Forum Home
    • Register
    • Login
    • Search
    • Recent
    • Tags
    • Popular

    How much should we worry about Forum Hacking?

    Attacks and Feathercoin Security
    15
    39
    21684
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • wrapper
      wrapper Moderators last edited by

      [url=http://www.youtube.com/watch?v=zeHMCHJAoXA#ws]How Bitcointalk org Could Be Hacked Part 1 of 2][/url]

      and what do we do about it?

      +++ Weren’t Bitcoin Forum hacked just after this video was released?

      >>>>>>News…

      The more I look into this potential problem (Scams and Hacks) “Condition Monitoring” by members for this fault is continuous at this membership level, have we hit another 51%?

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User last edited by

        Could you expand on this?

        1 Reply Last reply Reply Quote 0
        • N
          netnerd Regular Member last edited by

          well we should worry now >:( As soon as it happened I went to d4tabase.com and created account I have been able to download entire user database no passwords but usernames and emails >:( I wish these people used there skills for something productive, they are no better than the kids that marker tag the local shop shutters >:(. I dint think they got passwords although not completely sure as you need premium account to access some of the site ie VIP area.

          1 Reply Last reply Reply Quote 0
          • R
            Ruthie last edited by

            Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.

            1 Reply Last reply Reply Quote 0
            • R
              Ruthie last edited by

              Do you think we ought to change passwords?

              1 Reply Last reply Reply Quote 0
              • N
                netnerd Regular Member last edited by

                [quote name=“Ruthie” post=“53477” timestamp=“1390171739”]
                Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
                [/quote]
                I can send you the text file db i managed to download or tell me where to send it?

                1 Reply Last reply Reply Quote 0
                • N
                  netnerd Regular Member last edited by

                  [quote name=“Ruthie” post=“53478” timestamp=“1390171781”]
                  Do you think we ought to change passwords?
                  [/quote]
                  I think password change maybe a good idea just as a precaution.

                  1 Reply Last reply Reply Quote 0
                  • R
                    Ruthie last edited by

                    Bush and Ghostlander taking a look into it as I type.

                    1 Reply Last reply Reply Quote 0
                    • R
                      Ruthie last edited by

                      [quote name=“netnerd” post=“53479” timestamp=“1390171987”]
                      [quote author=Ruthie link=topic=6799.msg53477#msg53477 date=1390171739]
                      Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
                      [/quote]
                      I can send you the text file db i managed to download or tell me where to send it?
                      [/quote]

                      PM what you have to Bushstar

                      1 Reply Last reply Reply Quote 0
                      • N
                        netnerd Regular Member last edited by

                        [quote name=“Ruthie” post=“53483” timestamp=“1390172202”]
                        [quote author=netnerd link=topic=6799.msg53479#msg53479 date=1390171987]
                        [quote author=Ruthie link=topic=6799.msg53477#msg53477 date=1390171739]
                        Yeah, I was straight on P0wersurge.com forums too, you have to sign up for more info.
                        [/quote]
                        I can send you the text file db i managed to download or tell me where to send it?
                        [/quote]

                        PM what you have to Bushstar
                        [/quote]
                        ok on it now

                        1 Reply Last reply Reply Quote 0
                        • Bushstar
                          Bushstar last edited by

                          So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.

                          [url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]

                          You can get the source from here.
                          [url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]

                          I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.

                          I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.

                          Donate: 6hf9DF8H67ZEoW9KmPJez6BHh4XPNQSCZz

                          1 Reply Last reply Reply Quote 0
                          • C
                            chrisj Regular Member last edited by

                            [quote name=“Bushstar” post=“53490” timestamp=“1390173134”]
                            So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.

                            [url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]

                            You can get the source from here.
                            [url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]

                            I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.

                            I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.
                            [/quote]

                            Man that is hte best ASCI art I have ever seen.

                            1 Reply Last reply Reply Quote 0
                            • N
                              netnerd Regular Member last edited by

                              [quote name=“chrisj” post=“53492” timestamp=“1390173340”]
                              [quote author=Bushstar link=topic=6799.msg53490#msg53490 date=1390173134]
                              So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.

                              [url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]

                              You can get the source from here.
                              [url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]

                              I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.

                              I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.
                              [/quote]

                              Man that is hte best ASCI art I have ever seen.
                              [/quote]
                              It was pretty cool

                              don’t know if this is what you are looking for Bushstar [url=http://www.youtube.com/watch?v=Was3qt_KFtw#ws]Smf forums hack[/url].
                              I know one thing the person responsible for creating the art was not the person who hacked the page. I think the hacker may be in trouble with his vandal mates for removing credits form the animation

                              1 Reply Last reply Reply Quote 0
                              • R
                                Ruthie last edited by

                                How do you know nn?

                                1 Reply Last reply Reply Quote 0
                                • S
                                  slavco Regular Member last edited by

                                  Wrong aproach from hack recovering… If it’s 0day it will repeat! Check server processes and find the entry point… I can’t believe what I’m reading here…

                                  1 Reply Last reply Reply Quote 0
                                  • N
                                    netnerd Regular Member last edited by

                                    [quote name=“Ruthie” post=“53496” timestamp=“1390173961”]
                                    How do you know nn?
                                    [/quote]
                                    nn?

                                    1 Reply Last reply Reply Quote 0
                                    • R
                                      Ruthie last edited by

                                      Sorry, the question was directed at you netnerd, I just addressed you after.

                                      1 Reply Last reply Reply Quote 0
                                      • T
                                        Tuck Fheman last edited by

                                        [url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/[/url]

                                        [quote]All three vulnerabilities are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5. The SMF team has released updates (version 1.1.19 and 2.0.6) which fix the clickjacking problem (via an X-Frame-Options header) and the username faking possibility via multiple consecutive spaces. [b]However, the Unicode homoglyph attack has not yet been fixed[/b] since it is not trivial to filter out all confusable characters while still allowing legitimate Unicode characters in usernames (especially if you can’t use the Spoofchecker class because you have to support PHP versions below 5.4.0).[/quote]

                                        1 Reply Last reply Reply Quote 0
                                        • S
                                          slavco Regular Member last edited by

                                          [quote name=“Tuck Fheman” post=“53510” timestamp=“1390177815”]
                                          [url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/[/url]

                                          [quote]All three vulnerabilities are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5. The SMF team has released updates (version 1.1.19 and 2.0.6) which fix the clickjacking problem (via an X-Frame-Options header) and the username faking possibility via multiple consecutive spaces. [b]However, the Unicode homoglyph attack has not yet been fixed[/b] since it is not trivial to filter out all confusable characters while still allowing legitimate Unicode characters in usernames (especially if you can’t use the Spoofchecker class because you have to support PHP versions below 5.4.0).[/quote]
                                          [/quote]

                                          If this is the case [url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/#toc-2]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/#toc-2[/url] intermediate attacker will have quite a lot of info in his hands. Changing all of the accounts on the services that are related in any way to the *.feathercoin.com is must, cleaning server from possible started processes in the background ( check exec, passtrough, … enabled in php ), check from created php scripts that are web accessible ( usualy they are used as backdor ), check crons & hope if attacker doesn’t execute some exploit against host operating system…

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            Tuck Fheman last edited by

                                            Not sure if this is related, but I’m curious … Chrisj weren’t you “Admin” yesterday and now you’re “Staff”?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post