Planted Tank Hacked
Planted Tank Forums
Your Tanks Image Hosting *Tank Tracker * Plant Profiles Fish Profiles Planted Tank Guide Photo Gallery Articles

Go Back   The Planted Tank Forum > The Planted Tank Information > Important Update/Announcements


Reply
 
Thread Tools Display Modes
Old 09-11-2010, 01:42 PM   #1
KyleT
Planted Tank VIP
 
KyleT's Avatar
 
PTrader: (5/100%)
Join Date: Jul 2002
Location: Austin, Texas
Posts: 13,534
Default

Planted Tank Hacked


It appears that September is just not our month. Sometime last night (9/10) the forum was hacked. The last time we were hacked three years ago, it was also early September.

Fortunately the hack did not involve any data loss, and as far as I know, it did not install anything malicious on any computers. The goal of the hack was to steal information from user's of the forum.

Here is information about how we were hacked:

http://www.vbseo.com/f5/security-bul...eleased-45358/

Let me know if you have any questions.

- Kyle
__________________
Please Send all Support Requests to forumadmin
Bit Of Nothing - Personal Blog
KyleT is offline   Reply With Quote Quick reply to this message
Sponsored Links
Advertisement
 
Old 09-11-2010, 01:48 PM   #2
Axelrodi202
Planted Tank Guru
 
Axelrodi202's Avatar
 
PTrader: (20/100%)
Join Date: Jul 2008
Location: Morris County, NJ
Posts: 2,125
Default

Oh my. What kind of information was stolen?
__________________
O_o
/ /_______________________________
| BWAAAH IMA FIRIHN MA LAZER!!!!!!!!!
\_\
Axelrodi202 is online now   Reply With Quote Quick reply to this message
Old 09-11-2010, 01:53 PM   #3
fresh.salty
Wannabe Guru
 
fresh.salty's Avatar
 
PTrader: (17/100%)
Join Date: Jul 2010
Location: SoCal
Posts: 1,944
Default

So what have the hackers possibly gained. Is it just email addresses they are looking for?
fresh.salty is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 01:58 PM   #4
KyleT
Planted Tank VIP
 
KyleT's Avatar
 
PTrader: (5/100%)
Join Date: Jul 2002
Location: Austin, Texas
Posts: 13,534
Default

I am about to send out a mass email to all members of the forum urging them to reset their passwords. The information they could have stolen could have been two things:

1) Any text you typed and submitted on the forum in the past 24 hours.
2) Any information your browser has in it's cookies or session information.

Unfortunately the details of the attack are very limited and the code that was inserted was dynamic, in other words everytime a page was loaded, the code changed. What I'm telling you is just what I have been informed of what other forum owners have experienced.

I would urge everyone to reset their password here:

http://www.plantedtank.net/forums/pr...o=editpassword
__________________
Please Send all Support Requests to forumadmin
Bit Of Nothing - Personal Blog
KyleT is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:08 PM   #5
fresh.salty
Wannabe Guru
 
fresh.salty's Avatar
 
PTrader: (17/100%)
Join Date: Jul 2010
Location: SoCal
Posts: 1,944
Default

Is this possible breach of passwords limited to the password here or would that include other sites that require a user name and password such as eBay and Paypal?
fresh.salty is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:14 PM   #6
KyleT
Planted Tank VIP
 
KyleT's Avatar
 
PTrader: (5/100%)
Join Date: Jul 2002
Location: Austin, Texas
Posts: 13,534
Default

Quote:
Originally Posted by fresh.salty View Post
Is this possible breach of passwords limited to the password here or would that include other sites that require a user name and password such as eBay and Paypal?
It is possible that if you visited a site that had such unbelievably lax security protocol that they stored your password in your cookies, this could happen.

However any legitimate site you visit would not do this and if they did, it would more than likely be encrypted. I'd say it is much more likely that you get struck by lighting today, twice.
__________________
Please Send all Support Requests to forumadmin
Bit Of Nothing - Personal Blog
KyleT is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:22 PM   #7
fresh.salty
Wannabe Guru
 
fresh.salty's Avatar
 
PTrader: (17/100%)
Join Date: Jul 2010
Location: SoCal
Posts: 1,944
Default

Thanks Kyle.

