Welcome, Guest. Please
Login
Home
Help
Search
Login
FAQ
Radified
Ghost.Classic
Ghost.New
Bootable CD
Blog
Radified Community Forums
›
Rad Community Non-Technical Discussion Boards
›
YaBB Forum Software + Rad Web Site
› Hacked Again?!
(Moderators: Rad, Christer, NightOwl, Pleonasm, MrMagoo, El_Pescador)
‹
Previous Topic
|
Next Topic
›
Pages: 1
Hacked Again?! (Read 21335 times)
NightOwl
Radministrator
Offline
"I tought I saw a puddy
tat..."
Posts: 5826
Olympia, WA--Puget Sound--USA
Back to top
Hacked Again?!
Jan 17
th
, 2014 at 10:56pm
To all
It is Friday, 1/17/2014 at around 8:30 pm Pacific Std Time.
I am seeing the same issues with the website as noted yesterday--i.e.:
Quote:
This morning I noticed the browser (Chrome--I thought it did not do JavaScripts
?) said > "
Waiting for site > vacance-petit-prix.com
"
And the forum is sluggish and unresponsive.
I recommend folks might want to stop posting until this is figured out
--or at least copy and paste your posts to WordPad and save them on your system so you can go back and re-post them if you want later.
Edited:
2/1/2014--it's about two weeks since the forum was hacked--looks like the problem has been removed, and we have been without incident since mid-January. So, folks should be able to post without worry--at least for now!
So, no saving copies of your posts for re-posting because they might be lost--we're not anticipating any ongoing problems based on current status--NightOwl
There is a *Print* function that will bring up a text version of the thread--you can copy that and paste it to Word and you will have the entire thread saved in the order the posts were made. One will have to manually recreate the thread later, but it can be done
____________________________________________________________________________________________
No question is stupid ... but, possibly the answers are
!
IP Logged
NightOwl
Radministrator
Offline
"I tought I saw a puddy
tat..."
Posts: 5826
Olympia, WA--Puget Sound--USA
Back to top
Re: Hacked Again?!
Reply #1 -
Jan 18
th
, 2014 at 1:26am
To All
Well, it's approx. 11:15 pm and I no longer see any of the delays that were happening earlier in the evening.
I've tried IE8, FireFox, and Chrome--and none show any problems--so don't know what to think right now! The *Waiting for site > vacance-petit-prix.com* no longer shows at the bottom of the Chrome browser screen--that message was occurring when the site was stalling.
____________________________________________________________________________________________
No question is stupid ... but, possibly the answers are
!
IP Logged
Dan Goodell
Special Guest
Offline
Posts: 552
N California
Back to top
Re: Hacked Again?!
Reply #2 -
Jan 18
th
, 2014 at 2:09am
NightOwl wrote
on Jan 17
th
, 2014 at 10:56pm:
I am seeing the same issues with the website as noted yesterday [...] And the forum is sluggish and unresponsive.
I just tried it with Chrome and scripting turned on, but didn't see any problems.
Quote:
I recommend folks might want to stop posting until this is figured out--or at least copy and paste your posts to WordPad and save them on your system so you can go back and re-post them if you want later.
There is a *Print* function that will bring up a text version of the thread--you can copy that and paste it to Word and you will have the entire thread saved in the order the posts were made.One will have to manually recreate the thread later, but it can be done
I take it you moderators have ftp access to radified.com/cgi-bin/yabb2, right? If so, can you just make copies of a couple of the subfolders in yabb2?
It's been years since I ran a couple forums myself but I used the same YaBB software (albeit an older version than what Rad's running now). IIRC there should be a couple folders called something like "Messages" and "Boards" or something like that. Those were the two folders I used to keep judiciously backed up.
All the scripts and css stuff should be in other folders and would be the targets of any hacking attack (because Messages and Boards don't contain any scripts or anything executable). If you have a current copy of Messages and Boards and Rad has to restore the forum from an old backup again, the restore will fix the forum *infrastructure* and a straight recopy of the two folders should bring the forum *content* current again.
IP Logged
Rad
Radministrator
Offline
Sufferin' succotash
Posts: 4090
Newport Beach, California
Back to top
Re: Hacked Again?!
Reply #3 -
Jan 18
th
, 2014 at 10:07am
I have not noticed any problems since the restore.
