|
 |
|
09-20-2002, 12:54 AM
|
#1
|
|
FLAC
Join Date: Jan 2001
Posts: 1,612
|
How and why the forums were "hacked"
Well, the how part is fairly simple, there are several vulnerabilities in vbulletin and php that allow you to executes malicious commands (such as upping your user status to admin).
What happened was that the 'hacker' (a.k.a. script kiddie) deleted all of the admin users (Aaron, MooN, and Zip-Lock) and the Moderators (Skippman) leaving the forums in the wrong hands.
Fortunately, he deleted the 'forum index' (the part of the MySQL DB that contains forum name and description) instead of deleting some 70,000 posts.
Also all of the private messages sent on or before Sept 6 were lost due to the hacker. In the aftermath, I had to drop all of the custom avatars to allow new ones to work. (if you lost your avatar and don't have a backup LMK and i'll look in the old DB file and see if I can find it.)
Now I can't elaborate on the how I fixed it part because I used several flaws in the server configuration to gain access to the MySQL database.
I'm sure I missed several details in this message.
Discuss if you want.... just don't flame each other.
|
|
|
|
|
|
Advertisement
|
Sponsored links
|
|
09-20-2002, 10:08 AM
|
#2
|
|
Variable Bitrate
Join Date: Jul 2000
Location: Jackson, MS, USA
Posts: 233
|
Have the vulnerabilities been fixed so that this can't happen again?
__________________
24 y/o w/ Silver/Red
2000 Honda S2000
http://www.squeezer.net
|
|
|
|
|
09-20-2002, 11:42 AM
|
#3
|
|
FLAC
Join Date: Jan 2001
Posts: 1,612
|
Quote:
Originally posted by Squeezer
Have the vulnerabilities been fixed so that this can't happen again?
to my knowledge they have been.
|
|
|
|
|
09-20-2002, 11:47 AM
|
#4
|
|
Maximum Bitrate
Join Date: Jun 2001
Location: Boise, ID (USA)
Posts: 551
|
Can you give us a name and address so we can go beat him silly?
|
|
|
|
|
09-20-2002, 12:47 PM
|
#5
|
|
FLAC
Join Date: Jan 2001
Posts: 1,612
|
I don't imagine you guys would want to travel to belgium
|
|
|
|
|
09-20-2002, 01:59 PM
|
#6
|
|
Maximum Bitrate
Join Date: Jul 2002
Location: San Rafael, CA, USA
Posts: 682
|
that's what i figured happened... remember kids.. keep your software up to date!
|
|
|
|
|
09-20-2002, 02:23 PM
|
#7
|
|
Maximum Bitrate
Join Date: Mar 2002
Location: St. Louis, MO
Posts: 762
|
Well send Felix after him, he's in the neighborhood.
__________________
Stereo:Alpine IVA-D900 Head Unit | Alpine PXA-H510 DSP | Boston Pro Component Speakers Upfront | Boston Rally Rear Speakers | 2 Polk 10" Subs in the Trunk | Phoenix Gold Ti900.7 Amp
|
|
|
|
|
09-20-2002, 02:24 PM
|
#8
|
|
FLAC
Join Date: Jan 2001
Posts: 1,612
|
Quote:
Originally posted by Skippman
Well send Felix after him, he's in the neighborhood.
Good Point *Evil Laugh*
|
|
|
|
|
Sponsored links
|
|
Advertisement
|
|
|
09-20-2002, 07:43 PM
|
#9
|
|
Variable Bitrate
Join Date: Apr 2002
Location: Alberta Canada
Posts: 233
|
lol maybe you could post his IP and we could hack him 
just kiddin :P
|
|
|
|
|
09-22-2002, 11:01 AM
|
#10
|
|
Registered User
Join Date: Aug 2001
Location: Missing In Action
Posts: 779
|
Re: How and why the forums were "hacked"
Quote:
Originally posted by bgoodman
How and why the forums were "hacked"
In your post you covered the how, but not the why, do you know if there was a reason behind the attack? and if so why?
:edit: spelling error
__________________
And you say people actually pay money for M$ Windows?
www.mp3mini.co.uk (Does what it says on the URL) www.openclassic.co.uk (The new car, with zero rust!) www.rob-web.co.uk (My other site)
Total re-design underway: on the whole progress is very slow as the car is taking up too much time :)
|
|
|
|
|
09-22-2002, 11:30 AM
|
#11
|
|
Registered User
Join Date: Apr 2002
Location: Europe
Posts: 370
|
Ok ok where do I have to go ?????? *g*
Regards
Felix 
__________________
=>> Carpc Version2 -- Epia M 10K based<<=
::Epia M10k,7"VGA/40GB2.5",GPS,Opus90W ::
::trying to build second low cost carpc::
::Automp3.de :: CAR= Renault Clio2 - 2 seats 1.9D
|
|
|
|
|
09-22-2002, 11:39 AM
|
#12
|
|
Maximum Bitrate
Join Date: Aug 2001
Location: Cambridge & Bristol, UK
Posts: 707
|
I`m just glad it`s werkin again.... Anyway, I wonder if theres a way of backing up the 70k posts, incase somthing similar happens again? hmmm.... 
|
|
|
|
|
09-22-2002, 12:21 PM
|
#13
|
|
FLAC
Join Date: Jan 2001
Posts: 1,612
|
Re: Re: How and why the forums were "hacked"
Quote:
Originally posted by Rob
In your post you covered the how, but not the why, do you know if there was a reason behind the attack? and if so why?
:edit: spelling error
i'm lost as to why anyone would have. Maveric mentioned that there were several VB boards hacked in the same time period.
If my internet wasn't being so goofy i'd elaborate a little more.
|
|
|
|
|
09-22-2002, 12:22 PM
|
#14
|
|
FLAC
Join Date: Jan 2001
Posts: 1,612
|
Quote:
Originally posted by MikeHunt79
I`m just glad it`s werkin again.... Anyway, I wonder if theres a way of backing up the 70k posts, incase somthing similar happens again? hmmm....
believe me, MooN's been on top of backups lately.
|
|
|
|
|
09-23-2002, 04:25 AM
|
#15
|
|
Registered User
Join Date: Jan 2001
Location: The Netherlands
Posts: 626
|
hmmmm.... Belgium... got an address ? hahah
If I threw a stone right now I might reach belgium..
(but serious.. it's like 20 mins for me.. same as germany.. like 10 mins... )
Greetz...
__________________
Raas - The Netherlands
ME: VIA epia m10000, lilliput 7', opus 150w, 80gb<br>
GF: IBM Thinkpad 380, ext. 3.5 80gb, 40x4, PB-IR
|
|
|
|
|
Sponsored links
|
|
Advertisement
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 07:05 PM.
| |
