Jump to content

RE: forum hack


fisk

Recommended Posts

  • Administrators

So basically IP.Board is a security flaw ridden crock of shit. The forums have actually been compromised for some time, since there's some backdoors that keep coming back. 14-year-old-skiddie-wanting-to-get-famous #14140 discovered that and made le epic defaced page only 20 people will have read instead of plastering dubious redirects like everyone else who compromised the site so far.

 

The exploit in question relies on some highly insecure caching feature of IP.Board. All someone has to do is inject some content that ends up being saved as the general forum layout, resulting in everyone seeing the same "lol we hack u" page. They did not SSH in and can't really do much outside of alter the appearance of the forums. They can't really do anything destructive unless they start session stealing. The last people that did this only wanted to make sure we'd continue serving ads on their behalf by coming back later and trying to cover their tracks.

 

Just so people know, the server that the forum is hosted on is completely isolated from the main website. Even if they did SSH in, there's barely anything of value on the forum server.

 

Adding a fully integrated, custom forum board to the main site, like the one I made on Bazaar, is something on the todo list. I don't think it'll be too hard to make something better than this dreck.

Link to comment
Share on other sites

  • Administrators

Okeh. So NullSecBG is simply some 14 year olds that just did this exploit but don't actually hack?

 

Short history of PHP-based forum boards: They have exploits in them, but they're usually patched very quickly. But not everyone will be updated to use the latest version of the software. I am 99% sure our forum software package is kinda outdated in which case I've asked Brad about it because if so we should probably upgrade and then this problem might go away forever.

 

These attacks are never really targeted, it's just some kid scanning the entire Internet for websites that are using a vulnerable piece of software. They'll then post their victories to Facebook or whatever. I've seen this sort of thing before.

Link to comment
Share on other sites

I noticed that happening earlier today, so how long do you think your idea will move from the list to a reality? 

Link to comment
Share on other sites

They can't really do anything destructive unless they start session stealing. The last people that did this only wanted to make sure we'd continue serving ads on their behalf by coming back later and trying to cover their tracks.

 

Wait, what happened with this?

Link to comment
Share on other sites

These attacks are never really targeted, it's just some kid scanning the entire Internet for websites that are using a vulnerable piece of software. They'll then post their victories to Facebook or whatever. I've seen this sort of thing before.

I fear for the next generation.

Link to comment
Share on other sites

Let's hope the forums don't get compromised.

 

I really don't wanne see when i go the forums that i see "HAHAHAHHAHA! LOL! YOU GOT HACKED BY LE MEMESQAUD! PAY US 1000$ OR WE'LL MEME TIS UP!!!"

 

Anyways, thanks for keeping us up Fiskie!

Link to comment
Share on other sites

  • Administrators

Wait, what happened with this?

 

Basically a few admin accounts were compromised a few months ago with the sole purpose of keeping the advertisement redirects up.

 

Whenever they logged in as us they would delete any log entries tracing back to them. They forgot to do that one time, so we finally found out about it.

Link to comment
Share on other sites

http://forums.backpack.tf/haxor.php if you want to see the epic defaced forums home page.

 

The forum is not outdated, but at some point it was and a backdoor was "installed" to be used later. We're running the latest patches and fixes from the 3.x branch but the backdoor was already there, waiting to be accessed. 4.x was just released and we have many plugins that would probably not work in 4.x. We would need to test them to ensure they work, but that seems like useless efforts if we end up using our own custom forums eventually.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...