Did we get hacked again? A while ago I tried to visit the site and everything was in some foreign language. Now all the entries are old.
Did we get hacked?
Thu, 06/24/2004 - 15:41
Thu, 06/24/2004 - 16:06
#1
Did we get hacked?
Whatever it was it looked pretty heavy. A day and a half down. It somehow came in the same day I downloaded Mozilla Firefox.
Hope all is ok, and I know Darke, Fast, and Hpox have been working their butts off to get it back together.
Thanks guys, we're glad to have it back.
-Steve
Thu, 06/24/2004 - 16:27
#3
Did we get hacked?
Man, that was pretty interesting.
At one point I was able to see the individual php pages and a MySQL dump showing all of the posts (I noticed that some of the most recent posts were missing).
Kind of neat, gave me some insight on the backend of things.
I wish you guys (Darke, Hpox) and so on and getting things back in order.
I hope you didn't loose any data though.
--DarkDream
Thu, 06/24/2004 - 16:41
#4
Did we get hacked?
Pretty much all of June was lost (forum posts).
We're working on migrating things over to a less-hack-attractive CMS.
-- Matthew
(PS: Darke's work was nothing short of heroic on this)
Thu, 06/24/2004 - 17:44
#5
Did we get hacked?
Its a possibility to be sure. I don't see my posts from the past 2 weeks anywhere.
Thu, 06/24/2004 - 22:59
#9
What the foreign language was.
I saw the strange language myself and confirmed it with my Chinese friends.
On the home page, nothing nasty was said.
Here is the translations as I received it:
This is Chinese. It says that only autorized memeber can be access this web.
It also says that if you register it as member, you could acess it.
you can press here to register free,and then you can save this title without limit,thanks.
Sorry. I just had to know what it said :)
PP
Thu, 06/24/2004 - 23:00
#10
And the language was
Probably obvious by my post, but hte writing was in fact Chines.
PP
Fri, 06/25/2004 - 10:10
#11
Yes
The hacker(s) set the default language to chinese....
Basically they went through and messed with all of the site settings also. Pretty much anything that was set a certain way; they set it some other way. It's been very frustrating trying to fix all of the little annoying things that they broke.
Unfortunately, as is evident from my news post, my time is limited. Fastlearner and I are continuing to explore a replacement for PHPnuke. In all honesty, I have no method from preventing the hack again because I do not know how they did it. So at any time they could strike again and I'd have to fix it all over again.
That is all for now.
-Darke
Fri, 06/25/2004 - 10:18
#12
Re: Yes
Darkehorse wrote:
Fastlearner and I are continuing to explore a replacement for PHPnuke.-Darke
Have you considered PostNuke? From what I understand, it has a common heritage with PHPnuke, but the two diverged some time ago. HoustonGamers dot org uses PostNuke and, knock on wood, we haven't had any problems (yet...as I jinx us).
Fri, 06/25/2004 - 14:12
#13
Re: Yes
MikeDew wrote:
Darkehorse wrote:Fastlearner and I are continuing to explore a replacement for PHPnuke.-Darke
Have you considered PostNuke? From what I understand, it has a common heritage with PHPnuke, but the two diverged some time ago. HoustonGamers dot org uses PostNuke and, knock on wood, we haven't had any problems (yet...as I jinx us).
Yes I have looked it over. It looks good but there's not a lot of addons available for it. I think we are leaning towards Tikiwiki.
-Darke
Fri, 06/25/2004 - 14:42
#14
Re: Yes
They probably have used XSS exploits, this kind of attack is complex to prevent and any dynamic content web site is potentially vulnerable.
Some basic information:
http://httpd.apache.org/info/css-security/
Darkehorse wrote:
The hacker(s) set the default language to chinese....
Basically they went through and messed with all of the site settings also. Pretty much anything that was set a certain way; they set it some other way. It's been very frustrating trying to fix all of the little annoying things that they broke.
Unfortunately, as is evident from my news post, my time is limited. Fastlearner and I are continuing to explore a replacement for PHPnuke. In all honesty, I have no method from preventing the hack again because I do not know how they did it. So at any time they could strike again and I'd have to fix it all over again.
That is all for now.
-Darke
Fri, 06/25/2004 - 15:07
#15
Re: Yes
caparica wrote:
They probably have used XSS exploits, this kind of attack is complex to prevent and any dynamic content web site is potentially vulnerable.
Some basic information:
http://httpd.apache.org/info/css-security/
Actually there is a vunerability in PHP nuke called SQL injection and that is what they used. None of the actual files of the site were modified (which would have been the case if it were an Apache exploit), only the settings/data contained in the SQL database.
-Darke
Fri, 06/25/2004 - 16:27
#16
Did we get hacked?
