Forums hacked - Please re-register
#1
Posted 25 September 2004 - 02:57 PM
turns out someone used a flaw in the 1.3 coding of invison board to execute sql commands on the forum database.
Unfortunatly after around 4-5 of trying to find ways to recover the data, we found no way of getting it back
Now:
- All members will have to re-register, and re-validate accounts
- please DO NOT register in other peoples nicknames or i'll personally slap you with a fish
- also if your having problems logging back in, CLEAR YOUR COOKIES AND IT WILL WORK
i'm very very sorry for the inconvience.. but tried all we could
I'd also like to add i just spent about 2 hours sorting out this forum and upgrading it to 1.3.1 so this won't happen again
#2 _*TySoft_*
Posted 25 September 2004 - 04:31 PM
Both sets of backups (a weekly full backup, ran this morning and a nightly SQL backup) were too *new* to be of use. Only other thing we have is an old backup from Jan.
Some real lessons learned, no doubt.
#3
Posted 25 September 2004 - 04:35 PM
#4 _*TySoft_*
Posted 25 September 2004 - 04:36 PM
No, it was not updated. In addition to ssi.php, there were other vulnerabilities (with calendar, etc) under the old 1.3.0.Just wondering, but IPB had an ssi.php vulnerability they released a patch for. The same thing happened on another forum I was working on as a modifier, so I was wondering if you updated the ssi.php when they released it or not. It could be why.
ssi.php is now deleted, not used here anyway.
#5
Posted 25 September 2004 - 04:37 PM
we where using version 1.3 of the ipb and it had 4 different ways of executing SQL through the url
and now we are on 1.3.1 with no ways of getting in
#6
Posted 25 September 2004 - 04:55 PM
Special thanks to Jay and Tysoft who have worked for 6+ hours straight on fixing this mess. <3
Faken
#7
Posted 25 September 2004 - 05:12 PM
#8
Posted 25 September 2004 - 06:55 PM
VERY LUCKY, had the user had alittle more smarts he probably could have wiped the forum clean. Pretty ghey that some one would do that to p2l though.Luckily only a few tables were affected.
#9
Posted 25 September 2004 - 08:18 PM
Maybeeeeee cannarism did it because we all gave him a hard time about signatures or was just a random attack, you could most likelly make a program to search for that vunrability
#10
Posted 25 September 2004 - 08:32 PM
#11
Posted 25 September 2004 - 08:40 PM
Lets not lay blame... Cannarism might feel bad (unless you're kidding, I can never tell)...well ive got a conspiracy theory here
Maybeeeeee cannarism did it because we all gave him a hard time about signatures or was just a random attack, you could most likelly make a program to search for that vunrability
#12
Posted 25 September 2004 - 09:05 PM
#13
Posted 25 September 2004 - 09:06 PM
If you havent been reading any of tysofts or jays posts. The user used sql injection flaws through url's. Yes this is possible.well ive got a conspiracy theory here
Maybeeeeee cannarism did it because we all gave him a hard time about signatures or was just a random attack, you could most likelly make a program to search for that vunrability
#14
Posted 25 September 2004 - 09:18 PM
Faken
#15
Posted 25 September 2004 - 09:44 PM
#16
Posted 25 September 2004 - 10:03 PM
#17
Posted 25 September 2004 - 10:54 PM
Thanks for getting the forums back up though. Greatly appreciated.
#18
Posted 26 September 2004 - 12:54 AM
#19
Posted 26 September 2004 - 03:48 AM
#20
Posted 26 September 2004 - 05:44 AM
he tried to wipe the forum clean, but as tysoft said the mod_security hes installed detected the constant SQL injections and blocked them before he could go any furtherVERY LUCKY, had the user had alittle more smarts he probably could have wiped the forum clean. Pretty ghey that some one would do that to p2l though.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users