PDA

View Full Version : Hack attempt



LongDogs
01-26-2005, 11:17 PM
There was a site hack attempt today that partially succeeded.
It occured sometime before 7pm. I've "de-hacked" the site, and I'm working on blocking the sql-injection technique that was attempted.

Nothing was lost except the co-admin accounts. I removed all admin accounts as part of the cleanup just in case they had been compromised, and will re-create them asap.

I was so busy tracing the attempt and making sure I'd cleaned up any remains of the attempt to notice that the blocks at the left had been turned off. I've turned them back on, but if anyone notices anything missing, please let me know.

Gaddiel
01-27-2005, 07:52 AM
I was so busy tracing the attempt and making sure I'd cleaned up any remains of the attempt to notice that the blocks at the left had been turned off. I've turned them back on, but if anyone notices anything missing, please let me know.

Thanks, LD. Great job! Looks like the block at the top with the ArkGeo logo is still missing...

RuffRidr
01-27-2005, 09:33 AM
Great job at stopping the hack Longdogs. I've seen this happen on several of my favorite forums lately. The result on each one of them has been total or major loss of forum posts. Its very sad to see all that knowledge just disappear. I'm glad to see the damage here was minimal. Keep up the good work!

--RuffRidr

The_Griswolds
01-27-2005, 06:12 PM
Yesterday while I was viewing the sight I noticed that when I moved my curser over the taskbar button for Internet Explorer at the bottom of the screen, the tool tip showed "Hack Attempt" or something like that. If I move my curser there now it says "arkgeocaching.org". I guess I should have been more aware of what it meant. If I notice it again I will email LD.

LongDogs
01-31-2005, 10:30 PM
I've put some new additional countermeasures in place to help prevent hack attacks. We were already running a heavily modified version of PHP-Nuke with lots of security patches and fixes applied, which may be why nothing more was harmed.

The changes should only affect site admins, but if you run into anything that isn't working or gives unexpected warnings, do please let me know.

I also have backups of the site.

LadyEngineer
02-01-2005, 07:39 AM
Since the hack attempt the chat room box that use to be under the site features on the left is gone. Can that be put back?

Phantom_491
02-01-2005, 08:45 AM
Another thing I've noticed is the other weather radar from Intellicast. That was the one I used the most to check the weather.

LongDogs
02-01-2005, 05:16 PM
These should be back on. :oops:

The site looks a bit different to me when I'm logged in as admin (for example things that are turned off show up anyway) so if anything else is missing, please let me know. I may not notice. :roll: I tried to look everywhere, but it is still easy to miss.