Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: upgrade completed/bad code removed

  1. #1
    Join Date
    Mar 2005
    Location
    Dublin, Ireland
    Posts
    23,983
    Post Thanks / Like
    Blog Entries
    15

    Default upgrade completed/bad code removed

    Hi folks:

    The board was hacked. The problem is now resolved and the bad code was removed by my cool hosting company guys (I could see it in the source code but couldn't find where they'd hidden it in the page files; there are a hundred or more board files and some have over a thousand lines of code!! The hosting company could do their own scan to find it); board updates are also installed.

    BTW the hosting company says these exploits generally also take advantage of Internet Explorer browsers if you are on a PC and not a Mac or Linux/Unix... people will get some additional protection by using a browser like Firefox.

    http://www.getfirefox.com

    If you worry that you may have picked up a virus from my site (or generally), you can download this virus software:

    http://free.grisoft.com/

    And run a virus scan. There's a lot of nasty stuff going around that you can get *simply by going to a particular webpage*, you don;t even have to open a file to get infected. The way the code worked on my hacked site was: when your browser opened my home page (the index page) there was an invisible piece of code in the page that laucnhed a redirect command -- telling your browser to go to another webpage where it would install a virus file automatically. This file enables the hackers to use your computer to send out more of the same virus, which causes your computer to slow down considerably (a tell tale sign of a virus, worm or trojan like this on your PC).

    The best defense is:

    1) use a Mac; 99% of viruses target Windows
    2) keep your windows updates up to date
    3) keep your virus software up to date (eg it should check at least once daily for updates)
    4) use another browser than internet explorer -- Firefox or Opera for example
    5) you should run a firewall as well as virus software
    6) don;t open any odd looking file or click to a link to any webpage that comes in an email from someone you don't know

    My deepest apologies if your computer was infected by the Trojan Moo virus. This is a virus that is about a year old so most people should not have had a problem, assuming you keep your virus definitions up to date. If you have *any doubts*, run the scan above. If you have a Mac or are running Linux/Unix, you wouldn't have had any chance of being infected.
    Karlin
    Cavaliers: Jaspar Leo Lily Tansy Libby (foster) Mindy (foster)
    In memory: Lucy
    Cavalier SM Infosite:www.smcavaliers.com

  2. #2
    Join Date
    Apr 2005
    Location
    North Yorkshire
    Posts
    316
    Post Thanks / Like

    Default

    Thanks for looking after us Karlin, my virus checker was up to date and picked up the virus whenever I logged onto the index.
    Have missed the forum, so glad to be back.
    Warm wishes,
    Ruth

  3. #3
    Join Date
    Mar 2005
    Location
    Davis, CA
    Posts
    778
    Post Thanks / Like

    Default

    yay!
    Mine also alerted me to the attempted virus each time and quarantined it.

    Glad the board's back up! I need the distraction from studying (like I need a hole in my head!)
    Dogs are not our whole life, but they make our lives whole.
    --Roger Caras

  4. #4
    Join Date
    Aug 2005
    Location
    hemel hempstead herts
    Posts
    735
    Post Thanks / Like

    Default

    thanks karlin i was missing the board! my computer is fine now.

    sarah xx

  5. #5
    Join Date
    Mar 2005
    Location
    Ireland
    Posts
    528
    Post Thanks / Like

    Default

    how did they install it? was it by being a 'member' that they could, or does it matter if they are registered?
    d

  6. #6
    Join Date
    Mar 2005
    Location
    North Scotland - east coast
    Posts
    9,907
    Post Thanks / Like
    Blog Entries
    2

    Default

    Thanks Karlin, that's great. Norton picked it up and it hasn't caused any problems here, thank goodness.

    Why do peole have to spoil things?
    Nicki and the Cavalier Clan Our photos www.scotlandimagery.com
    Supporting www.rupertsfund.com and www.cavaliermatters.org

  7. #7
    Join Date
    Jun 2005
    Posts
    4,153
    Post Thanks / Like

    Default

    yayyyyyyyyyyyyyyyyyyyy we're back again

    I totally lost my computer last week (nothing to do with this site) and have had to re-load Windows grrrrrrrrrrrrrrrrrr. It also meant that I lost everything I'd saved on my hard disk

  8. #8
    Join Date
    Apr 2005
    Location
    North Yorkshire
    Posts
    316
    Post Thanks / Like

    Default

    Donna that happened to me a couple of weeks ago. Isn't it infuriating?
    I had saved quite alot onto CD, but not the recent stuff. It is so maddening when it happens and I resolve everytime to keep up to date with backing up but it is one of those jobs that I always plan to do tomorrow.
    Warm wishes,
    Ruth

  9. #9
    Join Date
    Mar 2005
    Location
    Dublin, Ireland
    Posts
    23,983
    Post Thanks / Like
    Blog Entries
    15

    Default

    how did they install it? was it by being a 'member' that they could, or does it matter if they are registered?
    I don't really understand how it is done. I believe they exploited a known vulnerability in the code that had been patched in later versions but I hadn't updated as updating can be very laborious -- cutting and pasting in lines of code by hand. Now I found a great programme that allows updates to be installed automatically so in future my site will be right up to date! They could post as guests but I think they'd registered. But I don;t think it was actual people it was a bot that autoregisters as they typically leave weird emails that don;t make much sense, like really vague comments.

    I did a hacking class once -- there are various ways of spoofing the site to gain access to files and that is what they did. One way allows you to trick the database into allowing you to create an extra file which then allows you to gain access to the whole site and passwords. We actually did this in the hacking class and it was scary to see how easy it was -- a vulbnerability in SQL databases. That vulnerability is n longer in the code for the board but it used to be possible to hack the boards in this way (and you'd be surprised how many websites have it still). I hasten to add the class was for teaching sysadmins how attacks are done and therefore how to block them!

    BTW for those who have had a computer crash -- if the info is valuable many places that do info retrieval can get the information back -- it is still there, the PC just no longer has a way of telling you what it there (it is as if a restaurant lost all its menus -- the food would still be there but no way of you seeing what is on offer). But the cost may not be worth it. A programme like Norton Utilities can often retrieve all the files, or at least the ones you really want.
    Karlin
    Cavaliers: Jaspar Leo Lily Tansy Libby (foster) Mindy (foster)
    In memory: Lucy
    Cavalier SM Infosite:www.smcavaliers.com

  10. #10
    Join Date
    Jun 2005
    Posts
    4,153
    Post Thanks / Like

    Default

    Thanks Ruth & Karlin The info wasn't that much to worry about thankfully. We have got a separate external hard drive on this computer as well so we regularly do back ups. I just lost quite a few pictures and things and loads of links to favourite sites

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •