Hacked by bruneii

Niall · Jan 02, 2011, 14:40:53

What exactly did they do to hack the forum? Just curious as my mate is using the same software. All updated, with a couple of scripts he's coded himself to stop certain things, but it may be worth alerting him if there's an actual flaw in something that allows this to happen.

Simon · Jan 02, 2011, 14:43:14

We don't know yet, Niall. IDNet will have to examine the server logs.

Rik · Jan 02, 2011, 14:43:58

We don't yet know, Niall. All I can say is that the entire server was hacked, taking down at least two other sites.

Danni · Jan 02, 2011, 15:06:19

I'm holding off on changing my password. The one I use for here is only used for forums (and not all of them at that) so in the event that they cracked the password encryption (very unlikely) then they can't do much damage.

I need to think of new passwords anyway, so when I've done that I'll change it.

klipp · Jan 02, 2011, 15:26:34

With any luck the passwords are stored in the database as MD5 or SHA1 hash strings which are non-reversible.

Niall · Jan 02, 2011, 15:27:02

Ah right so it was server side, rather than the actual forum software itself most likely.

That's what happened with my old host on 34sp, there was some form of SQL injection allowing access to anything stored on the servers. Still, it's not the end of the world and when it's a larger forum it will always attract attacks like this. It's a sad state of affairs, especially when these hackers are trying to claim that they're helping by pointing out vulnerabilities. If they really were they'd hack it, do no harm and inform the webmasters to correct it, but no, they need to make a name for themselves, which in itself is pointless as they hide behind aliases anyway. It's all a bit retarded really.

vitriol · Jan 02, 2011, 15:49:18

Regarding the hacking, I've changed my password, but as I use linux is there still a requirement to scan my machine ? if so can anyone recommend some av solution to use ?

Thanks

Rik · Jan 02, 2011, 15:50:14

No, you should be fine, Vit.

RogerP · Jan 02, 2011, 16:01:07

Hi Rik

Sorry to hear and see your problems glad you have got it all mainly back to normal, as said before cyber thugs and a complete waste of space.

I have changed my password thanks for the info, do I need a scan on a Mac ??

Keep up the good work and I am sure the site will be more resilient in the future for all your efforts.

Rogerp

Rik · Jan 02, 2011, 16:03:12

No scan needed on a Mac, Roger, but I didn't want to start a platform war.

It may take us several days to resolve all the issues, but we're going as fast as wee can, not helped by IDNet's shutdown.

RogerP · Jan 02, 2011, 16:11:46

Hi Rik

Nothing of the sort in my question just self preservation of my laptop, if I could help I would offer, it's just the damned inconvenience it all causes not to me but for you.

Anyway good look with it all.

rogerp

Rik · Jan 02, 2011, 16:17:18

Thanks, Roger.

Ted · Jan 02, 2011, 17:02:22

Quote from: vitriol on Jan 02, 2011, 15:49:18
Regarding the hacking, I've changed my password, but as I use linux is there still a requirement to scan my machine ? if so can anyone recommend some av solution to use ?

Thanks

AVG

Clamav

Root kit hunter

You could try these for peace of mind, but I don't expect you'll have any problems. I haven't used them for a while but they all come with a gui, if I remember correctly.

You'll more than likely get Clamav from your distro repos.

Baz · Jan 02, 2011, 17:16:49

sorry to hi jack but one for Simon/Rik or any one else, is Pals still down too or is it just me.When I type in the address I get sent here

Rik · Jan 02, 2011, 17:22:32

Pals is down, Baz, only Netters got fixed today.

Simon · Jan 02, 2011, 17:24:26

Yes, we don't quite know where the redirect came from, but Pals was also hit, as it's on the same server, Baz. I think IDNet prioritised getting things up and running here first.

Baz · Jan 02, 2011, 17:24:49

thanks Guys

thought it was suspicious when I tried first thing this morning and had to try Pals and the other site you say uses the server too to double check...its also still down

pctech · Jan 02, 2011, 17:55:11

Looks like the forum is under attack again, just got the hacked by Bruneii message again momentarily.

JB · Jan 02, 2011, 17:58:10

Could be a DNS glitch pointing to the old server, which is still running.

Rik · Jan 02, 2011, 17:58:53

Certainly could be, which DNS are you using, Mitch?

pctech · Jan 02, 2011, 18:00:05

Zen's own and it only happened momentarily.

DNS caching is disabled on my system so all lookups are fresh.

Steve · Jan 02, 2011, 18:03:24

I think it's DNS,if you use Google or Norton I end up with the Brunei. My trace routes are all to pot as well still.

pctech · Jan 02, 2011, 18:05:22

Hasn't happened again, perhaps their secondary resolver is slightly behind the first and it serviced the query instead.

JB · Jan 02, 2011, 18:07:53

Quote from: pctech on Jan 02, 2011, 18:05:22
Hasn't happened again, perhaps their secondary resolver is slightly behind the first

I'm sure that's right. My Linux box has Norton DNS hard coded and it it still resolving to the Bruneii page on 212.69.36.28 which is the old server.

zappaDPJ · Jan 02, 2011, 18:11:14

Quote from: pctech on Jan 02, 2011, 17:55:11
Looks like the forum is under attack again, just got the hacked by Bruneii message again momentarily.

I fully expect further attacks and we are doing everything we can under difficult circumstances to prevent this from reoccurring. Over the next few days, when IDNet are back in the office, I will be taking further steps to ensure we are as secure as possible.

This was not an attack specifically aimed against us, but an attack on the hosting server which to the best of my knowledge resulted in all the packages hosted there being compromised. The culprits have a history of taking out many thousands of websites. The ultimate purpose has been speculated upon by various organisations but I'd rather not add to that speculation at this time.