-
Hi Guest!
You can help ensure that British Car Forum (BCF) continues to provide a great place to engage in the British car hobby! If you find BCF a beneficial community, please consider supporting our efforts with a subscription.
There are some perks with a member upgrade!**Upgrade Now**
(PS: Subscribers don't see this gawd-aweful banner
Hey - did you know if you click on the title of a thread it will take you to the first unread post since you last visited that thread?
but were afraid to ask: 
STOP!! Never post your email address in open forums. Bots can "harvest" your email! If you must share your email use a Private Message or use the 
smilie in place of the real @
Pretty Please - add it to our Events forum(s) and add to the calendar! >> 
6-pack forum
- Thread starter tomshobby
- Start date
Share this page
G
Guest
Guest
Guest
Offline
We're running an old version of the forum/bb software. It's susceptible to attacks from script kiddies in a couple of places. I have an updated version in test, but need time to install it. The fixes for the mess this *chap* made were simple, it just took a little time to restore stuff back to normal.
Oh, and if any members are reading and are concerned, he couldn't get to personal data, that's stored seperately from the nuke forum tables.
Oh, and if any members are reading and are concerned, he couldn't get to personal data, that's stored seperately from the nuke forum tables.
Offline
alana said:
That can be a very dangerous assumption to make. These "chaps" can be exceedingly cleaver. When I was hacked, they used a php "exploit" in my forum software to upload files that allowed them to gain root access to my server. If they compromised the server, then just removing the obvious files and doing a restore of the forum stuff may not be enough. Very often (usually) they will install some "backdoor" files that look innocent enough but are actually files that they later can use to exploite the server again.
When I was hacked, I had literally hundres of such files, often buried deep in the directory structure, with names like index.htm or "test.htm," or "2.htm". Many of these files were deep inside the directory structure of my Photo Gallery directories and were not obvious "bad" files until I actually viewed them in a text viewer, then it was obvious they were a backdoor files to give teh bad guys access without me knowing it. But they also had managed to get files into my dirs below the public_html dir.
One needs to do a <span style="color: #CC0000">VERY</span> careful review of everything on the server. As root user, you will want to SSH in and look in all the common dirs like /tmp /var/tmp, etc and do ls -alh and ever dir you can find to see if there are any hidden dirs and files there that should not be there. For example, if you go to /var/tmp and do ls-alh and see hidden dirs like .x .y .2 etc, then you have a problem, Houston. Even that is not 100% guaruntee because they often install something called a "root kit" which replaces the "real" Unix commands (like ls) with their own version. So, when you do an LS command or some other like "process" or "top" you are actually running theie files and it will look like everything is normal because "their" ls command hides their activity. Very nasty stuff these rootkits.
It took me 36 hours straight to recover fully when I was hacked. I hope for your sake this was not the case.
Basil
G
Guest
Guest
Guest
Offline
Basil,
I understand what you are saying, and agree 100%.
Luckily this was a script kiddie attack. He exploited a known flaw in the version of the software we use to create a god account in the forum software. He then added a couple of redirect messages and some graffiti to the top of the site and a new forum in the bb db.
I went through the files in the site afterwards, and it's all good - we were lucky. btw: The previous webmaster removed the gallery before I took over for exactly the same problem you are talking about...
I am happy though that I spent the time to get the cron job that backs up the db running right!
I understand what you are saying, and agree 100%.
Luckily this was a script kiddie attack. He exploited a known flaw in the version of the software we use to create a god account in the forum software. He then added a couple of redirect messages and some graffiti to the top of the site and a new forum in the bb db.
I went through the files in the site afterwards, and it's all good - we were lucky. btw: The previous webmaster removed the gallery before I took over for exactly the same problem you are talking about...
I am happy though that I spent the time to get the cron job that backs up the db running right!
OP
tomshobby
Yoda
Offline
I was typing faster than my mind could keep up! /bcforum/images/%%GRAEMLIN_URL%%/smile.gif
Yes it was the 6-Pack forum. Having a few web sites myself it bothered me considerably that someone could do something like this and make the changes so fast. Sorry about the misspelling.
Yes it was the 6-Pack forum. Having a few web sites myself it bothered me considerably that someone could do something like this and make the changes so fast. Sorry about the misspelling.