Results 1 to 8 of 8

Thread: Problems last night

  1. #1
    Administrator Mickey's Avatar
    Join Date
    Jun 2005
    Posts
    2,462

    Default Problems last night

    I'm still investigating the site defacement / spam emails that were sent last night. I've been on the latest version of vBulletin, so I'm not sure what happened.

    What I know:

    -- It seems to have been vBulletin specific; nothing on the main site was touched.
    -- Once into vBulletin, they replaced all of the templates with their garbage and did a "send message to all users" email.
    -- It's all been cleared out. I erased all files, reuploaded, restored all templates.
    -- Passwords are safe. vBulletin automatically salts and encrypts them, so even when this kind of thing happens, they're safe.

    I'm very sorry for the troubles. I've done a few more things to better secure the site (beyond what even vBulletin recommends), but I'm still digging. I hate days like this.

    Mickey

  2. #2
    Administrator Mickey's Avatar
    Join Date
    Jun 2005
    Posts
    2,462

    Default

    A few more notes:

    -- It was indeed all done via vBulletin, and not directly on the server. This is slightly good news in midst of it.
    -- They came from two IP addresses in India. I've banned the entire range (59.95...).
    -- They didn't send very many of their email messages. I can't get an exact number, but it seems to be about 5,000. That's certainly a lot, but just a fraction of our 100,000+ users.

  3. #3
    Google Earth Explorer T.Dooley's Avatar
    Join Date
    Feb 2008
    Location
    Denmark
    Posts
    379

    Default

    Hi Mike

    Good to see you up and running again. I was logged on this morning at 08:17 AM. Some minutes/half hour later the forum was "HACKED BY..." - Only forum listning seems to have had a problem. During the period I have seen everything else like files and postings being okay. Only forum access/listing seem to have been 'defaced'.

    Fight back, good luck and all possible support from here
    Tom
    Are you uptight, get downloose! Why not try a GE file - Also downloadable at GEC and http://ge.dooley.dk - Tom Kjeldsen


  4. #4
    Administrator Mickey's Avatar
    Join Date
    Jun 2005
    Posts
    2,462

    Default

    Quote Originally Posted by T.Dooley View Post
    Hi Mike

    Good to see you up and running again. I was logged on this morning at 08:17 AM. Some minutes/half hour later the forum was "HACKED BY..." - Only forum listning seems to have had a problem. During the period I have seen everything else like files and postings being okay. Only forum access/listing seem to have been 'defaced'.

    Fight back, good luck and all possible support from here
    Tom
    Eventually they replaced EVERY template file with their junk. Maybe you caught it while I was reverting it back or something. Arrrgh.

    Thanks for your support.

  5. #5
    Junior Member
    Join Date
    Jul 2005
    Posts
    3

    Default Problems...

    Hi Mike!
    I got one of such mails. Happy to hear, the passwords are safe and everything is up again. Hope I don't get too much spam now.

    Greetings, Al

  6. #6
    Super Moderator
    Join Date
    Jan 2006
    Location
    Denmark
    Posts
    2,777

    Default

    I didn't recieve any mails in eithe my ibox or spambox.

    But now I can't upload new files. I recieve this error message:

    Warning: require_once(./includes/functions_bbcodeparse.php) [function.require-once]: failed to open stream: No such file or directory in /home/google/public_html/added.php on line 6

    Fatal error: require_once() [function.require]: Failed opening required './includes/functions_bbcodeparse.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/google/public_html/added.php on line 6
    Do you have the same problem, Mickey? Because no files have been uploaded since it happened.
    Last edited by sladys; 10-26-2009 at 05:54 PM.

  7. #7
    Administrator Mickey's Avatar
    Join Date
    Jun 2005
    Posts
    2,462

    Default

    Sorry about that. It's been a long two days...

    Should be working now. Thanks.

  8. #8
    Junior Member
    Join Date
    Jul 2005
    Posts
    3

    Default Emails

    Hi Mike,
    today I received an email from "mickey(at)gearthhacks" saying:

    "this is to show all user of this community that this forum had a very week security and has been crashed by proxyserver
    so guys visit us at hackerzhub [link deleted] and enjoy ur stay...

    we have everything movies,music,games,softwares and everything..

    regards
    proxyserver(owner)"

    Just want to tell you, because a gearthhacks-address was used. I received it today, but it is dated 10/25/2009 10.40 AM

    Regards, Al

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •