Upon opening idnetters this morning the usual top logos had been replaced by 'Hacked by Bruneii' + large shield type logo. Have run NOD32 and malwarebytes which found nothing.
IDNetters seems to work fine now with no hacked logo BUT no IDNet logo is showing.
Ideas pls folks!!
Ah, a message re hacking has just appeared. Will follow advice re password.
;)
Yep - I saw it and immediately googled it, found the stats page for the hackers and it seems that they have been very busy today :(
Steve
Alls well this end now ..3 scans and a password change ...cant be too careful ;D
Ran a quick scan with Norton 2011 and found 32 cookies that were not there yesterday and firewall was very busy blocking all sorts of things :eek4:
We think we're sorted now, guys. :fingers:
So did they get access to the SQL DB ?
No idea, Paul, sorry.
This team do not leave any virus/exploit etc. they are just about proving a point. They could as some hackers do, totally destroy the site, generally they just make life difficult.
Quote from: Rik on Jan 02, 2011, 13:31:44
No idea, Paul, sorry.
IDnet should be able to tell you.
If they got access to the admin side off SMF then they could download a SQL dump anyways.
Quote from: Rik on Jan 02, 2011, 13:29:30
We think we're sorted now, guys. :fingers:
Thanks for your help on TBB Rik. Now using IDNet DNS and all working again. Have changed password also.
Regards,
JB.
It's difficult to get hold of anyone today, Paul.
Quote from: 6jb on Jan 02, 2011, 13:45:26
Thanks for your help on TBB Rik. Now using IDNet DNS and all working again. Have changed password also
it will take a while for the new DNS to propagate, JB. :)
Quote from: DorsetBoy on Jan 02, 2011, 13:35:19
This team do not leave any virus/exploit etc. they are just about proving a point. They could as some hackers do, totally destroy the site, generally they just make life difficult.
There is still no need or any necessity to interfere with everyone's enjoyment and use of the Internet. They are just nasty evil-minded, juvenile brained idiots who because they have no lives of their own think it's funny to interfere with others lives. There is no excuse or reason for this sort of action. It's much like going into a public library and hiding all the books for a time, utterly pointless, futile and childish. As I said absolutely NO EXCUSE for doing this sort of thing at all. Time they got a real life. :mad:
Quote from: Rik on Jan 02, 2011, 13:45:30
It's difficult to get hold of anyone today, Paul.
Thats a pain then, I hope IDnet keep logs for longer than 48hrs (most hosts only keep for 48hrs)
It would good to know how they got into the server.. (most likely an php/apache exploit)
I've asked the questions, Paul. For obvious reasons, I won't be able to make the answers public, but we shall take whatever steps we need to, and I'm sure IDNet will too.
Oh dear .... as my son says "who crapped in your cornflakes?" :evil: Alf , it is just one of those things, and as much as this team are a pain in the rump they find weak security and dangerous flaws in peoples server set ups and software. If you ask them nicely they'll probably correct the "hack", they do no lasting damage unlike other "idiots".
They are anything but mindless ,that is for sure.
Quote from: DorsetBoy on Jan 02, 2011, 14:04:31
Oh dear .... as my son says "who crapped in your cornflakes?" :evil: Alf , it is just one of those things, and as much as this team are a pain in the rump they find weak security and dangerous flaws in peoples server set ups and software. If you ask them nicely they'll probably correct the "hack", they do no lasting damage unlike other "idiots".
They are anything but mindless ,that is for sure.
I know it doesn't seem like it now, but they might have done us a favor in the long run. If they haven't done any real damage and all the holes are found and plugged, it may stop someone with really nasty intentions getting in "next time" :fingers:
trouble is Ted, nothing is 100% secure, there will always be holes in software (and someone will find it one day)
It's certainly a wake up call, for sure. If they were trying to do us a favour, though, they could have kindly made it a working day. ::)
And let me finish breakfast first! ;D
Quote from: Rik on Jan 02, 2011, 14:22:59
And let me finish breakfast first! ;D
Gotta keep those priorities in the right order. ;D
What was that you were saying about having the day off, Rik? ;)
;D
What exactly did they do to hack the forum? Just curious as my mate is using the same software. All updated, with a couple of scripts he's coded himself to stop certain things, but it may be worth alerting him if there's an actual flaw in something that allows this to happen.
We don't know yet, Niall. IDNet will have to examine the server logs.
We don't yet know, Niall. All I can say is that the entire server was hacked, taking down at least two other sites.
I'm holding off on changing my password. The one I use for here is only used for forums (and not all of them at that) so in the event that they cracked the password encryption (very unlikely) then they can't do much damage.
I need to think of new passwords anyway, so when I've done that I'll change it.
With any luck the passwords are stored in the database as MD5 or SHA1 hash strings which are non-reversible.
Ah right so it was server side, rather than the actual forum software itself most likely.
That's what happened with my old host on 34sp, there was some form of SQL injection allowing access to anything stored on the servers. Still, it's not the end of the world and when it's a larger forum it will always attract attacks like this. It's a sad state of affairs, especially when these hackers are trying to claim that they're helping by pointing out vulnerabilities. If they really were they'd hack it, do no harm and inform the webmasters to correct it, but no, they need to make a name for themselves, which in itself is pointless as they hide behind aliases anyway. It's all a bit retarded really.
Regarding the hacking, I've changed my password, but as I use linux is there still a requirement to scan my machine ? if so can anyone recommend some av solution to use ?
Thanks
No, you should be fine, Vit.
Hi Rik
Sorry to hear and see your problems glad you have got it all mainly back to normal, as said before cyber thugs and a complete waste of space.
I have changed my password thanks for the info, do I need a scan on a Mac ??
Keep up the good work and I am sure the site will be more resilient in the future for all your efforts.
Rogerp
No scan needed on a Mac, Roger, but I didn't want to start a platform war. ;D
It may take us several days to resolve all the issues, but we're going as fast as wee can, not helped by IDNet's shutdown.
Hi Rik
Nothing of the sort in my question just self preservation of my laptop, if I could help I would offer, it's just the damned inconvenience it all causes not to me but for you.
Anyway good look with it all.
rogerp
Thanks, Roger. :)
Quote from: vitriol on Jan 02, 2011, 15:49:18
Regarding the hacking, I've changed my password, but as I use linux is there still a requirement to scan my machine ? if so can anyone recommend some av solution to use ?
Thanks
AVG (http://free.avg.com/us-en/download)
Clamav (http://www.clamav.net/lang/en/)
Root kit hunter (http://www.rootkit.nl/projects/rootkit_hunter.html)
You could try these for peace of mind, but I don't expect you'll have any problems. I haven't used them for a while but they all come with a gui, if I remember correctly.
You'll more than likely get Clamav from your distro repos.
sorry to hi jack but one for Simon/Rik or any one else, is Pals still down too or is it just me.When I type in the address I get sent here :dunno:
Pals is down, Baz, only Netters got fixed today.
Yes, we don't quite know where the redirect came from, but Pals was also hit, as it's on the same server, Baz. I think IDNet prioritised getting things up and running here first.
thanks Guys :thumb:
thought it was suspicious when I tried first thing this morning and had to try Pals and the other site you say uses the server too to double check...its also still down :(
Looks like the forum is under attack again, just got the hacked by Bruneii message again momentarily.
Could be a DNS glitch pointing to the old server, which is still running.
Certainly could be, which DNS are you using, Mitch?
Zen's own and it only happened momentarily.
DNS caching is disabled on my system so all lookups are fresh.
I think it's DNS,if you use Google or Norton I end up with the Brunei. My trace routes are all to pot as well still.
Hasn't happened again, perhaps their secondary resolver is slightly behind the first and it serviced the query instead.
Quote from: pctech on Jan 02, 2011, 18:05:22
Hasn't happened again, perhaps their secondary resolver is slightly behind the first
I'm sure that's right. My Linux box has Norton DNS hard coded and it it still resolving to the Bruneii page on 212.69.36.28 which is the old server.
Quote from: pctech on Jan 02, 2011, 17:55:11
Looks like the forum is under attack again, just got the hacked by Bruneii message again momentarily.
I fully expect further attacks and we are doing everything we can under difficult circumstances to prevent this from reoccurring. Over the next few days, when IDNet are back in the office, I will be taking further steps to ensure we are as secure as possible.
This was not an attack specifically aimed against us, but an attack on the hosting server which to the best of my knowledge resulted in all the packages hosted there being compromised. The culprits have a history of taking out many thousands of websites. The ultimate purpose has been speculated upon by various organisations but I'd rather not add to that speculation at this time.
Well done to the Staff for getting it all back up so quickly :admin:
Thanks, Alan, they've been working their socks off to fix all the things I keep breaking. :)
:clap: :cheers:
I will echo the sentiments of Alan well done and this INCLUDES you Rik and the whole team :thumb:
You seem to exclude yourself Rik and it must have been so hectic for all concerned thanks
OK Zap.
It's hectic, David, but I'm primarily liaison and poke a stick at things until I've broken them. ;D It's been a team effort with Zap and Martin at the forefront, but every member of the team has been beavering away trying to get things as normal as possible as quickly as we can. I've also managed to interrupt Simon & Tim's Xmas break, for which apologies to them.
We'd like to thank Martin, at iDNet, for taking the time out this morning to get us moved to, and running on, a new server. Everyone else on the old server is still down until at least tomorrow.
Ahhhh good old beavering away ...its been a while but I remember it well.......................oops sorry I drifted there ;D
Of course I excluded no-one except myself as I was having a cup of tea but appreciation to all but your humility suits you sir....wouldlnt suit me I am too big for this ;) ;D ;D
;D
I reckon this was all just a cunning ploy by Rik to see how many people registered to the forum actually have active accounts/email accounts :D
The hackers would wonder what we all do on here and probably wondered why the bothered hacking into us. Perhaps they knew the answer to "Who is this Oldie". ;) >:D
Quote from: Niall on Jan 02, 2011, 23:39:06
I reckon this was all just a cunning ploy by Rik to see how many people registered to the forum actually have active accounts/email accounts :D
Damn, I've been rumbled. ;D
Quote from: Lona on Jan 02, 2011, 23:52:05
The hackers would wonder what we all do on here and probably wondered why the bothered hacking into us. Perhaps they knew the answer to "Who is this Oldie". ;) >:D
Interesting theory. ;D
Quote from: DorsetBoy on Jan 02, 2011, 14:04:31
Oh dear .... as my son says "who crapped in your cornflakes?" :evil: Alf , it is just one of those things, and as much as this team are a pain in the rump they find weak security and dangerous flaws in peoples server set ups and software. If you ask them nicely they'll probably correct the "hack", they do no lasting damage unlike other "idiots".
They are anything but mindless ,that is for sure.
But what gives them the right or responsibility to hack something that does not belong to them? Did they decide to become the Internet Police or something? How would people feel if someone broke into their house and left notes all over the place just to show that it can be done? These people are irresponsible and do not have the right to decide what is safe and what is not by hacking into sites that they do not own or run. It's like saying that i have a cr that can do 150mph so I am allowed to do it because I can, not because it is safe or legal. There can nevwer be any excuse, no matter how reasoned, for these people to attack other peoples sites. By mindless I mean totally slef centred and only thinking of their own technicle prowess, they are not needed and not wanted.
How we agree with that last sentence, Alf. :)
I understand that you cant give full details Rik but in the announcement you said "....one of the other sites which shared the server with us allowed the hackers to take control ".
what does that mean? did they do it deliberately?
The server hosts multiple sites, the security of one of those sites was compromised allowing access to the server. That is how I understand it, Baz.
What Glenn said, Baz, coupled with some careless coding on that site.
And in case anyone is wondering, it wasn't PC Pals.
;D
I never suggested that Simon........did I? :dunno:
:D
You'll find out when Pals re-opens, Baz. If you're banned, Simon took umbrage. ;D
;D ;D ;D
thought I was banned from here a few times today, stupid change of password :laugh: :laugh: :laugh: :laugh:
I noticed you were having trouble remembering. ;D It's safe to change back if you want to.
:slap: :slap: that'll just confuse me more :laugh: :laugh: :laugh:
I had trouble remembering too.
Had to change my network password at work too today.
Quote from: Baz on Jan 03, 2011, 17:30:42
I never suggested that Simon........did I? :dunno:
:D
Just making sure. :eyebrow: ;)
Quote from: Rik on Jan 03, 2011, 17:34:38
It's safe to change back if you want to.
Not having been around for a couple of days I've only just seen this thread - do I not need to change my password now?
No, Ian. We were being cautious on Sunday until we could be sure the data files had not been compromised. We know now that they haven't. :)
Thanks Rik :thumb:
I hate having to remember new passwords.
Amazing that Idnet was able to get this forum up and running almost immediately but failed to get the business websites up sooner. I am still down and tomorrow will be a full 4 days!!!!! Email them, call them..then 5:00PM comes and oops..the man you need to speak to has gone home. That's just great!!! Lose a server and pens down at 5:00 while my ecommerce site is losing 1K a day! Only way I knew what happened was through this forum as there was no notification from them about what happened. Thumbs down!
Sorry to hear your site is still down, but welcome to the forum. I'm not sure there's much we can do to help you from here. It's really something you need to talk to IDNet about, but someone who knows a bit about hosting may have some advice to offer soon.