Forum - View topicANN front page Hacked?
|
Author | Message | ||
---|---|---|---|
Shinotaku14
Encyclopedia Editor
Posts: 233 Location: Greenville or Rock Hill, SC |
|
||
anytime I go to the front page of ANN i get a blank page with only the words "H4ck3rsBr Group" on it. It seems though, that everything else is working. Anybody else with this problem?
|
|||
Tempest
I Run this place.
ANN Publisher Posts: 10448 Location: Do not message me for support. |
|
||
Yeah, a security bug in PHP was discovered Friday.
Yesterday I upgraded PHP4 to fix this hole, but I forgot to restart Apache. (meaning that while the new PHP was on the server, apache was running with the old one). During the 30 minutes after I completed the upgrade, someone defaced the front page. As soon as this was pointed out to me I restarted apache and replaced the default page, unfotunately it turns out that PHP didn't upgrade properly, so it took us a while to get it fixed. My lack of knowledge / experience on the BSD platform (or any *nix platform for that matter) is occasionally a very big headache. Fortunately, after several tries Dan figured out what the problem was and managed to fix it... -t |
|||
AstroNerdBoy
Posts: 413 Location: Denver, CO |
|
||
Glad you guys are back!
|
|||
Justin
Posts: 16 Location: Newport Beach, CA |
|
||
That is unfortunate. I too was hacked.
These hackers took advantage of this security hole by using phpbb to inject an SQL statement giving them access to my entire site. They then uploaded two gigs of anime fansubs. That was fun. MANY sites are in the process of upgrading at the moment. Good to see ANN back so soon! |
|||
Emerje
Posts: 7390 Location: Maine |
|
||
I see the page was down today for a little while too, was it hacked again?
Emerje |
|||
biliano*
Posts: 0 |
|
||
I'm glad you were able to fix the problem so quickly. Even when you had that major hard drive crash back in July, you were able to get back online quickly.
|
|||
JinchuuGundam85
Posts: 149 |
|
||
I think this applies. I was on the forum and clicked refresh and a message came up saying that the page has been defaced. Was it just me or did this happen to others?
|
|||
dormcat
Encyclopedia Editor
Posts: 9902 Location: New Taipei City, Taiwan, ROC |
|
||
Everyone. It happened at 17:09 PST (GMT -8) and lasted for ~40 minutes. Seems to me that this hacker either has targeted specifically at ANN or is an expert attacking PHP-based databases. |
|||
DragonsRevenge
Posts: 1150 |
|
||
It happened a few more times today, for me.
|
|||
daggerbob
Posts: 52 Location: Colorado, US |
|
||
I noticed the deface message a few times this morning around 0800 MST.
|
|||
Justin
Posts: 16 Location: Newport Beach, CA |
|
||
Actually, quite a few groups have automated jobs running right now. If you install any version of phpbb BELOW 2.0.11, you can pretty much just open your doors for the script. I installed 2.0.8 and less than an hour later, the same fansubs were uploaded to the exact samer directory again. Some hacking groups are also running scripts going after WordPress sites as well. Those of us with either of these technologies running are on our toes. Pretty much any site using any version of PHP 4 <= 4.3.9 or PHP 5 <= 5.0.2 and running the functions unserialize and realpath are easy targets. Be sure to email your host companies and make sure they have taken steps to prevent hacking attempts. |
|||
radicaledward
Posts: 776 |
|
||
|
|||
Emerje
Posts: 7390 Location: Maine |
|
||
Indeed, it's like the kids that brag that they "hack" video games, when they're just using a GameShark. It's the wrong tools in the wrong hands. Tell Tale sign? Most Schools have started vacation and the kids are restless. Wouldn't be surprised at all if we start seeing a swarm of spammers and trolls soon too. Emerje |
|||
radicaledward
Posts: 776 |
|
||
Well some more information just turned up on NeverEverNoSanity - and apprently it is a worm that uses Google to look up potential target sites.
Here is an artical that just went up on Slashdot, but from the looks of it that worm is targeting phpBB installs. |
|||
All times are GMT - 5 Hours |
||
|
Powered by phpBB © 2001, 2005 phpBB Group