PDA

View Full Version : upgrade completed/bad code removed



Karlin
22nd October 2005, 11:55 PM
Hi folks:

The board was hacked. The problem is now resolved and the bad code was removed by my cool hosting company guys (I could see it in the source code but couldn't find where they'd hidden it in the page files; there are a hundred or more board files and some have over a thousand lines of code!! :shock: The hosting company could do their own scan to find it); board updates are also installed.

BTW the hosting company says these exploits generally also take advantage of Internet Explorer browsers if you are on a PC and not a Mac or Linux/Unix... people will get some additional protection by using a browser like Firefox.

http://www.getfirefox.com

If you worry that you may have picked up a virus from my site (or generally), you can download this virus software:

http://free.grisoft.com/

And run a virus scan. There's a lot of nasty stuff going around that you can get *simply by going to a particular webpage*, you don;t even have to open a file to get infected. The way the code worked on my hacked site was: when your browser opened my home page (the index page) there was an invisible piece of code in the page that laucnhed a redirect command -- telling your browser to go to another webpage where it would install a virus file automatically. This file enables the hackers to use your computer to send out more of the same virus, which causes your computer to slow down considerably (a tell tale sign of a virus, worm or trojan like this on your PC).

The best defense is:

1) use a Mac; 99% of viruses target Windows
2) keep your windows updates up to date
3) keep your virus software up to date (eg it should check at least once daily for updates)
4) use another browser than internet explorer -- Firefox or Opera for example
5) you should run a firewall as well as virus software
6) don;t open any odd looking file or click to a link to any webpage that comes in an email from someone you don't know

My deepest apologies if your computer was infected by the Trojan Moo virus. This is a virus that is about a year old so most people should not have had a problem, assuming you keep your virus definitions up to date. If you have *any doubts*, run the scan above. If you have a Mac or are running Linux/Unix, you wouldn't have had any chance of being infected.

Ruth
23rd October 2005, 02:07 AM
Thanks for looking after us Karlin, my virus checker was up to date and picked up the virus whenever I logged onto the index.
Have missed the forum, so glad to be back.
Warm wishes,
Ruth

rory
23rd October 2005, 06:57 AM
yay!
Mine also alerted me to the attempted virus each time and quarantined it.

Glad the board's back up! I need the distraction from studying (like I need a hole in my head!) :lol:

sarahg
23rd October 2005, 08:15 AM
thanks karlin i was missing the board! my computer is fine now.

sarah xx :D

Miss Daisy
23rd October 2005, 10:48 AM
how did they install it? was it by being a 'member' that they could, or does it matter if they are registered?
d

Nicki
23rd October 2005, 11:38 AM
Thanks Karlin, that's great. Norton picked it up and it hasn't caused any problems here, thank goodness.

Why do peole have to spoil things? :(

Maxxs_Mummy
23rd October 2005, 12:35 PM
yayyyyyyyyyyyyyyyyyyyy we're back again :D

I totally lost my computer last week (nothing to do with this site) and have had to re-load Windows grrrrrrrrrrrrrrrrrr. It also meant that I lost everything I'd saved on my hard disk :roll:

Ruth
23rd October 2005, 01:27 PM
Donna that happened to me a couple of weeks ago. Isn't it infuriating?
I had saved quite alot onto CD, but not the recent stuff. It is so maddening when it happens and I resolve everytime to keep up to date with backing up but it is one of those jobs that I always plan to do tomorrow.
Warm wishes,
Ruth

Karlin
23rd October 2005, 02:27 PM
how did they install it? was it by being a 'member' that they could, or does it matter if they are registered?

I don't really understand how it is done. I believe they exploited a known vulnerability in the code that had been patched in later versions but I hadn't updated as updating can be very laborious -- cutting and pasting in lines of code by hand. Now I found a great programme that allows updates to be installed automatically so in future my site will be right up to date! They could post as guests but I think they'd registered. But I don;t think it was actual people it was a bot that autoregisters as they typically leave weird emails that don;t make much sense, like really vague comments.

I did a hacking class once -- there are various ways of spoofing the site to gain access to files and that is what they did. One way allows you to trick the database into allowing you to create an extra file which then allows you to gain access to the whole site and passwords. We actually did this in the hacking class and it was scary to see how easy it was -- a vulbnerability in SQL databases. That vulnerability is n longer in the code for the board but it used to be possible to hack the boards in this way (and you'd be surprised how many websites have it still). I hasten to add the class was for teaching sysadmins how attacks are done and therefore how to block them!

BTW for those who have had a computer crash -- if the info is valuable many places that do info retrieval can get the information back -- it is still there, the PC just no longer has a way of telling you what it there (it is as if a restaurant lost all its menus -- the food would still be there but no way of you seeing what is on offer). But the cost may not be worth it. A programme like Norton Utilities can often retrieve all the files, or at least the ones you really want.

Maxxs_Mummy
23rd October 2005, 03:40 PM
Thanks Ruth & Karlin :D The info wasn't that much to worry about thankfully. We have got a separate external hard drive on this computer as well so we regularly do back ups. I just lost quite a few pictures and things and loads of links to favourite sites :? :(

cleopatra
23rd October 2005, 04:13 PM
i am so glad the board is up and running again, i was wondering what on earth had happened, i was getting withdrawal symptoms,

rory
23rd October 2005, 05:13 PM
I just backed up all my files and my precious photos of Rory onto an external hard drive! Phew! Last year I lost everything but thankfully I had just gotten the computer a few months earlier, so there wasn't a ton on there and I was able to retrieve most of my photos and files before it completely crashed. But I feel safer now knowing that I have a complete back up (since a few weeks ago) on an external drive should this computer crash again. I should put all the new photos on there, too....

Harry & Heidi's mom
23rd October 2005, 06:18 PM
i was wondering what was going on as every time i tried to log on it would automatically close the page icon_yikes

i even emailed maxxs-mummy to see if it was just me :oops: :oops: ;)

glad we're back icon_banana

Jen
24th October 2005, 05:48 PM
icon_banana Thanks Karlin! icon_banana