Jump to content
Andy Y

Site hack - now overcome.

Recommended Posts

 

;) - not at all!

 

I don't mind; it was just a shame it interrupted an evening with modelling friends which was quite welcome after a day dealing with some real oafish behaviour. Sadly it's a fact of life that a percentage of people who use the internet are idiots and some site users are no better.

 

We all do it for the majority though. :)

  • Like 17

Share this post


Link to post
Share on other sites

Thanks for getting us back and running. Just before the site went down I got a huge SQL error, that ran for pages. Probably nothing to do with it, but I kept a copy, just in case. Let me know if it is of use and I'll send it across.

Share this post


Link to post
Share on other sites

Hello Andy,

 

I have lost my member image as on this reply. Should I reupload an image?

 

Thanks,

 

Trevor. (45584).

Share this post


Link to post
Share on other sites

Hi Trevor, I can see your avatar. It may be worth trying to refresh your browser first before re-uploading.

Share this post


Link to post
Share on other sites

Hello Andy,

Photo reuploaded.

Thanks,

Trevor.

Share this post


Link to post
Share on other sites

There was an issue where readers of most topics were redirected to a website set up by some left-wing activists

MRJ, MR, RM ??? (Joking, honest !! :) )

  • Like 5

Share this post


Link to post
Share on other sites

A frustrating twenty minutes or so. This is a situation involving a crime and action would be possible but it's hard work to try and make progress. Nominet are powerless to isolate the domain, the hosting provider will not investigate unless it's a statutory body making the complaint and it's not possible to directly contact the Met's e-crime unit although a basic outline of the crime has been submitted.

 

It appears that the problem is spreading rapidly and we got off comparatively lightly. It seems where the problem has occurred on any VBulletin softwared site the admin has been locked out of the site and all members received emails supposedly from site admin promoting this jforjustice site and members login details were accessed. This does not appear to be the case in any IPB softwared site but I would urge all users to take care on any forum/community or social network site and ensure that you do not use any access information shared with the more important aspects of online life such as banking passwords.

  • Like 10

Share this post


Link to post
Share on other sites

Here's my report from the USA (for what it is worth).

I never got re-routed anywhere. I did notice intermittent delays (over the past week or so) some very long that resulted in an SQL message that blamed my IP.....with the benefit of hindsight I now realize that the delays only affected RMWeb - to be honest I got used to them.....I guess that I assumed some work was being done.

Safari/IMac.

 

Best, Pete

Edited by trisonic

Share this post


Link to post
Share on other sites

If login details were accessed should members change their passwords?

 

Thanks for the catch Andy

Share this post


Link to post
Share on other sites

I would urge all users to take care on any forum/community or social network site and ensure that you do not use any access information shared with the more important aspects of online life such as banking passwords.

Share this post


Link to post
Share on other sites

Hacking a model railway site - thats going to overthrow the government isn't it?

 

Muppets.

  • Like 6

Share this post


Link to post
Share on other sites

Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts ;)

Share this post


Link to post
Share on other sites

I got the SQL message on several occasions prior to the hacking attempt. It sounds as if this is evidence of a hacking attempt, so if it happens again at least we have a warning.

Share this post


Link to post
Share on other sites

Is the Marketplace site affected at all? I presume not, being that it's different software, but always worth asking.

Share this post


Link to post
Share on other sites

Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts ;)

 

No; I don't believe it's necessary to do so. There's no evidence any login information was accessed or used. It was more a point to be very careful of the information used on any VBulletin softwared sites (it normally says at the bottom of the page what software any forum uses)

 

I got the SQL message on several occasions prior to the hacking attempt. It sounds as if this is evidence of a hacking attempt, so if it happens again at least we have a warning.

 

No; it's not related at all.

 

Is the Marketplace site affected at all? I presume not, being that it's different software, but always worth asking.

 

No; totally unaffected; it's different software and a different database. The problem is isolated to a plug-in to the forum software.

  • Like 1

Share this post


Link to post
Share on other sites
Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts ;)

 

Changing you user ID should not be necessary, but as I think you already have don't use the same username & password combination on multiple sites.

 

In particular it is advisable NOT to use the use the same password for a website/forum as you use for the e-mail address used to register on that forum...

Share this post


Link to post
Share on other sites

Hacking a model railway site - thats going to overthrow the government isn't it?

 

Muppets.

 

Indeed; but in their eyes they feel they'll have succeeded in getting a few hundred people to be forced to land on their propaganda page. The reverse is more likely to result where there is less sympathy for their cause if people are duped/inconvenienced.

  • Like 8

Share this post


Link to post
Share on other sites

Indeed; but in their eyes they feel they'll have succeeded in getting a few hundred people to be forced to land on their propaganda page. The reverse is more likely to result where there is less sympathy for their cause if people are duped/inconvenienced.

 

It may have been an attempt to install some bots to allow a distributed DoS attack somewhere else, but they were unable to do that so they did a little redirection hacking instead. Keyboard warriors.

 

I have sympathies on the reporting it to the authorities front, the game server I used to administer was periodically attacked and crashed by the same muppet, we had the IP address, server logs, firewall logs, wooden logs (!), and despite all of this the ISP refused to do anything*, it seems like it's only a crime if it affects big organisations (despite our site costing money to run and the extra traffic the hacker generated caused the usage to peak over the limit so actually cost us hard cash) - as you've found out.

 

 

* We did ban his IP eventually, but we wanted action taking against him for his malicious actions so we allowed him to play and logged his every move.

Share this post


Link to post
Share on other sites

Andy

 

Looking at the timing of your posts you seem to have got to bed late and got up early.

 

A big thanks for all your efforts sorting it out especially the time of day (night) it happened

  • Like 12

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.