Forum

anytime I go to the front page of ANN i get a blank page with only the words "H4ck3rsBr Group" on it. It seems though, that everything else is working. Anybody else with this problem?

Yeah, a security bug in PHP was discovered Friday.

Yesterday I upgraded PHP4 to fix this hole, but I forgot to restart Apache. (meaning that while the new PHP was on the server, apache was running with the old one).

During the 30 minutes after I completed the upgrade, someone defaced the front page.

As soon as this was pointed out to me I restarted apache and replaced the default page, unfotunately it turns out that PHP didn't upgrade properly, so it took us a while to get it fixed.

My lack of knowledge / experience on the BSD platform (or any *nix platform for that matter) is occasionally a very big headache.

Fortunately, after several tries Dan figured out what the problem was and managed to fix it...

-t

Glad you guys are back!

That is unfortunate. I too was hacked.

These hackers took advantage of this security hole by using phpbb to inject an SQL statement giving them access to my entire site. They then uploaded two gigs of anime fansubs. That was fun.

MANY sites are in the process of upgrading at the moment. Good to see ANN back so soon!

I see the page was down today for a little while too, was it hacked again?

Emerje

I'm glad you were able to fix the problem so quickly. Even when you had that major hard drive crash back in July, you were able to get back online quickly.

I think this applies. I was on the forum and clicked refresh and a message came up saying that the page has been defaced. Was it just me or did this happen to others?

JinchuuGundam85 wrote:

I think this applies. I was on the forum and clicked refresh and a message came up saying that the page has been defaced. Was it just me or did this happen to others?

Everyone. It happened at 17:09 PST (GMT -8) and lasted for ~40 minutes. Seems to me that this hacker either has targeted specifically at ANN or is an expert attacking PHP-based databases.

It happened a few more times today, for me.

I noticed the deface message a few times this morning around 0800 MST.

dormcat wrote:

Everyone. It happened at 17:09 PST (GMT -8) and lasted for ~40 minutes. Seems to me that this hacker either has targeted specifically at ANN or is an expert attacking PHP-based databases.

Actually, quite a few groups have automated jobs running right now. If you install any version of phpbb BELOW 2.0.11, you can pretty much just open your doors for the script. I installed 2.0.8 and less than an hour later, the same fansubs were uploaded to the exact samer directory again.

Some hacking groups are also running scripts going after WordPress sites as well. Those of us with either of these technologies running are on our toes.

Pretty much any site using any version of PHP 4 <= 4.3.9 or PHP 5 <= 5.0.2 and running the functions unserialize and realpath are easy targets. Be sure to email your host companies and make sure they have taken steps to prevent hacking attempts.

dormcat wrote:

Everyone. It happened at 17:09 PST (GMT -8) and lasted for ~40 minutes. Seems to me that this hacker either has targeted specifically at ANN or is an expert attacking PHP-based databases.

Nah, most of they are no skill script kiddies. The bane of every system admin's existance. Most of the people that would know what they are doing wouldn't leave something behind or they would have been more subtle about it.

radicaledward wrote:

Nah, most of they are no skill script kiddies. The bane of every system admin's existance. Most of the people that would know what they are doing wouldn't leave something behind or they would have been more subtle about it.

Indeed, it's like the kids that brag that they "hack" video games, when they're just using a GameShark. It's the wrong tools in the wrong hands.

Tell Tale sign? Most Schools have started vacation and the kids are restless. Wouldn't be surprised at all if we start seeing a swarm of spammers and trolls soon too.

Emerje

Well some more information just turned up on NeverEverNoSanity - and apprently it is a worm that uses Google to look up potential target sites.

Here is an artical that just went up on Slashdot, but from the looks of it that worm is targeting phpBB installs.

Forum - View topic
ANN front page Hacked?

Arknights: Rise from Ember TV Anime Announced

BLUELOCK THE MOVIE -EPISODE NAGI- Anime Film Review

Interview: Author Akihiro Nishino on Bottle George, His New Stop-Motion Animated Film

The Spring 2024 Light Novel Guide

GoHands Reveals Original Anime Momentary Lily for January 2025

SAND LAND Video Game Review

This Week in Games - Atlus With the Old, In With the New

The Story of Suikoden

This Week in Anime - What's Weekly Shonen Jump's Next Big Manga?

The ANN Aftershow - Will You Watch Solo Leveling Season 2?

Dark Moon: The Blood Altar Volumes 1-2 Manhwa Review

Interview: Voice Actors Rika Hayashi and Hiroki Tōchi Talk About Their New Golf Anime, Tonbo!

	Anime News Network Forum Index -> Site-related -> Bugs & Technical Questions	All times are GMT - 5 Hours
Page 1 of 1

Forum - View topicANN front page Hacked?

Forum

Forum - View topic
ANN front page Hacked?