| Your Tanks |  |
Image Hosting | |
*Tank Tracker * | |
Plant Profiles | |
Fish Profiles | |
Planted Tank Guide | |
Photo Gallery | |
Articles |
|
|
|
|||||||||||||||
|
||||||||||||||||
09-11-2010, 01:42 PM
|
#1 |
|
Planted Tank VIP
|
Planted Tank Hacked
It appears that September is just not our month. Sometime last night (9/10) the forum was hacked. The last time we were hacked three years ago, it was also early September.
Fortunately the hack did not involve any data loss, and as far as I know, it did not install anything malicious on any computers. The goal of the hack was to steal information from user's of the forum. Here is information about how we were hacked: http://www.vbseo.com/f5/security-bul...eleased-45358/ Let me know if you have any questions. - Kyle
__________________
|
|
|
|
09-11-2010, 01:48 PM
|
#2 |
|
Wannabe Guru
|
Oh my. What kind of information was stolen?
__________________
O_o
/ /_______________________________ | BWAAAH IMA FIRIHN MA LAZER!!!!!!!!! \_\ |
|
|
|
|
09-11-2010, 01:53 PM
|
#3 |
|
Wannabe Guru
|
So what have the hackers possibly gained. Is it just email addresses they are looking for?
|
|
|
|
|
09-11-2010, 01:58 PM
|
#4 |
|
Planted Tank VIP
|
I am about to send out a mass email to all members of the forum urging them to reset their passwords. The information they could have stolen could have been two things:
1) Any text you typed and submitted on the forum in the past 24 hours. 2) Any information your browser has in it's cookies or session information. Unfortunately the details of the attack are very limited and the code that was inserted was dynamic, in other words everytime a page was loaded, the code changed. What I'm telling you is just what I have been informed of what other forum owners have experienced. I would urge everyone to reset their password here: http://www.plantedtank.net/forums/pr...o=editpassword
__________________
|
|
|
|
|
09-11-2010, 02:08 PM
|
#5 |
|
Wannabe Guru
|
Is this possible breach of passwords limited to the password here or would that include other sites that require a user name and password such as eBay and Paypal?
|
|
|
|
|
09-11-2010, 02:14 PM
|
#6 | |
|
Planted Tank VIP
|
Quote:
However any legitimate site you visit would not do this and if they did, it would more than likely be encrypted. I'd say it is much more likely that you get struck by lighting today, twice.
__________________
|
|
|
|
|
|
09-11-2010, 02:22 PM
|
#7 |
|
Wannabe Guru
|
Thanks Kyle.
Is there a reason the VB version number doesn't show at the bottom of the page? |
|
|
|
|
09-11-2010, 02:27 PM
|
#8 |
|
Planted Member
|
Re: Planted Tank Hacked
Kyle, I'm an IT security admin by trait. Approximately 4 years ago there was a 9-11 hack done. The way it worked was to plant it on servers, and it would randomly (9-11 on random years) activate. I'm sure you are already aware of this, so I do apologize if this is repeated information. The initial hack was more of a worm, not really not meant to do damage. Unfortunately like all hacks, variants were written. I will try and dig up the security info I had on it. Again, I don't mean to intrude, just want to share what I know, I apologize if I crossed a line. I know some forums to get touchy when members try and offer information. This does not seem like one of those places, which is why I wanted to send a message.
sent from my phone, because I can't get the internet out in the boonies. |
|
|
|
|
09-11-2010, 02:30 PM
|
#9 |
|
Planted Member
|
Re: Planted Tank Hacked
As you mentioned the dynamic nature of this hack makes it a challenge to defend against. At the time FireFox was so new it was secure, it was targeted at IE, go figure.
sent from my phone, because I can't get the internet out in the boonies. |
|
|
|
|
09-11-2010, 02:38 PM
|
#10 |
|
Planted Member
|
Clicked on the link sent in the email to reset my password and it popped up a java script that downloaded an EXE file to my computer.... which was flagged and isolated....
Are you sure you go everything patched up, that doesn't seem to be very legitimate behavior.
__________________
46 gallon bowfront, Dalmatian Mollies, Swordtails, Otos
75 gallon Lake Malawi African Cichlids 3 gallon nano desktop with Betta at the office |
|
|
|
|
09-11-2010, 02:52 PM
|
#11 |
|
Planted Tank Guru
|
Kyle,
Thank you for the warning. Cris
__________________
 |
|
|
|
|
09-11-2010, 02:54 PM
|
#12 |
|
Wannabe Guru
|
Same here on the link to this thread from the email. Chrome blocked it as malicious activity but logging in direct to the forum did not have any issues.
Hate that this happens. Much luck cleaning up the madness Kyle.
__________________
|
|
|
|
|
09-11-2010, 03:00 PM
|
#13 |
|
Sponsor
|
Thank you Kyle for the heads up.
-O |
|
|
|
|
09-11-2010, 03:11 PM
|
#14 |
|
Planted Tank Obsessed
|
Thank you again, Kyle. I'm sure everything is well in hand.
__________________
"You are much better off with no numbers than meaningless ones. The minute you believe numbers uncritically, that is, without understanding how they're calculated and how well they measure whatever they're supposed to measure, you will generate a breed of employee who will produce numbers and not results. Your data-processing system will then serve not to describe reality but to lie about it."
-Micheal S. Montalbano |
|
|
|
|
09-11-2010, 03:12 PM
|
#15 |
|
Planted Tank Obsessed
|
Thanks for the warning Kyle.
Haven't had any problems that a couple others mentioned here. |
|
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
