Malware

  • Please bear with us on the new site integration and fixing any known bugs over the coming days. If you can not log in please try resetting your password and check your spam box. If you have tried these steps and are still struggling email [email protected] with your username/registered email address
  • Log in now to remove adverts - no adverts at all to registered members!
BrightLampShade

BrightLampShade

Well-Known Member
Forum Moderator
Feb 14, 2011
13,495
2,568
113
The North West
MalteseMick said:
It is looking like a proper hack rather than a user (a really clever hack as well). It will be SQL injection, where someone has managed to get a bit of javascript into the database through a badly programmed php script on the site. No user details, emails or passwords have been compromised. The hacker has not got into any administrator account and he has not logged into the server itself. I've patched some files and I've got a guy in locking down the server php permissions as we speak. Hopefully the latest Google scan comes back clean.

I may not be able to fix the most recent hacked database and we may have to stick with this one.
Click to expand...

Basically we've switched to a backup to fix the problem. The dodgy script is going to be pretty well burried into the site so I think we'll just have to live with 3 days of lost posts :(

On the bright side the patches and general re-works of the site scripts should stop this from happening again (although in hacking nothing is impossible).
 
This means that Any bets made or sweeps selected may have been lost so if you play those games check that your post is either gone or before the backup date.
 
cosicave said:
Malware? What happened? (simple answers only please!).
Click to expand...

It would appear the site was briefly compromised by someone with malevolent intentions, and they succeeded in inserting some kind of malicious code into the site, which would probably have tried to install something nasty on users computers. Google highlighted the site as having been attacked, and the Chrome browser blocked access to not606 for a couple of days. Since the attack, Mick (site owner) has removed the inserted code, and has got someone plugging the holes in the sites code. How vBulletin (software provider) left such holes I don't know, but Mick is sure that no user data (usernames, passwords, emails,etc) was leaked, and that this shouldn't happen again.

As part of fixing the problem, Mick had to revert to an older version of the sites database, so 2 days worth of posts disappeared.
 
Ah. Thanks, DHC. Obviously I was away at just the right time!
As to the "two days worth of posts"; based on what I've read, it seems to have been quite auspicious; perhaps calming and karmic both at once!

P.S. I'm slightly concerned at your mention "holes in the site's code" and also of personal details; but from what you say, I can only trust that all now appears to be in hand.
 
cosicave said:
Ah. Thanks, DHCP.S. I'm slightly concerned at your mention "holes in the site's code" and also of personal details; but from what you say, I can only trust that all now appears to be in hand.
Click to expand...

As far as we're aware, no data went missing, the 'hacker' appears to have gained nothing from it, mainly thanks to Google flagging the site so quickly. It's good internet practice though to have a different password on sites like this to your email one, so presuming that's the case, even if we were hacked, your emails would still be completely secure.
 
You must log in or register to reply here.
Top Bottom
Back