Important! - Message Board hacked

More
16 years 11 months ago #19694 by shando
Reply from Jim Shand was created by shando
What about those of us using firefox? Are we likely to be infected?

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #20847 by jrich
Replied by jrich on topic Reply from
Firefox users probably are not affected. The particular vulnerabilities that the hackers tried to exploit were IE specific but were also a year or more old. Anyone who has kept their system's patch level reasonably up to date wouldn't have been at risk.

Those who do not keep their systems up to date with security patches for their OS and software including Firefox are playing Russian roulette. Its unpatched systems that provide a fertile environment for malicious programs to exist and provide an incentive for the people that create them to continue doing so. Most spam email is sent from zombie machines that are created as a result of attacks like the one that affected this messageboard. I have ZERO sympathy for anyone who might have been infected with malware as a result.

If it were up to me people would have 6 months after a vulnerability was discovered and a patch made available to patch their systems, then malware that exploited the vulnerability and trashed the unpatched systems would be released into the wild. A sort of accelerated natural selection on the Internet. After a couple of years there would be very few vulnerable systems and few new security vulnerabilities. And there would be no spam and no need for anti-virus software and I would have more time to ponder the MM, the EPH and Martians with Art degrees.

JR

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #19571 by tvanflandern
Today's news is that the hacker-spambot has apparently been targeting Snitz Message Boards everywhere, so Meta Research was probably just a victim, not a specific target. We found that the bot had apparently exploited a security vulnerability to give itself administrative privileges, then used SQL injection (for those who know what that means) to hide malicious code on the home page of this Message Board. We eliminated that unauthorized account and are in the processing of closing that vulnerability so the bot cannot attack again. But for another day or so, we have only vigilance to prevent a repeat incident.

In the meantime, we've tightened up security in several areas and are making some other changes. We'll keep them as transparent to users as possible. But until we give the "all clear", those wishing to be extra cautious might wish to click directly on links to the forums you subscribe to and avoid the Message Board's home page. -|Tom|-

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #19422 by neilderosa
Replied by neilderosa on topic Reply from Neil DeRosa
In response to Tom's and jrich's messages, I want to report that I saw the attack on the "All Forums" page of this message board. It seems that my Norton firewall, anti-spam, anti-virus features protected my computers (at work and at home) because they work fine.

Except for one thing. I no longer get any images at all on the message board, just the code for them. Everything else is ok and all other internet and computer functions seem to be alright.

Can you shed any light on this issue?

Neil

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #20579 by jrich
Replied by jrich on topic Reply from
<blockquote id="quote"><font size="2" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote">Originally posted by neilderosa

...I no longer get any images at all on the message board, just the code for them. Everything else is ok and all other internet and computer functions seem to be alright.

Can you shed any light on this issue?

Neil<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">I see the same thing. Just the forum [img][/img] tags. The forum code is not coverting them to HTML image tags.

JR

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #20850 by tvanflandern
When making the changes for the new security features, we initially got two of the Message Board settings wrong. Those are now fixed, and links to images should now display as before. Let me know if there are any other symptoms. If we have no repeat attacks within the next 36 hours, I think we're in the clear -- at least for this particular type of attack. -|Tom|-

Please Log in or Create an account to join the conversation.

Time to create page: 0.307 seconds
Powered by Kunena Forum