Did you close all rad pages and flush your browser cache?
If you get the 'waiting for' that site, then either you still have infected javascript files in your cache or we are hacked.
i will re-scan all files.
IP Logged
Rad
Radministrator
Offline
Sufferin' succotash
Posts: 4090
Newport Beach, California
Back to top
Re: Hacked Again?!
Reply #4 -
Jan 18
th
, 2014 at 11:13am
This morning (Saturday) I had the studly dude at my web host runs the script to check for instances of the vacance- name, and the only hits came from html files where I/we had mentioned it ourselves.
So we are good .. as of Saturday morning, 9AM Pacific.
Plus I changed my site log-in password .. yet again.
IP Logged
NightOwl
Radministrator
Offline
"I tought I saw a puddy
tat..."
Posts: 5826
Olympia, WA--Puget Sound--USA
Back to top
Re: Hacked Again?!
Reply #5 -
Jan 20
th
, 2014 at 5:52pm
@
Rad
NightOwl wrote
on Jan 17
th
, 2014 at 10:56pm:
It is Friday, 1/17/2014 at around 8:30 pm Pacific Std Time.
I am seeing the same issues with the website as noted yesterday
Well, everything seemed back to normal early on Friday morning, 1/17, after the forum had been restored. It wasn't until the evening that I was having problems.
Rad wrote
on Jan 18
th
, 2014 at 10:07am:
Did you close all rad pages and
flush your browser cache?
No, I had not--but the problem was not there earlier in the day. I did flush the cache after I read this, but the problem was already gone at that point (again)--so don't know if that was necessary or not.
Haven't had any problems since...(fingers crossed!)...
____________________________________________________________________________________________
No question is stupid ... but, possibly the answers are
!
IP Logged
Amish.
Technoluster
Offline
Dude! (Rad in SeaMonkey)
Posts: 104
Back to top
Re: Hacked Again?!
Reply #6 -
Jan 21
st
, 2014 at 12:22pm
you could have gotten the infected files before the destination server got overloaded.
that's really what made the hack so apparent.
IP Logged
NightOwl
Radministrator
Offline
"I tought I saw a puddy
tat..."
Posts: 5826
Olympia, WA--Puget Sound--USA
Back to top
Re: Hacked Again?!
Reply #7 -
Jan 22
nd
, 2014 at 2:12pm
@
Dan Goodell
Dan Goodell wrote
on Jan 18
th
, 2014 at 2:09am:
I take it you moderators have ftp access to radified.com/cgi-bin/yabb2,
right?
If so, can you just make copies of a couple of the subfolders in yabb2?
Actually, no! The *moderator* or *Admin* designation determines the options that can be controlled using the forum's *Admin Control Panel*.
Access to the web site's directories and files is under the control of the web site owner--Rad.
Dan Goodell wrote
on Jan 18
th
, 2014 at 2:09am:
It's been years since I ran a couple forums myself but I used the same YaBB software (albeit an older version than what Rad's running now). IIRC there should be a couple folders called something like "Messages" and "Boards" or something like that.
Those were the two folders I used to keep judiciously backed up.
That's interesting!
Dan Goodell wrote
on Jan 18
th
, 2014 at 2:09am:
If you have a current copy of Messages and Boards and Rad has to restore the forum from an old backup again, the restore will fix the forum *infrastructure* and
a straight recopy of the two folders should bring the forum *content* current again.
Even more interesting!
Well, I wonder, if we know in the future that the board has to be restored from an older backup image, if we could first save those Messages and Board files for over-writing the dated Messages and Board files that will come from the older restored forum backup?!
@
Rad
Is that an option in the future? Do we need to be keeping regular backups of those files or directories? Can that be automated, and the backups stored elsewhere on the server and/or off-site?
Curious--are those files for the Board threads and Messages just text files? Are the encrypted? Can they be accesses one message or thread at a time? Are the individual threads and messages available by searching, or are they in some proprietary data based file that only the forum software can understand and access?
____________________________________________________________________________________________
No question is stupid ... but, possibly the answers are
!
IP Logged
Dan Goodell
Special Guest
Offline
Posts: 552
N California
Back to top
Re: Hacked Again?!
