* 
Welcome Guest. Please login or register.
Did you miss your activation email?


*
gfxgfx Home Forum Help Search Login Register   gfxgfx
gfx gfx
gfx
Pages: [1] 2
Print
Author Topic: Hacked Page Issues  (Read 11537 times)
0 Members and 1 Guest are viewing this topic.
Nsikigan Ho´Tonanese Yourth
Aspiring Member
**

Gained Aura: 19
Offline Offline

Gender: Male
Posts: 1.798



View Profile
« on: 08 March 2007, 12:02:28 »

The war in Iraq has several indirect effects to public data networks. These effects are not caused by the possible network warfare campaigns launched by US or Iraq armies, but by independent hackers who want to get their own message across.

These hackers can be divided to three groups:

US-based patriotic hackers, who want to join the war against Iraq but have no others means to do it except by attacking the virtual enemy through networks. This might mean launching a distributed denial-of-service attack against the e-mail server of Iraqi embassy or web sites of Iraqi companies.
 
Islamic extremist groups from around to world who are trying to fight back to the perceived enemy by launching attacks against US sites and especially .mil websites.
 
Peace activists who are not for USA or for Iraq but just against the war. For example, we've seen several computer viruses released which carry an anti-war message or are trying to use the situation otherwise for their own advantage.


  Viruses related to Iraq

Lioten, found December 17th, 2002
Lioten, also known as Iraq_Oil, is a Windows network worm spreading through shared folders. The worm spreads using a file called iraq_oil.exe. For more information see the virus description.
 
Prune, found March 12th, 2003
The Prune virus uses a war-related subject and attachment name to trick users to execute a file. This may be a very effective strategy, according to reports from US. Relatives to soldiers serving in the war are very keen to get any kind of information about the crisis. For more information see the virus description.
 
Ganda, found March 17th, 2003
Ganda is an e-mail worm that uses a strategy similar to Prune. It replicates using mail messages with varying subjects and contents. Several of the alternative messages are directly related to the war. Ganda seems to be a protest against the Swedish school system rather than an anti-war protest. It just uses the public interest in the war to boost replication. For more information see the virus description.
 
Vote.D, original Vote found September 24th, 2001
The first version of the Vote virus was released after the WTC terrorist strike September 11th 2001. It used the media hype to trick users into executing an e-mail attachment. A new version, Vote.D, was released during the Iraq war. The message used by the new version still refers to WTC and to the war. But the subjects are somewhat related and the new version may have been made as a war-related protest. For more information see the virus description.
« Last Edit: 09 March 2007, 23:21:04 by Artimidor Federkiel » Logged

Nsikigan Yourth, Eyelian extraordinare.

Some men aren't looking for anything logical like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn. - The Dark Knight

Wisdom begins in wonder. ~ Socrates

A government in which the majority rule in all cases cannot be based on justice, even as far as men understand it- HD Thoreau
Artemis
Santh. Member
***

Gained Aura: 2
Offline Offline

Gender: Female
Posts: 883



View Profile
« Reply #1 on: 08 March 2007, 12:09:23 »

Yeah, there is definitely something within that hack because my antivirus alerted me to it... I'm running a scan now, hopefully it hasn't caused a problem and my AVG has dealt with it!

I've changed my homepage off www.santharia.com for now, until this can be sorted. Another problem for Art :(. It never ends, does it?!

:D :D :D
Logged
Artimidor Federkiel
Administrator
****

Gained Aura: 538
Offline Offline

Gender: Male
Posts: 23.091



View Profile Homepage
« Reply #2 on: 08 March 2007, 15:58:05 »

As a first measure the front page has been just replaced with the normal Santharia entry page again. A PHP file I couldn't identify but was added obviously with the new hacker page was also just eliminated. The page should open now as normal - if you see an old page you should refresh with CTRL+F5 or clear your browser cache. Need to investigate more and contact support what else needs to be done.
Logged



"Between the mind that plans and the hands that build there must be a mediator, and this must be the heart." -- Maria (Metropolis)
Artimidor Federkiel
Administrator
****

Gained Aura: 538
Offline Offline

Gender: Male
Posts: 23.091



View Profile Homepage
« Reply #3 on: 08 March 2007, 16:09:45 »

This virus, Nsiki, I assume has practically nothing to do with the Iraq war BTW (and the info you gave is completely outdated as well). I would also strongly recommend not to condemn a "damn Iraqi hacker" as hackers use all kind of nonsensical stuff to keep the page displayed so that malicious code can be executed while the viewer of the page still looks at the page (hence the slow display of the lines). I wouldn't associate 99% of all hackers with a nationality or a general purpose aside from doing damage to everything they can lay their hands on.
« Last Edit: 09 March 2007, 01:51:51 by Artimidor Federkiel » Logged



"Between the mind that plans and the hands that build there must be a mediator, and this must be the heart." -- Maria (Metropolis)
Scael Pelegrene
Newbie
*

Gained Aura: 0
Offline Offline

Gender: Male
Posts: 13



View Profile
« Reply #4 on: 09 March 2007, 04:03:01 »

The source code on the hacker page indicated it wanted to make several files, systeme.dll etc and shove a longish hex code into each.  Definitely run your various scans to make sure your systems are safe.


