Andy Y Posted April 18, 2012 Share Posted April 18, 2012 Apologies for the site being offline for 3 hours tonight. There was an issue where readers of most topics were redirected to a website set up by some left-wing activists (the sort who think it's fun to compromise the sites of public bodies). It didn't help that I was out at the time so didn't have access to all my usual facilities. The site was turned offline to carry out investigations and minimise the risk for users. There was no satisfactory or transparent answer from the software's support forums over the cause but it's apparent it has affected numerous social/community sites, particularly those using Invision and VBulletin software. I have isolated certain modifications to the basic software that were written by third parties which may have given this loophole to hackers and initial indications show that the site is performing albeit slowly now the problem has been isolated. It does still mean that further work needs to be undertaken but I hope this makes it unnecessary to take the site offline or resort to the backup. Thank you for your patience this evening. Link to post Share on other sites More sharing options...
kiwinewt Posted April 18, 2012 Share Posted April 18, 2012 Thanks Andy. Good luck! Link to post Share on other sites More sharing options...
The Yorkshire Pud Posted April 18, 2012 Share Posted April 18, 2012 Good job Andy .... well caught mate !! Link to post Share on other sites More sharing options...
The Nth Degree Posted April 19, 2012 Share Posted April 19, 2012 So having a 'proper' job still doesn't come with regular hours? Link to post Share on other sites More sharing options...
Andy Y Posted April 19, 2012 Author Share Posted April 19, 2012 - not at all! I don't mind; it was just a shame it interrupted an evening with modelling friends which was quite welcome after a day dealing with some real oafish behaviour. Sadly it's a fact of life that a percentage of people who use the internet are idiots and some site users are no better. We all do it for the majority though. Link to post Share on other sites More sharing options...
Theakerr Posted April 19, 2012 Share Posted April 19, 2012 Thanks Andy. Seems your work is never done. Link to post Share on other sites More sharing options...
gordon s Posted April 19, 2012 Share Posted April 19, 2012 Thanks for getting us back and running. Just before the site went down I got a huge SQL error, that ran for pages. Probably nothing to do with it, but I kept a copy, just in case. Let me know if it is of use and I'll send it across. Link to post Share on other sites More sharing options...
45584 Posted April 19, 2012 Share Posted April 19, 2012 Hello Andy, I have lost my member image as on this reply. Should I reupload an image? Thanks, Trevor. (45584). Link to post Share on other sites More sharing options...
Andy Y Posted April 19, 2012 Author Share Posted April 19, 2012 Hi Trevor, I can see your avatar. It may be worth trying to refresh your browser first before re-uploading. Link to post Share on other sites More sharing options...
45584 Posted April 19, 2012 Share Posted April 19, 2012 Hello Andy, Photo reuploaded. Thanks, Trevor. Link to post Share on other sites More sharing options...
RMweb Gold Stubby47 Posted April 19, 2012 RMweb Gold Share Posted April 19, 2012 There was an issue where readers of most topics were redirected to a website set up by some left-wing activists MRJ, MR, RM ??? (Joking, honest !! ) Link to post Share on other sites More sharing options...
RMweb Gold Metr0Land Posted April 19, 2012 RMweb Gold Share Posted April 19, 2012 Thanks from me also. Link to post Share on other sites More sharing options...
Andy Y Posted April 19, 2012 Author Share Posted April 19, 2012 A frustrating twenty minutes or so. This is a situation involving a crime and action would be possible but it's hard work to try and make progress. Nominet are powerless to isolate the domain, the hosting provider will not investigate unless it's a statutory body making the complaint and it's not possible to directly contact the Met's e-crime unit although a basic outline of the crime has been submitted. It appears that the problem is spreading rapidly and we got off comparatively lightly. It seems where the problem has occurred on any VBulletin softwared site the admin has been locked out of the site and all members received emails supposedly from site admin promoting this jforjustice site and members login details were accessed. This does not appear to be the case in any IPB softwared site but I would urge all users to take care on any forum/community or social network site and ensure that you do not use any access information shared with the more important aspects of online life such as banking passwords. Link to post Share on other sites More sharing options...
trisonic Posted April 19, 2012 Share Posted April 19, 2012 Here's my report from the USA (for what it is worth). I never got re-routed anywhere. I did notice intermittent delays (over the past week or so) some very long that resulted in an SQL message that blamed my IP.....with the benefit of hindsight I now realize that the delays only affected RMWeb - to be honest I got used to them.....I guess that I assumed some work was being done. Safari/IMac. Best, Pete Link to post Share on other sites More sharing options...