Reply #8 -
Jan 22
nd
, 2014 at 7:34pm
NightOwl wrote
on Jan 22
nd
, 2014 at 2:12pm:
Curious--are those files for the Board threads and Messages just text files?Are the encrypted?Can they be accesses one message or thread at a time?Are the individual threads and messages available by searching, or are they in some proprietary data based file that only the forum software can understand and access?
The forum software is written in perl, and part of the beauty of perl is it's tailor made to use text files for everything, from the program itself (perl scripts in text format) to the data files (also in text format).
I dragged a backup of one of my old forums out of storage to refresh my memory. According to the footer on this forum Rad is running YaBB 2.4, while my old forums were on YaBB 1.4. It's probably generally similar, but take that as a disclaimer for the following comments below.
The Boards directory contained a series of text files that were basically related to the forum structure--names and locations of the forum's msg boards and an id that may have pointed to each board's most recent post.
The Messages directory contained a series of text files representing all msgs for all boards, lumped into this one directory. Each post was stored separately as a pair of text files--one file being the post's contents and the other an index to where (which board and thread) the post belonged. The posts could be read individually but not as a thread because everything was lumped together in one directory.
Hover over a thread link when you're looking at the index to any board and notice the url to where the link points. See that long numeric string? That's the post's id number and the actual post is stored in the Messages directory as a pair of files with that id number. (Note: I haven't explored where pics or uploads go.)
Those two directories contain the names, contents and indexes of all the boards, so should serve as a drag-and-drop backup of the contents of the entire forum. They do not contain the colors, layout, member list, or any parts of the forum that could be the called the infrastructure.
It should be easy to automate backups--my linux is rusty but I'm sure Rad can easily setup a cron job on the server. Maybe he's been doing that already, but I don't know on what time schedule.
IP Logged
Dan Goodell
Special Guest
Offline
Posts: 552
N California
Back to top
Re: Hacked Again?!
Reply #9 -
Jan 22
nd
, 2014 at 9:56pm
Dan Goodell wrote
on Jan 22
nd
, 2014 at 7:34pm:
Each post was stored separately as a pair of text files--one file being the post's contents and the other an index to where (which board and thread) the post belonged.The posts could be read individually but not as a thread because everything was lumped together in one directory.
Oops, let me correct that. It seems I may have randomly pulled a backup from an earlier version from around 10 yrs ago. A more recent backup (about 5 yrs ago) from the YaBB 1.4 version I was using then shows the text files in the Messages directory are whole threads, not individual messages.
So you can indeed read a whole thread together. It's a tad inconvenient because the posts run on in one long string with delimiter codes to mark the beginning of each post (and linux line feeds are different from Windows), but if your goal is just to do a text search then it should work fine.
IP Logged
NightOwl
Radministrator
Offline
"I tought I saw a puddy
tat..."
Posts: 5826
Olympia, WA--Puget Sound--USA
Back to top
Re: All Clear For Now
Reply #10 -
Feb 1
st
, 2014 at 2:25pm
To all
It's about two weeks since the forum was hacked--looks like the problem has been removed, and we have been without incident since mid-January. So, folks should be able to post without worry.
So, no saving copies of your posts for re-posting because they might be lost--we're not anticipating any ongoing problems based on our current status.
____________________________________________________________________________________________
No question is stupid ... but, possibly the answers are
!
IP Logged
Rad
Radministrator
Offline
Sufferin' succotash
Posts: 4090
Newport Beach, California
Back to top
Re: Hacked Again?!
Reply #11 -
Feb 5
th
, 2014 at 11:30pm
yes.
=)
IP Logged
Pages: 1
‹
Previous Topic
|
Next Topic
›
« Home
‹ Board
Top of this page
Forum Jump »
Home
» 10 most recent Posts
» 10 most recent Topics
Rad Community Technical Discussion Boards (Computer Hardware + PC Software)
- Norton Ghost 15, 14, 12, 10, 9, + Norton Save + Restore (NS+R)
- Norton Ghost 2003, Ghost v8.x + Ghost Solution Suite (GSS) Discussion Board
- Cloning Programs (Except Norton Ghost)
- NightOwl's Bootable CD/DVD
- PC Hardware + Software (except Cloning programs)
Rad Community Non-Technical Discussion Boards
- The Water Cooler
- YaBB Forum Software + Rad Web Site ««
Radified Community Forums
» Powered by
YaBB 2.4
!
YaBB
© 2000-2009. All Rights Reserved.