Regarding the recent forum attacks/defacements
Posted: 02 Sep 2006, 21:20
Earlier this week Eurobeat-Prime was the victim of an apparently random defacement, I took the forums down, and after a somewhat careful cleaning and security check, I put them back up.
They were promptly defaced again, this time slightly worse - we lost some forum posts and had admin passwords reset.
This morning I went through everything I could with a fine-tooth comb and am reasonably sure I finally found the hole they were using. This hole appears to be a new exploit for PHPBB's avatar upload system, if you know any communities using that software or run one yourself, I'd advise being on your toes.
But since I cannot be "COMPLETELY" sure the forums are now safe (you can never be) - I would recommend using common sense and keeping your browsers, operating system up to date and set to reasonable security levels. As sadly a good portion of website defacements are used as a platform to infect visitors with viruses/trojans/spyware. (no evidence of that in our case, though)
Issues:
Lost posts: A few of the minor forums were apparently wiped at random. we have these posts in a recent backup, but I'm still working on a solution to gracefully restore them (as I'd rather not lose recent posts and fixes in a total wipe>restore)
User passwords: should be safe due to the way phpbb stores them (encrypted one-way hash), however changing your password is a healthy habit and you may want to do so anyway.
Hidden email addresses: if our attackers were inclined - they would have had the ability to snag our entire email database. So if you notice more spam than usual there's a clue, sorry guys
Finally, if you notice anything strange - or any new site/forum bugs, feel free to alert me at jordanjb@gmail.com (msn or email)
They were promptly defaced again, this time slightly worse - we lost some forum posts and had admin passwords reset.
This morning I went through everything I could with a fine-tooth comb and am reasonably sure I finally found the hole they were using. This hole appears to be a new exploit for PHPBB's avatar upload system, if you know any communities using that software or run one yourself, I'd advise being on your toes.
But since I cannot be "COMPLETELY" sure the forums are now safe (you can never be) - I would recommend using common sense and keeping your browsers, operating system up to date and set to reasonable security levels. As sadly a good portion of website defacements are used as a platform to infect visitors with viruses/trojans/spyware. (no evidence of that in our case, though)
Issues:
Lost posts: A few of the minor forums were apparently wiped at random. we have these posts in a recent backup, but I'm still working on a solution to gracefully restore them (as I'd rather not lose recent posts and fixes in a total wipe>restore)
User passwords: should be safe due to the way phpbb stores them (encrypted one-way hash), however changing your password is a healthy habit and you may want to do so anyway.
Hidden email addresses: if our attackers were inclined - they would have had the ability to snag our entire email database. So if you notice more spam than usual there's a clue, sorry guys
Finally, if you notice anything strange - or any new site/forum bugs, feel free to alert me at jordanjb@gmail.com (msn or email)