PDA

View Full Version : Unicyclist.com Forum Hacked and Back Under Control


Gilby
2004-11-14, 03:52 AM
The Unicyclist.com Forums were hacked into using an exploit in the forum software, which I did not have up to date (sorry). They gained access to the forum admin area. It's now all restored, upgraded, and little damage was done, just the news forum was wiped out (and I can restore most of that from backups).

andrew_carter
2004-11-14, 04:03 AM
Thanks Gilby.

digitalattrition
2004-11-14, 04:17 AM
íVictoria por Gilby siempre!

john_childs
2004-11-14, 04:34 AM
Thanks Gilby
That was quick. The forum was only down for a couple of hours. I was expecting it to be down longer than that while you fixed things up, upgraded what needed upgrading, and looked for other hidden surprises.

TheObieOne3226
2004-11-14, 06:45 AM
Thanks a lot. I don't think we can give you enough credit for bringing it back up so fast and being so on the ball.


So nothing was lost besides the news? I became alarmed when I saw this:

http://img106.exs.cx/img106/6360/majorhax0r.jpg

Gilby
2004-11-14, 06:57 AM
Originally posted by TheObieOne3226
So nothing was lost besides the news?

That's it, as far as I can tell.

phil
2004-11-14, 09:08 AM
Thanks, Gilby. A most impressive response time!

Phil

mucRider
2004-11-14, 01:35 PM
Gilby, thanks for providing and taking care of the forum. You offer a great service to the unicycle community. You did a great job getting it back up and running.

FatDave
2004-11-14, 02:04 PM
Dear Gilby

Thanks for fixing it and for keeping this site going. I'd be lost without it.

David

darchibald
2004-11-14, 02:10 PM
Thanks a load.

David

Krashin'Kenny
2004-11-14, 02:28 PM
Thanks Gilby, u da MAN!!!!!!!!!!!!!!!!!

Mistercookieface87
2004-11-14, 02:52 PM
It was a scary half hour sitting, listening to ObieOne count down the threads disappearing slowly, but everyone was sure that you'd pull through and keep the site we are all so addicted to up and running. Thanks for all that you do Gilby.

gossi
2004-11-14, 04:11 PM
The German Forum got the english style. First I was surprised, because in my opinion the english style looks better. Next I checked my bookmark, I thought, it is really the english forum but that thought was wrong. Hmm, but before you change the german style, open a poll in there, some are maybe with my opinion, of course the rest not. But let us the chance for that decision...

Ride On,
gossi

Nico
2004-11-14, 04:12 PM
Why does someone do something like that?
But don't worry Gilby. Someone who does something like that, is a real fool.
This is a great page.:mad:

gossi
2004-11-14, 08:12 PM
There is also an error on the unicyclist.com page. The login falls into an error, with the db-connection. Seems like you have changed the forum-db's password, and forget to change it on the site's connection, too?

Ride On
- gossi

MUniMac
2004-11-14, 09:33 PM
Gilby, Thanks for making this forum available to us (even when you have to deal with the unexpected!) Great job...

-Malcolm

GILD
2004-11-15, 09:29 AM
adding to the chorus of "THANK U's"

:)

DarkTom
2004-11-15, 10:07 AM
Gilby, there's a guy in my internet class who knows about this kind of thing and he reckons you should:

"Check the full sites DIr structure and check for any PHP or ASP or CGI scripts pages or documents that you dont know.

What an attacker will do while attacking a site is gain some sort of access to the site's direcotry, if this is whats happened here then they didnt just get access to the forums, they will have prob uploaded a backdoor .asp,.php.cgi file to the site that will allow them to come back any time they like and change edit delete or upload new pages.

They will also prob wait a wee while , this wait allows the site admin, this being you, to feel ok and confident that the attack has been stopped but then in a week or so some pages might start to get changed or files uploaded."

This is what he typed in for me, I don't know anything about all this, I just saw your post, said to him and he told me all this.

Hope it helps.

Thomas.

gossi
2004-11-15, 01:09 PM
In Fact "vBulletin" stands for Security, and out of my point of view, I see vB as a save Software. So, I dont know what kind fo custom scripts Gilby adds to this, but maybe there was a SQL-Injection possible. And than, it's no problem to gain administrator access. That is a possible reason and an often used exploit on webthings. So, check every SQL-Statement, be sure that the arguments surrounded by Quotes and addslashes is active either by its function or by magic_quotes_runtime :-).

Ride On,
gossi

Antimatter
2004-11-16, 10:57 PM
thanks gilby:D

who would go and hack the unicyclist forums? i mean honestly its not like we're out to get anyone or do anything harmful to society. do we have any enemies i dont know about?

fexnix
2005-01-13, 09:52 PM
no I don┤t think so, but many two wheelers sees us as enemies sometimes:rolleyes:

CRAZY legs
2005-01-15, 02:55 AM
i dont know if this is the same thing but when I go to this site the resent forum topics are gone. I dont know maby its my comp?

leeman180
2005-01-16, 04:22 AM
i dont know if this is the same thing but when I go to this site the resent forum topics are gone. I dont know maby its my comp?

The same with mine. I think the website has just changed a little.

-Lee

Gilby
2005-01-16, 04:34 AM
The vulnerability was in the script that showed the recent topics.