Jump to content
 

Site hack - now overcome.


Recommended Posts

Apologies for the site being offline for 3 hours tonight.

 

There was an issue where readers of most topics were redirected to a website set up by some left-wing activists (the sort who think it's fun to compromise the sites of public bodies). It didn't help that I was out at the time so didn't have access to all my usual facilities.

 

The site was turned offline to carry out investigations and minimise the risk for users. There was no satisfactory or transparent answer from the software's support forums over the cause but it's apparent it has affected numerous social/community sites, particularly those using Invision and VBulletin software. I have isolated certain modifications to the basic software that were written by third parties which may have given this loophole to hackers and initial indications show that the site is performing albeit slowly now the problem has been isolated. It does still mean that further work needs to be undertaken but I hope this makes it unnecessary to take the site offline or resort to the backup.

 

Thank you for your patience this evening.

Link to post
Share on other sites

;) - not at all!

 

I don't mind; it was just a shame it interrupted an evening with modelling friends which was quite welcome after a day dealing with some real oafish behaviour. Sadly it's a fact of life that a percentage of people who use the internet are idiots and some site users are no better.

 

We all do it for the majority though. :)

Link to post
Share on other sites

Thanks for getting us back and running. Just before the site went down I got a huge SQL error, that ran for pages. Probably nothing to do with it, but I kept a copy, just in case. Let me know if it is of use and I'll send it across.

Link to post
Share on other sites

A frustrating twenty minutes or so. This is a situation involving a crime and action would be possible but it's hard work to try and make progress. Nominet are powerless to isolate the domain, the hosting provider will not investigate unless it's a statutory body making the complaint and it's not possible to directly contact the Met's e-crime unit although a basic outline of the crime has been submitted.

 

It appears that the problem is spreading rapidly and we got off comparatively lightly. It seems where the problem has occurred on any VBulletin softwared site the admin has been locked out of the site and all members received emails supposedly from site admin promoting this jforjustice site and members login details were accessed. This does not appear to be the case in any IPB softwared site but I would urge all users to take care on any forum/community or social network site and ensure that you do not use any access information shared with the more important aspects of online life such as banking passwords.

Link to post
Share on other sites

Here's my report from the USA (for what it is worth).

I never got re-routed anywhere. I did notice intermittent delays (over the past week or so) some very long that resulted in an SQL message that blamed my IP.....with the benefit of hindsight I now realize that the delays only affected RMWeb - to be honest I got used to them.....I guess that I assumed some work was being done.

Safari/IMac.

 

Best, Pete

Link to post
Share on other sites

Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts ;)

 

No; I don't believe it's necessary to do so. There's no evidence any login information was accessed or used. It was more a point to be very careful of the information used on any VBulletin softwared sites (it normally says at the bottom of the page what software any forum uses)

 

I got the SQL message on several occasions prior to the hacking attempt. It sounds as if this is evidence of a hacking attempt, so if it happens again at least we have a warning.

 

No; it's not related at all.

 

Is the Marketplace site affected at all? I presume not, being that it's different software, but always worth asking.

 

No; totally unaffected; it's different software and a different database. The problem is isolated to a plug-in to the forum software.

Link to post
Share on other sites

Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts ;)

 

Changing you user ID should not be necessary, but as I think you already have don't use the same username & password combination on multiple sites.

 

In particular it is advisable NOT to use the use the same password for a website/forum as you use for the e-mail address used to register on that forum...

Link to post
Share on other sites

Hacking a model railway site - thats going to overthrow the government isn't it?

 

Muppets.

 

Indeed; but in their eyes they feel they'll have succeeded in getting a few hundred people to be forced to land on their propaganda page. The reverse is more likely to result where there is less sympathy for their cause if people are duped/inconvenienced.

Link to post
Share on other sites

  • RMweb Gold

Indeed; but in their eyes they feel they'll have succeeded in getting a few hundred people to be forced to land on their propaganda page. The reverse is more likely to result where there is less sympathy for their cause if people are duped/inconvenienced.

 

It may have been an attempt to install some bots to allow a distributed DoS attack somewhere else, but they were unable to do that so they did a little redirection hacking instead. Keyboard warriors.

 

I have sympathies on the reporting it to the authorities front, the game server I used to administer was periodically attacked and crashed by the same muppet, we had the IP address, server logs, firewall logs, wooden logs (!), and despite all of this the ISP refused to do anything*, it seems like it's only a crime if it affects big organisations (despite our site costing money to run and the extra traffic the hacker generated caused the usage to peak over the limit so actually cost us hard cash) - as you've found out.

 

 

* We did ban his IP eventually, but we wanted action taking against him for his malicious actions so we allowed him to play and logged his every move.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...