Not that this is foolproof...my antivirus told me my new comp had an adware insert in my HP\Compaq recovery files...before I'd even gotten online....love false positives....

Just as a secondary query, Mina had mentioned that some guests had managed to post on the rpg board. Which is supposed to be somewhat difficult. Sounds like someone is snooping and feelign around.

Has anyone tested this board against the various PHP/MySQL db attacks?
« Last Edit: 09 March 2007, 04:11:39 by Scael Pelegrene » Logged

“I hold a beast, an angel and a madman in me, and my enquiry is as to their working, and my problem is their subjugation and victory, downthrow and upheaval, and my effort is their self-expression.” - Dylan Thomas
Artimidor Federkiel
Administrator
****

Gained Aura: 538
Offline Offline

Gender: Male
Posts: 23.091



View Profile Homepage
« Reply #5 on: 09 March 2007, 04:29:38 »

Can't say that opening the site did anything on my computer at the company - at any rate it is advisable if you have opened that front page to run a virus scan, yup. Tried to find details on what kind of stuff this script tries to perform in detail by searching around on the net if the hacker's mentioned "identity" point to something or whether that file that php file which was in the root folder was known, but no such luck.

Guests managed to post on the RPG board? Don't know if guests are forbidden to post there - I would have thought that this refers only to the shoutbox. SMF should actually be quite safe methinks, security leaks are always on the top list of the guys who programmed it. The high amount of visitors for example we have often BTW are in fact search engine bots, they are confirmed as pointing to Google IPs and such. But I can look around at the SMF support boards and see if there are known issues.

A possibility would be that a security whole was opened yesterday or some days ago when I uploaded changed template files to make forum adjustments, though I would have guessed that the read/write permissions of the folders determine if someone can access/change a single file, even if it is substituted.

At any rate, our host's support is on it to find out more what caused the troubles.
« Last Edit: 09 March 2007, 04:31:51 by Artimidor Federkiel » Logged



"Between the mind that plans and the hands that build there must be a mediator, and this must be the heart." -- Maria (Metropolis)
Scael Pelegrene
Newbie
*

Gained Aura: 0
Offline Offline

Gender: Male
Posts: 13



View Profile
« Reply #6 on: 09 March 2007, 04:37:05 »

Sounds like you're all over it.  I'll rest assured things are approaching peachy.

Scael
Logged

“I hold a beast, an angel and a madman in me, and my enquiry is as to their working, and my problem is their subjugation and victory, downthrow and upheaval, and my effort is their self-expression.” - Dylan Thomas
Artemis
Santh. Member
***

Gained Aura: 2
Offline Offline

Gender: Female
Posts: 883



View Profile
« Reply #7 on: 09 March 2007, 06:37:47 »

I had an ABS/Dropper virus thingy according to my antivirus... so there definitely was nasty stuff on the hacked frontpage, I suggest anyone who saw it yesterday run an adware/spybot/anitvirus check etc. You might not even realise you have something.

:D :D :D
Logged
Nsikigan Ho´Tonanese Yourth
Aspiring Member
**

Gained Aura: 19
Offline Offline

Gender: Male
Posts: 1.798



View Profile
« Reply #8 on: 09 March 2007, 08:00:17 »

Sorry if i came across as racist.... it just appeared our hacker was iraqi because of a few statments identifying the country specificly and some type in Arabic. My apologies. I really dont group hackers under any nationality, except the nation of Jerk.
« Last Edit: 09 March 2007, 08:09:06 by Nsikigan Yourth » Logged

Nsikigan Yourth, Eyelian extraordinare.

