How much should we worry about Forum Hacking?
-
Could you expand on this?
-
well we should worry now >:( As soon as it happened I went to d4tabase.com and created account I have been able to download entire user database no passwords but usernames and emails >:( I wish these people used there skills for something productive, they are no better than the kids that marker tag the local shop shutters >:(. I dint think they got passwords although not completely sure as you need premium account to access some of the site ie VIP area.
-
Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
-
Do you think we ought to change passwords?
-
[quote name=“Ruthie” post=“53477” timestamp=“1390171739”]
Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
[/quote]
I can send you the text file db i managed to download or tell me where to send it? -
[quote name=“Ruthie” post=“53478” timestamp=“1390171781”]
Do you think we ought to change passwords?
[/quote]
I think password change maybe a good idea just as a precaution. -
Bush and Ghostlander taking a look into it as I type.
-
[quote name=“netnerd” post=“53479” timestamp=“1390171987”]
[quote author=Ruthie link=topic=6799.msg53477#msg53477 date=1390171739]
Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
[/quote]
I can send you the text file db i managed to download or tell me where to send it?
[/quote]PM what you have to Bushstar
-
[quote name=“Ruthie” post=“53483” timestamp=“1390172202”]
[quote author=netnerd link=topic=6799.msg53479#msg53479 date=1390171987]
[quote author=Ruthie link=topic=6799.msg53477#msg53477 date=1390171739]
Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
[/quote]
I can send you the text file db i managed to download or tell me where to send it?
[/quote]PM what you have to Bushstar
[/quote]
ok on it now -
So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.
[url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]
You can get the source from here.
[url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.
I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.
-
[quote name=“Bushstar” post=“53490” timestamp=“1390173134”]
So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.[url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]
You can get the source from here.
[url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.
I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.
[/quote]Man that is hte best ASCI art I have ever seen.
-
[quote name=“chrisj” post=“53492” timestamp=“1390173340”]
[quote author=Bushstar link=topic=6799.msg53490#msg53490 date=1390173134]
So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.[url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]
You can get the source from here.
[url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.
I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.
[/quote]Man that is hte best ASCI art I have ever seen.
[/quote]
It was pretty cooldon’t know if this is what you are looking for Bushstar [url=http://www.youtube.com/watch?v=Was3qt_KFtw#ws]Smf forums hack[/url].
I know one thing the person responsible for creating the art was not the person who hacked the page. I think the hacker may be in trouble with his vandal mates for removing credits form the animation -
How do you know nn?
-
Wrong aproach from hack recovering… If it’s 0day it will repeat! Check server processes and find the entry point… I can’t believe what I’m reading here…
-
[quote name=“Ruthie” post=“53496” timestamp=“1390173961”]
How do you know nn?
[/quote]
nn? -
Sorry, the question was directed at you netnerd, I just addressed you after.
-
[url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/[/url]
[quote]All three vulnerabilities are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5. The SMF team has released updates (version 1.1.19 and 2.0.6) which fix the clickjacking problem (via an X-Frame-Options header) and the username faking possibility via multiple consecutive spaces. [b]However, the Unicode homoglyph attack has not yet been fixed[/b] since it is not trivial to filter out all confusable characters while still allowing legitimate Unicode characters in usernames (especially if you can’t use the Spoofchecker class because you have to support PHP versions below 5.4.0).[/quote]
-
[quote name=“Tuck Fheman” post=“53510” timestamp=“1390177815”]
[url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/[/url][quote]All three vulnerabilities are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5. The SMF team has released updates (version 1.1.19 and 2.0.6) which fix the clickjacking problem (via an X-Frame-Options header) and the username faking possibility via multiple consecutive spaces. [b]However, the Unicode homoglyph attack has not yet been fixed[/b] since it is not trivial to filter out all confusable characters while still allowing legitimate Unicode characters in usernames (especially if you can’t use the Spoofchecker class because you have to support PHP versions below 5.4.0).[/quote]
[/quote]If this is the case [url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/#toc-2]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/#toc-2[/url] intermediate attacker will have quite a lot of info in his hands. Changing all of the accounts on the services that are related in any way to the *.feathercoin.com is must, cleaning server from possible started processes in the background ( check exec, passtrough, … enabled in php ), check from created php scripts that are web accessible ( usualy they are used as backdor ), check crons & hope if attacker doesn’t execute some exploit against host operating system…
-
Not sure if this is related, but I’m curious … Chrisj weren’t you “Admin” yesterday and now you’re “Staff”?
-
[quote name=“Tuck Fheman” post=“53520” timestamp=“1390180669”]
Not sure if this is related, but I’m curious … Chrisj weren’t you “Admin” yesterday and now you’re “Staff”?
[/quote]oh ns… I didn’t even see that. Tuck’s right.