Is there a reason the VB version number doesn't show at the bottom of the page?
fresh.salty is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:27 PM   #8
dzydvl
Planted Member
 
PTrader: (8/100%)
Join Date: Aug 2010
Location: Waterloo, WI
Posts: 234
Default Re: Planted Tank Hacked

Kyle, I'm an IT security admin by trait. Approximately 4 years ago there was a 9-11 hack done. The way it worked was to plant it on servers, and it would randomly (9-11 on random years) activate. I'm sure you are already aware of this, so I do apologize if this is repeated information. The initial hack was more of a worm, not really not meant to do damage. Unfortunately like all hacks, variants were written. I will try and dig up the security info I had on it. Again, I don't mean to intrude, just want to share what I know, I apologize if I crossed a line. I know some forums to get touchy when members try and offer information. This does not seem like one of those places, which is why I wanted to send a message.

sent from my phone, because I can't get the internet out in the boonies.
dzydvl is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:30 PM   #9
dzydvl
Planted Member
 
PTrader: (8/100%)
Join Date: Aug 2010
Location: Waterloo, WI
Posts: 234
Default Re: Planted Tank Hacked

As you mentioned the dynamic nature of this hack makes it a challenge to defend against. At the time FireFox was so new it was secure, it was targeted at IE, go figure.

sent from my phone, because I can't get the internet out in the boonies.
dzydvl is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:38 PM   #10
robbob2112
Planted Member
 
PTrader: (0/0%)
Join Date: Oct 2007
Location: Blawk Hawk, CO
Posts: 159
Default

Clicked on the link sent in the email to reset my password and it popped up a java script that downloaded an EXE file to my computer.... which was flagged and isolated....

Are you sure you go everything patched up, that doesn't seem to be very legitimate behavior.
__________________
46 gallon bowfront, Dalmatian Mollies, Swordtails, Otos
75 gallon Lake Malawi African Cichlids
3 gallon nano desktop with Betta at the office
robbob2112 is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:52 PM   #11
Crispino L Ramos
Planted Tank Guru
 
Crispino L Ramos's Avatar
 
PTrader: (452/100%)
Join Date: Mar 2008
Location: Phoenix, Arizona
Posts: 2,423
Default

Kyle,

Thank you for the warning.

Cris
__________________
Crispino L Ramos is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 02:54 PM   #12
MrJG
Wannabe Guru
 
MrJG's Avatar
 
PTrader: (114/100%)
Join Date: Feb 2007
Location: Lancaster, S.C.
Posts: 1,406
Default

Same here on the link to this thread from the email. Chrome blocked it as malicious activity but logging in direct to the forum did not have any issues.

Hate that this happens. Much luck cleaning up the madness Kyle.
MrJG is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 03:00 PM   #13
Green Leaf Aquariums
Sponsor
 
Green Leaf Aquariums's Avatar
 
PTrader: (86/100%)
Join Date: Feb 2007
Location: SWAMP
Posts: 4,699
Default

Thank you Kyle for the heads up.

-O
Green Leaf Aquariums is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 03:11 PM   #14
ukamikazu
Planted Tank Obsessed
 
ukamikazu's Avatar
 
PTrader: (19/100%)
Join Date: Jun 2010
Location: Austin, Texas
Posts: 410
Default

Thank you again, Kyle. I'm sure everything is well in hand.
__________________
"You are much better off with no numbers than meaningless ones. The minute you believe numbers uncritically, that is, without understanding how they're calculated and how well they measure whatever they're supposed to measure, you will generate a breed of employee who will produce numbers and not results. Your data-processing system will then serve not to describe reality but to lie about it."

-Micheal S. Montalbano
ukamikazu is offline   Reply With Quote Quick reply to this message
Old 09-11-2010, 03:12 PM   #15
Armonious
Planted Tank Obsessed
 
PTrader: (1/100%)
Join Date: Aug 2010
Location: Cleveland, OH
Posts: 483
Default

Thanks for the warning Kyle.

Haven't had any problems that a couple others mentioned here.
Armonious is offline   Reply With Quote Quick reply to this message
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the The Planted Tank Forum forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in

Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:24 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright Planted Tank LLC 2012