Some men aren't looking for anything logical like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn. - The Dark Knight

Wisdom begins in wonder. ~ Socrates

A government in which the majority rule in all cases cannot be based on justice, even as far as men understand it- HD Thoreau
Scael Pelegrene
Newbie
*

Gained Aura: 0
Offline Offline

Gender: Male
Posts: 13



View Profile
« Reply #9 on: 09 March 2007, 08:33:08 »

Who does the Jerk nation have as their Ambassador?


ahem
Logged

“I hold a beast, an angel and a madman in me, and my enquiry is as to their working, and my problem is their subjugation and victory, downthrow and upheaval, and my effort is their self-expression.” - Dylan Thomas
Nsikigan Ho´Tonanese Yourth
Aspiring Member
**

Gained Aura: 19
Offline Offline

Gender: Male
Posts: 1.798



View Profile
« Reply #10 on: 09 March 2007, 11:05:32 »

The nation of Jerk is officialy represented to the world at large by many "average" people, who excel in such areas as reckless swearing, public intoxications, and grating accents that are quite obviously fake, but used to grant an exotic air.
Logged

Nsikigan Yourth, Eyelian extraordinare.

Some men aren't looking for anything logical like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn. - The Dark Knight

Wisdom begins in wonder. ~ Socrates

A government in which the majority rule in all cases cannot be based on justice, even as far as men understand it- HD Thoreau
Scael Pelegrene
Newbie
*

Gained Aura: 0
Offline Offline

Gender: Male
Posts: 13



View Profile
« Reply #11 on: 09 March 2007, 11:14:44 »

I follow the first two, but you lost me on the accents....I've not encountered that particular aspect of jerkdom much.


Logged

“I hold a beast, an angel and a madman in me, and my enquiry is as to their working, and my problem is their subjugation and victory, downthrow and upheaval, and my effort is their self-expression.” - Dylan Thomas
Nsikigan Ho´Tonanese Yourth
Aspiring Member
**

Gained Aura: 19
Offline Offline

Gender: Male
Posts: 1.798



View Profile
« Reply #12 on: 09 March 2007, 12:23:21 »

It's out there... not common, but it's out there. Fake french accents really #$^%$^%$ my #$%$#
Logged

Nsikigan Yourth, Eyelian extraordinare.

Some men aren't looking for anything logical like money. They can't be bought, bullied, reasoned or negotiated with. Some men just want to watch the world burn. - The Dark Knight

Wisdom begins in wonder. ~ Socrates

A government in which the majority rule in all cases cannot be based on justice, even as far as men understand it- HD Thoreau
Mina
Santh. Member
***

Gained Aura: 63
Offline Offline

Posts: 2.833



View Profile
« Reply #13 on: 09 March 2007, 13:27:01 »

@Arti: I turned off guest posting quite some time ago as IIRC the RPG has never allowed guest posting, even when we were at ezboard.  I checked again after the guest post was made, and as far as I could tell it was still off.  Quite weird. 
Logged

Artimidor Federkiel
Administrator
****

Gained Aura: 538
Offline Offline

Gender: Male
Posts: 23.091



View Profile Homepage
« Reply #14 on: 09 March 2007, 16:03:10 »

The site has been hacked again today - right now here at the office I don't have a proper frontpage to replace it with, so I've put in another one that was sitting around somewhere. This time they seem to simply have replaced the page, no PHP code there.

It seems there is definitely a security hole, which automatic hacking scanners can discover. I can only assume that it is TinyPortal, which is a SMF Mod. Will see if we can update that this afternoon.
« Last Edit: 09 March 2007, 16:04:59 by Artimidor Federkiel » Logged



"Between the mind that plans and the hands that build there must be a mediator, and this must be the heart." -- Maria (Metropolis)
Pages: [1] 2
Print
Jump to:  

Recent
[27 March 2019, 00:01:57]

[21 June 2018, 14:28:00]

[31 May 2017, 06:35:55]

[06 May 2017, 05:27:04]

[03 April 2017, 01:15:03]

[26 March 2017, 12:48:25]

[15 March 2017, 02:23:07]

[15 March 2017, 02:20:28]

[15 March 2017, 02:17:52]

[14 March 2017, 20:23:43]

[06 February 2017, 04:53:35]

[31 January 2017, 08:45:52]

[15 December 2016, 15:50:49]

[26 November 2016, 23:16:38]

[27 October 2016, 07:42:01]

[27 September 2016, 18:51:05]

[11 September 2016, 23:17:33]

[11 September 2016, 23:15:27]

[11 September 2016, 22:58:56]

[03 September 2016, 22:22:23]
Members
Total Members: 1019
Latest: lolanixon
Stats
Total Posts: 144586
Total Topics: 11052
Online Today: 47
Online Ever: 700
(23 January 2020, 20:05:39)
Users Online
Users: 0
Guests: 35
Total: 35

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2005, Simple Machines
TinyPortal v0.9.8 © Bloc
Valid XHTML 1.0! Valid CSS!
Theme based on Cerberus with Risen adjustments by Bloc and Krelia
Modified By Artimidor for The Santharian Dream
gfx
gfxgfx gfxgfx