Skip to Content

Did we get hacked?

50 replies [Last post]
setarcos
Offline
Joined: 07/31/2008

Did we get hacked again? A while ago I tried to visit the site and everything was in some foreign language. Now all the entries are old.

SVan
Offline
Joined: 10/02/2008
Did we get hacked?

Whatever it was it looked pretty heavy. A day and a half down. It somehow came in the same day I downloaded Mozilla Firefox.

Hope all is ok, and I know Darke, Fast, and Hpox have been working their butts off to get it back together.

Thanks guys, we're glad to have it back.

-Steve

Anonymous
Did we get hacked?

SVan wrote:
...I know Darke, Fast, and Hpox have been working their butts off to get it back together.

And to recover so quickly, you guys are amazing! Thank you for everything you do for this site!

p.s. It looks like the quote function may need some work still, and possibly the emoticons. : )

DarkDream
Offline
Joined: 12/31/1969
Did we get hacked?

Man, that was pretty interesting.

At one point I was able to see the individual php pages and a MySQL dump showing all of the posts (I noticed that some of the most recent posts were missing).

Kind of neat, gave me some insight on the backend of things.

I wish you guys (Darke, Hpox) and so on and getting things back in order.

I hope you didn't loose any data though.

--DarkDream

FastLearner
Offline
Joined: 12/31/1969
Did we get hacked?

Pretty much all of June was lost (forum posts).

We're working on migrating things over to a less-hack-attractive CMS.

-- Matthew

(PS: Darke's work was nothing short of heroic on this)

Anonymous
Did we get hacked?

Its a possibility to be sure. I don't see my posts from the past 2 weeks anywhere.

setarcos
Offline
Joined: 07/31/2008
Did we get hacked?

Wow! I just got back from vacation so I assumed the site was just down this morning. Sorry I missed all the excitement.

Awesome job getting the things up and running again so fast guys. (It really did look pretty scary.)

setarcos
Offline
Joined: 07/31/2008
Did we get hacked?

So there's still a bug or two left. (I didn't put any of those happy-faces in my last post. They probably snuck in after I spell-checked in MS-Word then pasted it into my message - the way I usually do.)

setarcos
Offline
Joined: 07/31/2008
Did we get hacked?

OK, never mind. It just looks like there's a bunch of happy-faces in the message until I logout. But at this point I guess I could use one of these red faced guys right ... here! :oops: (Hope it worked.)

Anonymous
What the foreign language was.

I saw the strange language myself and confirmed it with my Chinese friends.

On the home page, nothing nasty was said.

Here is the translations as I received it:

This is Chinese. It says that only autorized memeber can be access this web.

It also says that if you register it as member, you could acess it.

you can press here to register free,and then you can save this title without limit,thanks.

Sorry. I just had to know what it said :)

PP

Anonymous
And the language was

Probably obvious by my post, but hte writing was in fact Chines.

PP

phpbbadmin
Offline
Joined: 04/23/2013
Yes

The hacker(s) set the default language to chinese....

Basically they went through and messed with all of the site settings also. Pretty much anything that was set a certain way; they set it some other way. It's been very frustrating trying to fix all of the little annoying things that they broke.

Unfortunately, as is evident from my news post, my time is limited. Fastlearner and I are continuing to explore a replacement for PHPnuke. In all honesty, I have no method from preventing the hack again because I do not know how they did it. So at any time they could strike again and I'd have to fix it all over again.

That is all for now.

-Darke

Anonymous
Re: Yes

Darkehorse wrote:
Fastlearner and I are continuing to explore a replacement for PHPnuke.-Darke

Have you considered PostNuke? From what I understand, it has a common heritage with PHPnuke, but the two diverged some time ago. HoustonGamers dot org uses PostNuke and, knock on wood, we haven't had any problems (yet...as I jinx us).

phpbbadmin
Offline
Joined: 04/23/2013
Re: Yes

MikeDew wrote:
Darkehorse wrote:
Fastlearner and I are continuing to explore a replacement for PHPnuke.-Darke

Have you considered PostNuke? From what I understand, it has a common heritage with PHPnuke, but the two diverged some time ago. HoustonGamers dot org uses PostNuke and, knock on wood, we haven't had any problems (yet...as I jinx us).

Yes I have looked it over. It looks good but there's not a lot of addons available for it. I think we are leaning towards Tikiwiki.

-Darke

Caparica
Caparica's picture
Offline
Joined: 08/06/2008
Re: Yes

They probably have used XSS exploits, this kind of attack is complex to prevent and any dynamic content web site is potentially vulnerable.
Some basic information:

http://httpd.apache.org/info/css-security/

Darkehorse wrote:
The hacker(s) set the default language to chinese....

Basically they went through and messed with all of the site settings also. Pretty much anything that was set a certain way; they set it some other way. It's been very frustrating trying to fix all of the little annoying things that they broke.

Unfortunately, as is evident from my news post, my time is limited. Fastlearner and I are continuing to explore a replacement for PHPnuke. In all honesty, I have no method from preventing the hack again because I do not know how they did it. So at any time they could strike again and I'd have to fix it all over again.

That is all for now.

