Security Breach June 24, 2012

What do you want to see here? Some more categories, forums, and mods? Hmm...
Post Reply
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Security Breach June 24, 2012

Post by Tank Program »

Approximately 14 months ago, the Wiki suffered a security breach. This was evident and the Wiki was repaired. What was unknown was that either in conjunction or separately, the Forums were also breached. A back door allowing file access and execution privileges appears to have been installed shortly after the Wiki breach. This back door was accessed for a period of approximately one week, then left in place and ignored.

It is impossible to tell what was done during this period of access, only that there were no visible effects, which is why it remained undetected. The back door would have allowed raw database access, as well as access to the Forums software.

The back door remained in place, but was not accessed again, until earlier this month. At this point several additional back doors were installed. A few days ago, additional action was taken resulting in the advertisements discussed here. The config.php file was altered to call an external php file. This file checked source IPs and user-agents to determine whether or not the viewer was human. If that was determined to be the case, the script would perform two primary functions. The script would check a pre-defined url, and download its contents to a cache file. The cache file would then be read in and displayed - this would be the advertisements that were seen.

To the best of my knowledge, that is what happened.

At this point, all identified back doors have been removed, and the forums software has been reloaded clean. While I am reasonably certain that I have found everything, I cannot guarantee it due to the size of the forums database and the number of uploaded attachments. I strongly suggest that all members immediately change their passwords. If your forums password is used elsewhere, change it at those locations as well. I do not know for certain that the database was lifted and/or any passwords stolen, but it is technically possible that this has happened.

Apologies for any inconvenience.
Image
User avatar
TheKing
Posts: 1
Joined: Thu Nov 17, 2011 1:28 am
Location: United States of America - Ohio

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by TheKing »

We all thank you very much for your work, and also for alerting us of the potentual password issue.

I'd just like to say tyvm
-The King-
Owner of The Kingdom
Word
Reverse Adjust Outside Corner Grinder
Posts: 4258
Joined: Wed Jan 07, 2009 6:13 pm

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by Word »

I could only post here by copying the URL I got from clicking the reply button of a different topic and changing the relevant bits. The POST REPLY/QUOTE button aren't shown here. And the Board Index seems to be differently positioned (but it works).



edit: And now, after I posted, these buttons are there again.


edit2: and after going to the board-index and reopening the topic, they're gone. haha
User avatar
xtrapoint
Average Program
Posts: 53
Joined: Wed Nov 23, 2011 10:11 pm

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by xtrapoint »

/me is glad he uses different passwords for EVERYTHING.
Thanks for the alert.
--They say nobody is perfect, then they say practice makes perfect. I wish they would make up their minds.
--The less people speak of their greatness, the more we think of it.
--Dealing with backstabbers, there was one thing I learned. They're only powerful when you got your back turned.
--I don't have to attend every argument I'm invited to.
--The dumber people think you are, the more surprised they're going to be when you kill them.
--There are two types of people - those who come into a room and say, "Well, here I am!" and those who come in and say, "Ah, there you are."
--It doesn't matter what temperature a room is, it's always room temperature.
--You can't have everything in the world, where would you put it?
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by Tank Program »

Word wrote:I could only post here by copying the URL I got from clicking the reply button of a different topic and changing the relevant bits.
Global Announcements appear to be handled funny. They take on the properties of which every parent forum you click through from. Or from the first forum from View New Posts, which is the Welcome forum which is locked to regular users. Clicking from the top of one of the other forums works fine, that's effectively the same as changing the relevant bits. Just a bit of phpBB weirdness I think.
Image
User avatar
Jonathan
A Brave Victim
Posts: 3391
Joined: Thu Feb 03, 2005 12:50 am
Location: Not really lurking anymore

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by Jonathan »

It also thinks the entire thread is unread all the time. Global announcements don't work quite right.
ˌɑrməˈɡɛˌtrɑn
IZZIMAHIZZI
Posts: 5
Joined: Wed Feb 20, 2008 3:19 am
Location: California

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by IZZIMAHIZZI »

pretty sure my email got hacked because of this..
User avatar
Jonathan
A Brave Victim
Posts: 3391
Joined: Thu Feb 03, 2005 12:50 am
Location: Not really lurking anymore

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by Jonathan »

Pretty unlikely, unless your password is worthless and you used the same one.
ˌɑrməˈɡɛˌtrɑn
quicksilver115
Posts: 8
Joined: Sat Feb 20, 2010 5:14 am

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by quicksilver115 »

Actually my facebook and email were hacked recently and I had no knowledge of how, but this makes sense and it was probably this.. Oh well I already changed those passwords and no harm was done so it's all good!

edit: LMAO posted this before I looked at the dates..I'm a noob >.<
XD|VIPer
Average Program
Posts: 76
Joined: Thu Feb 09, 2012 12:53 am

Re: IMPORTANT - Security Breach 120624 - Read Me Now

Post by XD|VIPer »

I can see what happend to my old account now...
Post Reply