me more    :laugh: :laugh: :laugh:

pctech

I had trouble remembering too.

Had to change my network password at work too today.

Simon

Quote from: Baz on Jan 03, 2011, 17:30:42
I never suggested that Simon........did I?  :dunno:

:D

Just making sure.   :eyebrow: ;)
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

DarkStar

Quote from: Rik on Jan 03, 2011, 17:34:38
It's safe to change back if you want to.
Not having been around for a couple of days I've only just seen this thread - do I not need to change my password now?
Ian

Rik

No, Ian. We were being cautious on Sunday until we could be sure the data files had not been compromised. We know now that they haven't. :)
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

DarkStar

Thanks Rik  :thumb:
I hate having to remember new passwords.
Ian

scgil

Amazing that Idnet was able to get this forum up and running almost immediately but failed to get the business websites up sooner.  I am still down and tomorrow will be a full 4 days!!!!!  Email them, call them..then 5:00PM comes and oops..the man you need to speak to has gone home.  That's just great!!!  Lose a server and pens down at 5:00 while my ecommerce site is losing 1K a day!  Only way I knew what happened was through this forum as there was no notification from them about what happened.  Thumbs down!

Simon

Sorry to hear your site is still down, but welcome to the forum.  I'm not sure there's much we can do to help you from here.  It's really something you need to talk to IDNet about, but someone who knows a bit about hosting may have some advice to offer soon. 
Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.