[CBRVFR]

That's a non-controversial, inoffensive site. Makes me mad. I trust Conq has this site protected.

Anyway, if some tech guru here can offer help, please email ULEWZ. He's a member here and a mod over there.

http://www.fireblades.org/forums/members/ulewz.html

[ConqSoft]

Wow. That sucks. I was just over there the other day too. When did it happen?

[ConqSoft]

Hopefully they had a pretty recent backup?

Are they on a shared server or dedicated? That's one bad thing about shared servers, if some other site is running a piece of software that has security flaws, the whole server can be affected.

If dedicated, they should go through everything running on the server with a fine-tooth comb and see if there are any known issues. I'm pretty sure they were running the latest version of Invision Powerboard, and I haven't see any security alerts for it.

There's always the chance someone guessed or obtained an FTP or SSH password too...

Just throwing out scenarios.... Do you know any details?

[sheepofblue]

Quote:

Originally Posted by CBRVFR

That's a non-controversial, inoffensive site. Makes me mad. I trust Conq has this site protected.

Anyway, if some tech guru here can offer help, please email ULEWZ. He's a member here and a mod over there.

http://www.fireblades.org/forums/members/ulewz.html

Umm I am far from a guru but has he checked the logs? It should have what IP and how entry was made. The IP might not help but the other might help prevent more attacks. Since it is such a inoffensive sight it is likely script kiddies that are not good enough to cover thier tracks.

EDIT: Also on an educated guess they were running windoz for the attack if that helps determine the vector (they spec'ed fonts that are windoz like names in the HTML

[ConqSoft]

Hmm. Any idea which version they were running? They released a security patch in September. Nothing major though.
http://forums.invisionpower.com/inde...owtopic=186748

[ConqSoft]

It's back...

[Bacchus]

What exactly did this hack consist of - i.e., what repercussions did it have on their site. Whatever, it stinks!

[ConqSoft]

The site was replaced with a screen saying that the site had been hacked by so-and-so, etc.

[Bacchus]

Such childish **** - hope they pay for their actions...

edit: so they will have lost everything back to their last backup? :-(

[CBRVFR]

Sorry, guys, I don't have any background in this stuff, so I don't know what version Miguel is using or if the server is shared or dedicated.. I guess it was down for a few hours last night, and was back up this morning, as Conq noted.


Here's the thread:

http://www.vfrdiscussion.com/forum/i...topic=16019&hl=

and an excerpt-

Quote:

The "hackers" probably exploited a known vulnerability in the version of Ikonboard that Miguel is running. Either that, or the server it's hosted on had some other problem which they exploited.

I work in IT security and I see this type of stuff all the time. The folks who do it are usually male, and aged anywhere between 12 and 30 most commonly. Many of them these days are from Eastern Europe. Nothing you say or do will affect their current state of mind regarding how they feel about what they do. However many of these guys do grow out of it and can end up as normal functioning members of society.

Exploiting a known vulnerability like this is basically targetting the "low hanging fruit". These guys are after the notoriety of defacing a site - especially since any defacements get copied and posted on a central Index. The more defacements your "crew" makes, the higher your perceived standing in the hacker pecking order. I wouldn't call the attack personally that skillful, but what it does demonstrate is the need to be constantly vigilant. If you run a piece of software that has a vulnerability, patch it!

When it comes to "skilled" attacks, I've seen consultants in the team I work in absolutely tear banks to shreds (we're talking complete access to all customer data) within six hours . Now *that's* skill.

In short, don't worry about these guys - they're smalltime. Worry about the organised folks (often males aged over 30) actually trying to commit real organised crime and steal your identity, money, or both. You'll never see them deface anyone's site, or boast of their "1337 m@d sk1llz"; in fact you may never know they ever did anything. It's up to folks like me to stop those boys, and they can be *super* talented. They have the benefit of unlimited time and budget. The defending team is limited in time, people, and money and relies on automated tools to detect and stop attacks.

Currently, we're losing. http://www.vfrdiscussion.com/forum/s...ons/unsure.gif

Maybe Conq could contact Miguel (Hispanicslammer) for more details..


Edit - The difference in the response of the members over there compared to what I would expect here is striking..

I guess that I-4 really does lead to the dark side..