Hacked again!

[webrunner]

This morning someone used an exploit in the forum script i am using and deleted my Administrator account. Also this person edited the lay-out of the board to remove some links and stuff.

It is very hard for me not to point the finger for this hack-attempt at the same person that has messed with the votes, or at Triple_X, but i won't. I can't prove anything just yet but i have saved all the logs and will defenately do some more research on this.

If anybody knows about this hack, or knows who did it, please step forward (anonymous if you want) and tell me, for i am about to close down this site and all the stuff that is related to this (several websites and numerous bots).
This is not a thread, i am just sick and tired of having to repair this forum every two weeks because of some jealous nut-job.

Then again, it might just be some script kiddy who find the exploit, but i seriously doubt that because they always leave a mark somewhere, and i haven't found it.

Because of this (and some external stuff) i had to restore a backup of three days ago. This means that all votes, posts and personal messages from the last three days where destroyed. Normally i backup daily but because a malfunction in the backup server (Murphy ??) i had to get one of three days ago.
I am sorry about this inconvenience,  but i hope you realize that it wasn't me who destroyed this.

I have restored the forum, and had to redo numerous changes. The backupserver is up and running again so all is well now. Also i have researched the exploit and fixed it. This costs me 3 hours of work, above the 4 hours i spend this weekend already this is getting too time consuming for me. I'd rather be spending this time playing backgammon on Fibs

Whoever is doing this, for the sake of this community and all people using this forum

PLEASE STOP AND BUZZ OFF!!

[Tomawaky]

Incredible.
I definitly can't understand those people who waste their time to destroy the works of the others  :angry:
I am really angry against those kind of people and sad for them.

How strange this world where we live.

Try to build rather than to destroy.  You will see, it is much more pleasant.

[diane]

I dont really know what to say - it is a stupid waste of everyones time, those doing it - and webrunner who has to patch it up. I wish it would stop.:angry:

On a more serious note... we lost all the 'hunk' polls now - zak will be devastated!!  

[PortWine]

Whoever did this is probably hung like a raisan and wacks off all day long!

Do us all a favor and stick with the internet porn!  You may need glasses before long, but at least you will not be inconveniencing someone who is donating his valuable time.

I wish two weeks of uncontrolable diarrhea on whoever did this!

PW

[amarganth]

Hmm. Cannot understand the reason of such a hack.

But, WebRunner, thank you for your work, in the past, and today!

[wyzzz]

Web

Thank you for all that you do to make this forum a creative, fun, open to all and productive place.

All of that enjoy fibs ..owe u a debt of gratitude...super cheers to you.

As for destructive hacker..such activity is a sad reflection of a person(s)  in need of help.  I wish they could ask for help instead of acting out in such ways.



Once again..ty Web for you efforts.


wyzzz

[souptree]

Cheers to webrunner.

[Shades]

message from a script kiddie...      

[Ramses]

Hi Webrunner!

Just want to let you know that you do, did and have done a real great job here on fibsboard and for fibs too.
please keep on going!
i hope these sad attempts :angry: of this nasty people wonÃ,´t make you to stop this project  and that you will find this s...  soon. :evil:

thank you web!    

[Ramses]

uh i forgot something
hi diane
i dont miss these hunkpolls too much , cause i never made it into one   <_<

 

[don]

Say webrunner.

This has absolutely nothing to do with whether you run a good board, even a valuable service, to the FIBS community.  Nor is it in any way a criticism or flame.

If you run an information service and you get hacked, in my opinion you should find the hole in your security and fix it.  Pleading with the hacker to not do it again is silly, in this day and age, and you are wasting your time.  This board uses well-known software techniques, and has well-known holes and well-known security fixes.

[souptree]

Say webrunner.

webrunner.

[juggler]

This morning someone used an exploit in the forum script [...]
If anybody knows about this hack [...] please [...] tell me

Hi webrunner,

sorry to hear bout attacks. If your question was also meant technically, you may want to check out the German (I could not find an English page) security alert http://cert.uni-stuttgart.de/archive/win-s...0/msg00015.html.

I think you'll figure out what the technical issue is from the code samples given there; basically, it's that with the shown php.ini setting, fopen() accepts a URL, which can be used to execute foreign code; in worst case the server can be compromised.

Best wishes,
Peter aka the juggler

[webrunner]

Hi Juggler,
Thanks for the advice

I already found the exploit:  it was a bug in the invision board script.
It is fixed now.

Thanks again

   

[spielberg]

Great news webrunner - whoever the fool was that attacked fibsboard they should go and do something more useful - blindfolded skijumping or playing chicken with a railway train spring to mind.

Thanks for your ongoing efforts for the good of all - whilst hetrosexual and thus able to judge womens looks and not mens I can judge character and thus recognise part of what's earnt you such a delightful soon to be wife.