View Full Version : Unicyclist.com Forum Hacked and Back Under Control

2004-11-14, 03:52 AM
The Unicyclist.com Forums were hacked into using an exploit in the forum software, which I did not have up to date (sorry). They gained access to the forum admin area. It's now all restored, upgraded, and little damage was done, just the news forum was wiped out (and I can restore most of that from backups).

2004-11-14, 04:03 AM
Thanks Gilby.

2004-11-14, 04:17 AM
íVictoria por Gilby siempre!

2004-11-14, 04:34 AM
Thanks Gilby
That was quick. The forum was only down for a couple of hours. I was expecting it to be down longer than that while you fixed things up, upgraded what needed upgrading, and looked for other hidden surprises.

2004-11-14, 06:45 AM
Thanks a lot. I don't think we can give you enough credit for bringing it back up so fast and being so on the ball.

So nothing was lost besides the news? I became alarmed when I saw this:


2004-11-14, 06:57 AM
Originally posted by TheObieOne3226
So nothing was lost besides the news?

That's it, as far as I can tell.

2004-11-14, 09:08 AM
Thanks, Gilby. A most impressive response time!


2004-11-14, 01:35 PM
Gilby, thanks for providing and taking care of the forum. You offer a great service to the unicycle community. You did a great job getting it back up and running.

2004-11-14, 02:04 PM
Dear Gilby

Thanks for fixing it and for keeping this site going. I'd be lost without it.


2004-11-14, 02:10 PM
Thanks a load.


2004-11-14, 02:28 PM
Thanks Gilby, u da MAN!!!!!!!!!!!!!!!!!

2004-11-14, 02:52 PM
It was a scary half hour sitting, listening to ObieOne count down the threads disappearing slowly, but everyone was sure that you'd pull through and keep the site we are all so addicted to up and running. Thanks for all that you do Gilby.

2004-11-14, 04:11 PM
The German Forum got the english style. First I was surprised, because in my opinion the english style looks better. Next I checked my bookmark, I thought, it is really the english forum but that thought was wrong. Hmm, but before you change the german style, open a poll in there, some are maybe with my opinion, of course the rest not. But let us the chance for that decision...

Ride On,

2004-11-14, 04:12 PM
Why does someone do something like that?
But don't worry Gilby. Someone who does something like that, is a real fool.
This is a great page.:mad:

2004-11-14, 08:12 PM
There is also an error on the unicyclist.com page. The login falls into an error, with the db-connection. Seems like you have changed the forum-db's password, and forget to change it on the site's connection, too?

Ride On
- gossi

2004-11-14, 09:33 PM
Gilby, Thanks for making this forum available to us (even when you have to deal with the unexpected!) Great job...


2004-11-15, 09:29 AM
adding to the chorus of "THANK U's"


2004-11-15, 10:07 AM
Gilby, there's a guy in my internet class who knows about this kind of thing and he reckons you should:

"Check the full sites DIr structure and check for any PHP or ASP or CGI scripts pages or documents that you dont know.

What an attacker will do while attacking a site is gain some sort of access to the site's direcotry, if this is whats happened here then they didnt just get access to the forums, they will have prob uploaded a backdoor .asp,.php.cgi file to the site that will allow them to come back any time they like and change edit delete or upload new pages.

They will also prob wait a wee while , this wait allows the site admin, this being you, to feel ok and confident that the attack has been stopped but then in a week or so some pages might start to get changed or files uploaded."

This is what he typed in for me, I don't know anything about all this, I just saw your post, said to him and he told me all this.

Hope it helps.


2004-11-15, 01:09 PM
In Fact "vBulletin" stands for Security, and out of my point of view, I see vB as a save Software. So, I dont know what kind fo custom scripts Gilby adds to this, but maybe there was a SQL-Injection possible. And than, it's no problem to gain administrator access. That is a possible reason and an often used exploit on webthings. So, check every SQL-Statement, be sure that the arguments surrounded by Quotes and addslashes is active either by its function or by magic_quotes_runtime :-).

Ride On,

2004-11-16, 10:57 PM
thanks gilby:D

who would go and hack the unicyclist forums? i mean honestly its not like we're out to get anyone or do anything harmful to society. do we have any enemies i dont know about?

2005-01-13, 09:52 PM
no I don┤t think so, but many two wheelers sees us as enemies sometimes:rolleyes:

CRAZY legs
2005-01-15, 02:55 AM
i dont know if this is the same thing but when I go to this site the resent forum topics are gone. I dont know maby its my comp?

2005-01-16, 04:22 AM
i dont know if this is the same thing but when I go to this site the resent forum topics are gone. I dont know maby its my comp?

The same with mine. I think the website has just changed a little.


2005-01-16, 04:34 AM
The vulnerability was in the script that showed the recent topics.