RMweb Gold PaulRhB Posted April 19, 2012 RMweb Gold Share Posted April 19, 2012 If login details were accessed should members change their passwords? Thanks for the catch Andy Link to post Share on other sites More sharing options...
RMweb Gold RedgateModels Posted April 19, 2012 RMweb Gold Share Posted April 19, 2012 I would urge all users to take care on any forum/community or social network site and ensure that you do not use any access information shared with the more important aspects of online life such as banking passwords. Link to post Share on other sites More sharing options...
halfwit Posted April 19, 2012 Share Posted April 19, 2012 Hacking a model railway site - thats going to overthrow the government isn't it? Muppets. Link to post Share on other sites More sharing options...
RMweb Gold PaulRhB Posted April 19, 2012 RMweb Gold Share Posted April 19, 2012 Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts Link to post Share on other sites More sharing options...
RMweb Premium PhilJ W Posted April 19, 2012 RMweb Premium Share Posted April 19, 2012 I got the SQL message on several occasions prior to the hacking attempt. It sounds as if this is evidence of a hacking attempt, so if it happens again at least we have a warning. Link to post Share on other sites More sharing options...
RMweb Premium Ian J. Posted April 19, 2012 RMweb Premium Share Posted April 19, 2012 Is the Marketplace site affected at all? I presume not, being that it's different software, but always worth asking. Link to post Share on other sites More sharing options...
Andy Y Posted April 19, 2012 Author Share Posted April 19, 2012 Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts No; I don't believe it's necessary to do so. There's no evidence any login information was accessed or used. It was more a point to be very careful of the information used on any VBulletin softwared sites (it normally says at the bottom of the page what software any forum uses) I got the SQL message on several occasions prior to the hacking attempt. It sounds as if this is evidence of a hacking attempt, so if it happens again at least we have a warning. No; it's not related at all. Is the Marketplace site affected at all? I presume not, being that it's different software, but always worth asking. No; totally unaffected; it's different software and a different database. The problem is isolated to a plug-in to the forum software. Link to post Share on other sites More sharing options...
PLD Posted April 19, 2012 Share Posted April 19, 2012 Hi Redgate, what I was trying to clear up is whether our logins for this site need to change, I don't use the SAME password for other accounts Changing you user ID should not be necessary, but as I think you already have don't use the same username & password combination on multiple sites. In particular it is advisable NOT to use the use the same password for a website/forum as you use for the e-mail address used to register on that forum... Link to post Share on other sites More sharing options...
Andy Y Posted April 19, 2012 Author Share Posted April 19, 2012 Hacking a model railway site - thats going to overthrow the government isn't it? Muppets. Indeed; but in their eyes they feel they'll have succeeded in getting a few hundred people to be forced to land on their propaganda page. The reverse is more likely to result where there is less sympathy for their cause if people are duped/inconvenienced. Link to post Share on other sites More sharing options...
RMweb Gold beast66606 Posted April 19, 2012 RMweb Gold Share Posted April 19, 2012 Indeed; but in their eyes they feel they'll have succeeded in getting a few hundred people to be forced to land on their propaganda page. The reverse is more likely to result where there is less sympathy for their cause if people are duped/inconvenienced. It may have been an attempt to install some bots to allow a distributed DoS attack somewhere else, but they were unable to do that so they did a little redirection hacking instead. Keyboard warriors. I have sympathies on the reporting it to the authorities front, the game server I used to administer was periodically attacked and crashed by the same muppet, we had the IP address, server logs, firewall logs, wooden logs (!), and despite all of this the ISP refused to do anything*, it seems like it's only a crime if it affects big organisations (despite our site costing money to run and the extra traffic the hacker generated caused the usage to peak over the limit so actually cost us hard cash) - as you've found out. * We did ban his IP eventually, but we wanted action taking against him for his malicious actions so we allowed him to play and logged his every move. Link to post Share on other sites More sharing options...
hayfield Posted April 19, 2012 Share Posted April 19, 2012 Andy Looking at the timing of your posts you seem to have got to bed late and got up early. A big thanks for all your efforts sorting it out especially the time of day (night) it happened Link to post Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.