Hacked

Josh Richardson

Josh Richardson

EF4
Joined
Sep 25, 2006
Messages
390
Location
Mason City IA
What's going on with the "Hacked by Andy" signs in various places of the site. It's right where some people's names are when they post and the some others just say HACKE in bright yellow along with their name.
 
Josh Richardson said:
It's right where some people's names are when they post and the some others just say HACKE in bright yellow along with their name.
Click to expand...

Apparently, it has progressed some. No longer says HACKE before their names in bright yellow. Just says HACKED BY ANDY by everyone's name now in different colors. I'm assuming someone is already aware of this since Jeff S. is online right now.
 
I appreciate the quick alerts about what was happening late this morning. It appears that this was a garden variety hacking session. The cause was either an exploited staff password or an old component (probably vbAdvanced CMPS, which drives our front page).. I haven't gone into the log files to find out. It appears to me the 'hackers' basically went straight to our subscription settings, saw we didn't use a credit card payment gateway and couldn't run their stolen card numbers, so they left some graffiti. Their IPs traced back to Germany and Sweden.

I removed the modified templates and settings, then spent awhile combing through the config files, MySQL, and server side files to look for any compromised parts of the forum... everything looked fine.

There's no guarantees on this, of course, but it looks like we're in the clear. A side benefit is our forum software and vbAdvanced packages are completely current again... it's been a few months since our last upgrade.
 
Tim Vasquez said:
I appreciate the quick alerts about what was happening late this morning. It appears that this was a garden variety hacking session. The cause was either an exploited staff password or an old component (probably vbAdvanced CMPS, which drives our front page).. I haven't gone into the log files to find out. It appears to me the 'hackers' basically went straight to our subscription settings, saw we didn't use a credit card payment gateway and couldn't run their stolen card numbers, so they left some graffiti. Their IPs traced back to Germany and Sweden.

I removed the modified templates and settings, then spent awhile combing through the config files, MySQL, and server side files to look for any compromised parts of the forum... everything looked fine.

There's no guarantees on this, of course, but it looks like we're in the clear. A side benefit is our forum software and vbAdvanced packages are completely current again... it's been a few months since our last upgrade.
Click to expand...


they probably jumped across proxy servers, masking their real ip's, so they wouldn't get caught. Seriously doubt they were from sweden or germany.

I'd recommend backing up the mySQL database nightly, or maybe every other night for safety purposes, that way if it goes down, you can just load the backup files into the database, and correct the problem.
 
They're credit card thieves. Would you use a government computer to process your stolen numbers if you were them? Me neither.. :)

Sent from my Samsung Galaxy S II using Tapatalk
 
Matt Tottle said:
Yeah more likely Russia or China.

Sent from my Samsung Galaxy S II using Tapatalk
Click to expand...

doubtful. The russians and the chinese don't have any reason to hack this forum, neither do random hackers, there's nothing of value for them to hack. They don't randomly just choose a forum to hack for the fun of it.

Hackers go after sites with valid assets or usually when a site has attracted some attention through controversy, or the display of poor ethics or decisions (i.e. Anonymous). This site doesn't have a major store, or a high number of credit card transactions processed, so I can't find any logical reason to explain why any random hackers from China, Russia, Germany, or Sweden would try to hack Storm Track, that just doesn't make any sense.

Most likely it's someone who has a sort of personal vendetta with the forum or the moderators/administrators or Tim, that is trying to be sneaky and using a proxy server to attempt to be cute. Most likely, they were trying to mess with forum settings or crash it. Since they were putting "Hacked by Andy" signs up, I could assume that they know one of the several Andy's currently on the forum, or is a previous member, or perhaps someone close to the late Andy Gabrielson, however, that is speculation at this point.

List of Andy's currently on the forum, bottom of page 3, and then again top of page 4.
http://www.stormtrack.org/forum/memberlist.php?page=3&order=asc&sort=username

a cure to that is to backup the database nightly, if it goes down, it's pretty simple to load the backup in and get it back up and running. whoever it is, is an amateur and doesn't know what they are doing.
 
Drew.Gardonia said:
doubtful. The russians and the chinese don't have any reason to hack this forum, neither do random hackers, there's nothing of value for them to hack. They don't randomly just choose a forum to hack for the fun of it.

Hackers go after sites with valid assets or usually when a site has attracted some attention through controversy, or the display of poor ethics or decisions (i.e. Anonymous). This site doesn't have a major store, or a high number of credit card transactions processed, so I can't find any logical reason to explain why any random hackers from China, Russia, Germany, or Sweden would try to hack Storm Track, that just doesn't make any sense.

Most likely it's someone who has a sort of personal vendetta with the forum or the moderators/administrators or Tim, that is trying to be sneaky and using a proxy server to attempt to be cute. Most likely, they were trying to mess with forum settings or crash it. Since they were putting "Hacked by Andy" signs up, I could assume that they know one of the several Andy's currently on the forum, or is a previous member, or perhaps someone close to the late Andy Gabrielson, however, that is speculation at this point.

List of Andy's currently on the forum, bottom of page 3, and then again top of page 4.
http://www.stormtrack.org/forum/memberlist.php?page=3&order=asc&sort=username

a cure to that is to backup the database nightly, if it goes down, it's pretty simple to load the backup in and get it back up and running. whoever it is, is an amateur and doesn't know what they are doing.
Click to expand...


I was thinking the same thing. Hackers would also not post "Hacked by Andy". That is a big red flag. Hackers want to get in and out with out tripping any alarms or flags. My guess is that it was an inside job "someone we know".
 
Brian Davidson said:
My guess is that it was an inside job "someone we know".
Click to expand...

I highly doubt that. Much more likely is that it was a "script kiddie" or someone who uses various tools they didn't develop to attack and and deface websites for attention or just to be malicious. They've probably got some software that exploits a known flaw in vBulletin and then go from site to site trying to break in, glean what information they can (credit cards or passwords), and then deface the site on the way out.
 
You must log in or register to reply here.

Similar threads

Dan Robinson
Social media plugin/function for ST
Replies
3
Views
1K
Jeff Duda
Jeff Duda
Dan Robinson
The coordinated push to eliminate weather websites
Replies
14
Views
1K
Jason N
Jason N
Jeff Duda
  • Poll Poll
How are we doing? Mid-2024 poll
Replies
13
Views
987
JamesCaruso
JamesCaruso
Dan Robinson
Has social media completely subverted the photography realm?
2
Replies
16
Views
1K
Andy Wehrle
Andy Wehrle
Dan Ross
2024-05-24 EVENT: IA/IL/WI
Replies
11
Views
712
Andy Wehrle
Andy Wehrle
Back
Top