They used SQL injection? Damn, that's irritating. You can protect agains SQL injection, really 100% of the time, but it just takes writing a lot of code and being really careful.
SQL injection is a shockingly easy exploit and tons of sites are vulnerable to it. :(
-- Matthew
Fri, 06/25/2004 - 17:25
#17
Did we get hacked?
At least keep a backup of all site settings (and hopefully the db). That way if anything is messed with, you can just restore without having to find everything that's changed.
Fri, 06/25/2004 - 17:37
#18
Did we get hacked?
I was regularly backing up the site's files, but was neglecting to backup the database (unknowingly -- thought I was). That made it worse than it needed to be.
-- Matthew
Fri, 06/25/2004 - 21:21
#19
Did we get hacked?
FYI, the title bar of the site is still hacked. Dunno if you guys have noticed... :(
Fri, 06/25/2004 - 22:40
#20
Yeah
IngredientX wrote:
FYI, the title bar of the site is still hacked. Dunno if you guys have noticed... :(
I noticed. It's fixed now.. It seems like they took over Sedj's and Jwarrend's admin accounts. I was forced to delete their accounts...
Like I said before, we could be sitting on a ticking time bomb as I don't really have the time to research and fix the vunerability.
-Darke
Fri, 06/25/2004 - 23:12
#21
Re: Yeah
Darkehorse wrote:
It seems like they took over Sedj's and Jwarrend's admin accounts. I was forced to delete their accounts...
Oh well, it was fun while it lasted...
-J
Sat, 06/26/2004 - 04:41
#22
Did we get hacked?
I'm working on the SQL transformations required to move the forums... once I figure it out I'll complete the basic stuff on the Tiki and move the messages over (I've got the basic forums set up there now, but without messages). It's got some quirks, but I'm sure they can be worked out.
-- Matthew
Sat, 06/26/2004 - 07:28
#23
Did we get hacked?
so ummm....
do we have any idea who did this? is it the same guy(s) that did it before?
i could probably ... you know....
call a guy. he uh... knows his way around this kind of thing...
he could probably ... you know....
"deal" with the problem...
... some how...
it would simply be something to challenge him to do it... not even .. you know.. for pay or anything...
.... i'm just sayin'....
anyway... i'm only about one quarter joking so uh..
yeah...
carry on then.
Sat, 06/26/2004 - 08:12
#24
Did we get hacked?
Hello!
Listen... I know who hacked your website, and it wasnt me.
I know the person who did it, and i even know where he lives.
Please dont look at PaulEnsane, because this person wrote my name in purpose so you will think that I hacked it.
I am very sorry for the inconvinience that person caused to you... He uses Darkehorse's account to change the forum caption and stuff.
Please block the SQL Injection errors to avoid that.
Thank you for your attenton!
Paul
Sat, 06/26/2004 - 08:55
#25
Did we get hacked?
He used SQL Injection?
The newer versions of PHPNuke has corrected those, didn't it?
Paulo
WARCHiLD wrote:
Hello!
Listen... I know who hacked your website, and it wasnt me.
I know the person who did it, and i even know where he lives.
Please dont look at PaulEnsane, because this person wrote my name in purpose so you will think that I hacked it.
I am very sorry for the inconvinience that person caused to you... He uses Darkehorse's account to change the forum caption and stuff.
Please block the SQL Injection errors to avoid that.
Thank you for your attenton!
Paul
Sat, 06/26/2004 - 09:49
#26
Did we get hacked?
Yeah he did use SQL injection
Sat, 06/26/2004 - 15:03
#27
Thanks
WARCHiLD wrote:
Yeah he did use SQL injection
for the insight Mr. Hacker.. Consider yourself banned...
Sun, 06/27/2004 - 10:53
#28
Re: Thanks
Darkehorse wrote:
for the insight Mr. Hacker.. Consider yourself banned...
Isn't that... potentially killing the messenger... ? Or is it just because he knows the loop hole exists? Because caparica seems to know about it as well.
Sun, 06/27/2004 - 11:10
#29
Re: Thanks
Fos wrote:
Darkehorse wrote:for the insight Mr. Hacker.. Consider yourself banned...
Isn't that... potentially killing the messenger... ? Or is it just because he knows the loop hole exists? Because caparica seems to know about it as well.
The E-mail address he used to sign in was the same as that as the hackers.. Hardly a coincidence. He also signed in the very day we were hacked.
-Darke
Don't worry, I'm not a loose cannon! :wink:
Sun, 06/27/2004 - 13:47
#30
And to recover so quickly, you guys are amazing! Thank you for everything you do for this site!
p.s. It looks like the quote function may need some work still, and possibly the emoticons. : )