How much should we worry about Forum Hacking?
-
[quote name=“Tuck Fheman” post=“53510” timestamp=“1390177815”]
[url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/[/url][quote]All three vulnerabilities are present in SMF1 up to version 1.1.18 and SMF2 up to version 2.0.5. The SMF team has released updates (version 1.1.19 and 2.0.6) which fix the clickjacking problem (via an X-Frame-Options header) and the username faking possibility via multiple consecutive spaces. [b]However, the Unicode homoglyph attack has not yet been fixed[/b] since it is not trivial to filter out all confusable characters while still allowing legitimate Unicode characters in usernames (especially if you can’t use the Spoofchecker class because you have to support PHP versions below 5.4.0).[/quote]
[/quote]If this is the case [url=http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/#toc-2]http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/#toc-2[/url] intermediate attacker will have quite a lot of info in his hands. Changing all of the accounts on the services that are related in any way to the *.feathercoin.com is must, cleaning server from possible started processes in the background ( check exec, passtrough, … enabled in php ), check from created php scripts that are web accessible ( usualy they are used as backdor ), check crons & hope if attacker doesn’t execute some exploit against host operating system…
-
Not sure if this is related, but I’m curious … Chrisj weren’t you “Admin” yesterday and now you’re “Staff”?
-
[quote name=“Tuck Fheman” post=“53520” timestamp=“1390180669”]
Not sure if this is related, but I’m curious … Chrisj weren’t you “Admin” yesterday and now you’re “Staff”?
[/quote]oh ns… I didn’t even see that. Tuck’s right.
-
A friend of mine (who has an account here) just received an email stating [s]BTC-e (no mention on their website) had been hacked and to change his password.[/s] (
I just wanted to mention it in case others start receiving them because I’m not sure how long it will take him to respond with the email.[b]Be wary of any email like this you may receive.[/b]
The email was legit (from BTC-e) but had nothing to do with BTC-e being hacked. It was someone trying to access his account from Switzerland and attempting to reset his password.
-
[quote name=“Calem” post=“53521” timestamp=“1390181031”]
[quote author=Tuck Fheman link=topic=6799.msg53520#msg53520 date=1390180669]
Not sure if this is related, but I’m curious … Chrisj weren’t you “Admin” yesterday and now you’re “Staff”?
[/quote]oh ns… I didn’t even see that. Tuck’s right.
[/quote]Oh noes!! CJ is the hacker!!! OMG!!! its always the quiet ones!!! ;D
Joking aside guys, all admins (myself included) have been made “staff” until we have all had the opportunity to reset passwords etc (as a precaution). All will regain their admin rights… :)
-
[quote name=“Nutnut” post=“53530” timestamp=“1390186610”]
Joking aside guys, all admins (myself included) have been made “staff” until we have all had the opportunity to reset passwords etc (as a precaution). All will regain their admin rights… :)
[/quote]Cool.
-
I demoted everyone to staff in case this is a compromised admin account. Perhaps I can ask the chap nicely at the hacker forum how he did this.
-
[quote name=“Bushstar” post=“53557” timestamp=“1390202932”]
Perhaps I can ask the chap nicely at the hacker forum how he did this.
[/quote]Maybe.
I could imagine that half the reasons hackers do this sorta stuff is to feel somewhat important/intelligent etc.
Not having a dig at the guy (as annoying and disruptive as this is), he did point out an exploit.
Hopefully the person didn’t do anything damaging etc.
-
[quote name=“Bushstar” post=“53557” timestamp=“1390202932”]
I demoted everyone to staff in case this is a compromised admin account. Perhaps I can ask the chap nicely at the hacker forum how he did this.
[/quote]So the exploit remains unpatched? The only responsible thing to do is to shut it down and fix the problem. Simply taking shots in the dark will only result in everyone’s private data being compromised.
-
[quote name=“Bushstar” post=“53490” timestamp=“1390173134”]
So we got defaced. I’ve got a copy of the defaced page as it was some neat ASCII art.[url=http://forum.feathercoin.com/hacker.php]http://forum.feathercoin.com/hacker.php[/url]
You can get the source from here.
[url=http://forum.feathercoin.com/index.tar.gz]http://forum.feathercoin.com/index.tar.gz[/url]I have updated all the packages on the server and restored the front of the forum. The forum was the only site effected on a server that runs multiple pages for Feathercoin. I’m not yet sure how they managed to deface our site and it may well not be an outdated package on the server. Even though we run the latest version of SMF the forum software we may still be vulnerable.
I will investigate further tomorrow. I’m guessing that there is a SMF hack doing the rounds, it would be good to track this down if it is out there.
[/quote]c’est super…
-
[quote name=“Kevlar” post=“53563” timestamp=“1390207406”]
[quote author=Bushstar link=topic=6799.msg53557#msg53557 date=1390202932]
I demoted everyone to staff in case this is a compromised admin account. Perhaps I can ask the chap nicely at the hacker forum how he did this.
[/quote]So the exploit remains unpatched? The only responsible thing to do is to shut it down and fix the problem. Simply taking shots in the dark will only result in everyone’s private data being compromised.
[/quote]As gloomy as that prospect is, I totally agree.
-
Obviously, more than we were doing …
-
[quote name=“wrapper0feather” post=“53591” timestamp=“1390311032”]
Obviously, more than we were doing …
[/quote]I actually just blurted out an inappropriate laugh.
-
[quote name=“Tuck Fheman” post=“53528” timestamp=“1390183092”]
A friend of mine (who has an account here) just received an email stating [s]BTC-e (no mention on their website) had been hacked and to change his password.[/s] (
I just wanted to mention it in case others start receiving them because I’m not sure how long it will take him to respond with the email.[b]Be wary of any email like this you may receive.[/b]
[/quote]
Do we have a “correct plan” to urgently inform members, of potential phishing emails?
A banner on the site on emails? Posts of any suspect mails?
-
Still no reset password emails.
-
-
just wondering should we be worried about personal info? like name , address, phone #
-
[quote name=“thisaznboi88” post=“53849” timestamp=“1390366650”]
just wondering should we be worried about personal info? like name , address, phone #
[/quote]If you used the same password here as you did anywhere else, I’d go everywhere else and change it. -
[quote name=“HopeStillFlies” post=“53861” timestamp=“1390371217”]
[quote author=thisaznboi88 link=topic=6799.msg53849#msg53849 date=1390366650]
just wondering should we be worried about personal info? like name , address, phone #
[/quote]If you used the same password here as you did anywhere else, I’d go everywhere else and change it.
[/quote]Ah man, can’t the NSA just write a script for that … dammit. Why do I pay taxes anyway?
-
[quote name=“HopeStillFlies” post=“53861” timestamp=“1390371217”]
[quote author=thisaznboi88 link=topic=6799.msg53849#msg53849 date=1390366650]
just wondering should we be worried about personal info? like name , address, phone #
[/quote]If you used the same password here as you did anywhere else, I’d go everywhere else and change it.
[/quote]Nope I just use a random password here.