-Darke

phpbbadmin
Offline
Joined: 04/23/2013
Re: Yes

caparica wrote:
They probably have used XSS exploits, this kind of attack is complex to prevent and any dynamic content web site is potentially vulnerable.
Some basic information:

http://httpd.apache.org/info/css-security/

Actually there is a vunerability in PHP nuke called SQL injection and that is what they used. None of the actual files of the site were modified (which would have been the case if it were an Apache exploit), only the settings/data contained in the SQL database.

-Darke

FastLearner
Offline
Joined: 12/31/1969
Did we get hacked?

They used SQL injection? Damn, that's irritating. You can protect agains SQL injection, really 100% of the time, but it just takes writing a lot of code and being really careful.

SQL injection is a shockingly easy exploit and tons of sites are vulnerable to it. :(

-- Matthew

Anonymous
Did we get hacked?

At least keep a backup of all site settings (and hopefully the db). That way if anything is messed with, you can just restore without having to find everything that's changed.

FastLearner
Offline
Joined: 12/31/1969
Did we get hacked?

I was regularly backing up the site's files, but was neglecting to backup the database (unknowingly -- thought I was). That made it worse than it needed to be.

-- Matthew

IngredientX
IngredientX's picture
Offline
Joined: 07/26/2008
Did we get hacked?

FYI, the title bar of the site is still hacked. Dunno if you guys have noticed... :(

phpbbadmin
Offline
Joined: 04/23/2013
Yeah

IngredientX wrote:
FYI, the title bar of the site is still hacked. Dunno if you guys have noticed... :(

I noticed. It's fixed now.. It seems like they took over Sedj's and Jwarrend's admin accounts. I was forced to delete their accounts...

Like I said before, we could be sitting on a ticking time bomb as I don't really have the time to research and fix the vunerability.

-Darke

jwarrend
Offline
Joined: 08/03/2008
Re: Yeah

Darkehorse wrote:
It seems like they took over Sedj's and Jwarrend's admin accounts. I was forced to delete their accounts...

Oh well, it was fun while it lasted...

-J

FastLearner
Offline
Joined: 12/31/1969
Did we get hacked?

I'm working on the SQL transformations required to move the forums... once I figure it out I'll complete the basic stuff on the Tiki and move the messages over (I've got the basic forums set up there now, but without messages). It's got some quirks, but I'm sure they can be worked out.

-- Matthew

Nazhuret
Offline
Joined: 12/31/1969
Did we get hacked?

so ummm....

do we have any idea who did this? is it the same guy(s) that did it before?

i could probably ... you know....

call a guy. he uh... knows his way around this kind of thing...

he could probably ... you know....

"deal" with the problem...

... some how...

it would simply be something to challenge him to do it... not even .. you know.. for pay or anything...

.... i'm just sayin'....

anyway... i'm only about one quarter joking so uh..

yeah...

carry on then.

Anonymous
Did we get hacked?

Hello!

Listen... I know who hacked your website, and it wasnt me.
I know the person who did it, and i even know where he lives.
Please dont look at PaulEnsane, because this person wrote my name in purpose so you will think that I hacked it.
I am very sorry for the inconvinience that person caused to you... He uses Darkehorse's account to change the forum caption and stuff.
Please block the SQL Injection errors to avoid that.

Thank you for your attenton!

Paul

Caparica
Caparica's picture
Offline
Joined: 08/06/2008
Did we get hacked?

He used SQL Injection?
The newer versions of PHPNuke has corrected those, didn't it?

Paulo

WARCHiLD wrote:
Hello!

Listen... I know who hacked your website, and it wasnt me.
I know the person who did it, and i even know where he lives.
Please dont look at PaulEnsane, because this person wrote my name in purpose so you will think that I hacked it.
I am very sorry for the inconvinience that person caused to you... He uses Darkehorse's account to change the forum caption and stuff.
Please block the SQL Injection errors to avoid that.

Thank you for your attenton!

Paul

Anonymous
Did we get hacked?

Yeah he did use SQL injection

phpbbadmin
Offline
Joined: 04/23/2013
Thanks

WARCHiLD wrote:
Yeah he did use SQL injection

for the insight Mr. Hacker.. Consider yourself banned...

Fos
Offline
Joined: 12/31/1969
Re: Thanks

Darkehorse wrote:
for the insight Mr. Hacker.. Consider yourself banned...

Isn't that... potentially killing the messenger... ? Or is it just because he knows the loop hole exists? Because caparica seems to know about it as well.

phpbbadmin
Offline
Joined: 04/23/2013
Re: Thanks

Fos wrote:
Darkehorse wrote:
for the insight Mr. Hacker.. Consider yourself banned...

Isn't that... potentially killing the messenger... ? Or is it just because he knows the loop hole exists? Because caparica seems to know about it as well.

The E-mail address he used to sign in was the same as that as the hackers.. Hardly a coincidence. He also signed in the very day we were hacked.

-Darke

Don't worry, I'm not a loose cannon! :wink:

Fos
Offline
Joined: 12/31/1969
Did we get hacked?

Ah, okay. You can see where I might be confused there...

Anyway, this and this should help with the SQL injection stuff. Seems rather simple.

Syndicate content


forum | by Dr. Radut