Administrators fisk Posted June 30, 2015 Administrators Share Posted June 30, 2015 So basically IP.Board is a security flaw ridden crock of shit. The forums have actually been compromised for some time, since there's some backdoors that keep coming back. 14-year-old-skiddie-wanting-to-get-famous #14140 discovered that and made le epic defaced page only 20 people will have read instead of plastering dubious redirects like everyone else who compromised the site so far. The exploit in question relies on some highly insecure caching feature of IP.Board. All someone has to do is inject some content that ends up being saved as the general forum layout, resulting in everyone seeing the same "lol we hack u" page. They did not SSH in and can't really do much outside of alter the appearance of the forums. They can't really do anything destructive unless they start session stealing. The last people that did this only wanted to make sure we'd continue serving ads on their behalf by coming back later and trying to cover their tracks. Just so people know, the server that the forum is hosted on is completely isolated from the main website. Even if they did SSH in, there's barely anything of value on the forum server. Adding a fully integrated, custom forum board to the main site, like the one I made on Bazaar, is something on the todo list. I don't think it'll be too hard to make something better than this dreck. Link to comment Share on other sites More sharing options...
Mengh. Posted June 30, 2015 Share Posted June 30, 2015 Okeh. So NullSecBG is simply some 14 year olds that just did this exploit but don't actually hack? Link to comment Share on other sites More sharing options...
Administrators fisk Posted June 30, 2015 Author Administrators Share Posted June 30, 2015 Okeh. So NullSecBG is simply some 14 year olds that just did this exploit but don't actually hack? Short history of PHP-based forum boards: They have exploits in them, but they're usually patched very quickly. But not everyone will be updated to use the latest version of the software. I am 99% sure our forum software package is kinda outdated in which case I've asked Brad about it because if so we should probably upgrade and then this problem might go away forever. These attacks are never really targeted, it's just some kid scanning the entire Internet for websites that are using a vulnerable piece of software. They'll then post their victories to Facebook or whatever. I've seen this sort of thing before. Link to comment Share on other sites More sharing options...
Roastededededed Posted June 30, 2015 Share Posted June 30, 2015 I noticed that happening earlier today, so how long do you think your idea will move from the list to a reality? Link to comment Share on other sites More sharing options...
The Recluse Posted June 30, 2015 Share Posted June 30, 2015 They can't really do anything destructive unless they start session stealing. The last people that did this only wanted to make sure we'd continue serving ads on their behalf by coming back later and trying to cover their tracks. Wait, what happened with this? Link to comment Share on other sites More sharing options...
Professional Map Painter Posted June 30, 2015 Share Posted June 30, 2015 These attacks are never really targeted, it's just some kid scanning the entire Internet for websites that are using a vulnerable piece of software. They'll then post their victories to Facebook or whatever. I've seen this sort of thing before. I fear for the next generation. Link to comment Share on other sites More sharing options...
Free money accepted here Posted June 30, 2015 Share Posted June 30, 2015 Where is the "epic defaced page"? Link to comment Share on other sites More sharing options...
Cave Posted June 30, 2015 Share Posted June 30, 2015 Let's hope the forums don't get compromised. I really don't wanne see when i go the forums that i see "HAHAHAHHAHA! LOL! YOU GOT HACKED BY LE MEMESQAUD! PAY US 1000$ OR WE'LL MEME TIS UP!!!" Anyways, thanks for keeping us up Fiskie! Link to comment Share on other sites More sharing options...
Administrators fisk Posted June 30, 2015 Author Administrators Share Posted June 30, 2015 Wait, what happened with this? Basically a few admin accounts were compromised a few months ago with the sole purpose of keeping the advertisement redirects up. Whenever they logged in as us they would delete any log entries tracing back to them. They forgot to do that one time, so we finally found out about it. Link to comment Share on other sites More sharing options...
Brad Pitt Posted June 30, 2015 Share Posted June 30, 2015 http://forums.backpack.tf/haxor.php if you want to see the epic defaced forums home page. The forum is not outdated, but at some point it was and a backdoor was "installed" to be used later. We're running the latest patches and fixes from the 3.x branch but the backdoor was already there, waiting to be accessed. 4.x was just released and we have many plugins that would probably not work in 4.x. We would need to test them to ensure they work, but that seems like useless efforts if we end up using our own custom forums eventually. Link to comment Share on other sites More sharing options...
.Dusk Posted June 30, 2015 Share Posted June 30, 2015 but what if forum was not kill? Link to comment Share on other sites More sharing options...
Keroro1454 Posted June 30, 2015 Share Posted June 30, 2015 Is that link safe? My stupid curiosity demands moar viruses Link to comment Share on other sites More sharing options...
Дебра Posted June 30, 2015 Share Posted June 30, 2015 Is that link safe? My stupid curiosity demands moar viruses Yeah it is, they just do it for fun Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.