The Planted Tank Forum banner

Status
Not open for further replies.
1 - 20 of 109 Posts

·
Premium Member
Joined
·
13,533 Posts
Discussion Starter #1
It appears that September is just not our month. Sometime last night (9/10) the forum was hacked. The last time we were hacked three years ago, it was also early September.

Fortunately the hack did not involve any data loss, and as far as I know, it did not install anything malicious on any computers. The goal of the hack was to steal information from user's of the forum.

Here is information about how we were hacked:

http://www.vbseo.com/f5/security-bulletin-vbseo-3-5-2-released-45358/

Let me know if you have any questions.

- Kyle
 

·
Premium Member
Joined
·
13,533 Posts
Discussion Starter #4
I am about to send out a mass email to all members of the forum urging them to reset their passwords. The information they could have stolen could have been two things:

1) Any text you typed and submitted on the forum in the past 24 hours.
2) Any information your browser has in it's cookies or session information.

Unfortunately the details of the attack are very limited and the code that was inserted was dynamic, in other words everytime a page was loaded, the code changed. What I'm telling you is just what I have been informed of what other forum owners have experienced.

I would urge everyone to reset their password here:

http://www.plantedtank.net/forums/profile.php?do=editpassword
 

·
Registered
Joined
·
1,956 Posts
Is this possible breach of passwords limited to the password here or would that include other sites that require a user name and password such as eBay and Paypal?
 

·
Premium Member
Joined
·
13,533 Posts
Discussion Starter #6
Is this possible breach of passwords limited to the password here or would that include other sites that require a user name and password such as eBay and Paypal?
It is possible that if you visited a site that had such unbelievably lax security protocol that they stored your password in your cookies, this could happen.

However any legitimate site you visit would not do this and if they did, it would more than likely be encrypted. I'd say it is much more likely that you get struck by lighting today, twice.
 

·
Registered
Joined
·
235 Posts
Kyle, I'm an IT security admin by trait. Approximately 4 years ago there was a 9-11 hack done. The way it worked was to plant it on servers, and it would randomly (9-11 on random years) activate. I'm sure you are already aware of this, so I do apologize if this is repeated information. The initial hack was more of a worm, not really not meant to do damage. Unfortunately like all hacks, variants were written. I will try and dig up the security info I had on it. Again, I don't mean to intrude, just want to share what I know, I apologize if I crossed a line. I know some forums to get touchy when members try and offer information. This does not seem like one of those places, which is why I wanted to send a message.

sent from my phone, because I can't get the internet out in the boonies.
 

·
Registered
Joined
·
235 Posts
As you mentioned the dynamic nature of this hack makes it a challenge to defend against. At the time FireFox was so new it was secure, it was targeted at IE, go figure.

sent from my phone, because I can't get the internet out in the boonies.
 

·
Registered
Joined
·
159 Posts
Clicked on the link sent in the email to reset my password and it popped up a java script that downloaded an EXE file to my computer.... which was flagged and isolated....

Are you sure you go everything patched up, that doesn't seem to be very legitimate behavior.
 

·
Registered
Joined
·
410 Posts
Thank you again, Kyle. I'm sure everything is well in hand.
 

·
Registered
Joined
·
375 Posts
I think you may want to still check your code. When I got the email I thought it suspicious. So I just deleted it. Came to the site here manually, and the main forum page started making my antivirus go nuts.

Just wanted to give you a heads up.
 

·
Registered
Joined
·
439 Posts
and as far as I know, it did not install anything malicious on any computers.
Yes it did -- when I got here my browser (Safari) flashed a message that the site contained malware.
 

·
Premium Member
Joined
·
13,533 Posts
Discussion Starter #19
I am 99% sure that we got rid of the hack. Of course there is a slight chance that we missed something.

I believe that the users who are still experiencing a problem likely have a cached version of the forum or a specific page from the forum in their browsers. In order to remove these cached versions here are instructions:

http://www.aboutcookies.org/Default.aspx?page=2
 
1 - 20 of 109 Posts
Status
Not open for further replies.
Top