Quick Links: Download Gideros Studio | Gideros Documentation | Gideros Development Center | Gideros community chat
We've been hacked — Gideros Forum

We've been hacked

hgy29hgy29 Maintainer
So,
unfortunately yes, our forum has been hacked a few hours ago, with a few forum files deleted and the database emptied, by someone asking for a few BTC to restore it.

I managed to get it up again, and made updates to it, but we lost two months worth of data, and maybe some links/posted content won't be there. I know, I should have done more regular backups. I will now, lesson learned.

In addition to the data loss, asking for a ransom to restore the data means that the hacker actually stole it (possibly), so change your passwords ASAP, to be sure.

Last thing, I made the updates in a hurry, and I notice some things look weird. I will try to fix them.

Comments

  • hgy29hgy29 Maintainer
    Hacked again two hours later, but this time I had recovery procedure ready.
    I found the entry point: a remote shell had been uploaded a long time ago through the forum upload functionnality or similar. And that remote shell happened to be in the backup I had. And removed it, did some checks, but I am not yet sure it can't be uploaded again through some plugin.

    Likes: MoKaLux, keszegh

    +1 -1 (+2 / -0 )Share on Facebook
  • MoKaLuxMoKaLux Member
    so far, so good :)
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • MoKaLuxMoKaLux Member
    edited March 14
    RSS is now working, thank you hackers hgy29 :)
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • hgy29hgy29 Maintainer
    MoKaLux said:

    RSS is now working, thank you hackers hgy29 :)

    Side effect of the update ? :)

    Likes: MoKaLux

    +1 -1 (+1 / -0 )Share on Facebook
  • MoKaLuxMoKaLux Member
    edited March 14
    they were white hat hackers :)
    can we assume we are saved?!

    edit: the change picture option seems to be broken but not important imho.
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • hgy29hgy29 Maintainer
    MoKaLux said:

    edit: the change picture option seems to be broken but not important imho.

    Fixed
    +1 -1 (+2 / -0 )Share on Facebook
  • MoKaLuxMoKaLux Member
    edited March 16
    the forum search function doesn't work when you enter a word an click search :'(

    it works though when you first click the search button :)
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • olegoleg Member
    I advised to preserve this forum for history, and create a new forum on another more modern CMS which has no security issues ..
    my games:
    https://play.google.com/store/apps/developer?id=razorback456
    мій блог по гідерос https://simartinfo.blogspot.com
    Слава Україні!
  • hgy29hgy29 Maintainer
    oleg said:

    I advised to preserve this forum for history, and create a new forum on another more modern CMS which has no security issues ..

    They all have no security issues, until one is found. Actually our biggest trouble is finding resources to maintain every aspect of Gideros. All of this takes time to do properly, and I've only been doing basic maintenance (yet time consuming) over last years. The same goes for the website actually, we've been talking about moving to something more modern for years, and I tried several modern CMS to do so but didn't find an obvious candidate. So far, only wordpress checks most of our requirements, but I couldn't call it secure although it is actively maintained and widely used.
    +1 -1 (+2 / -0 )Share on Facebook
  • olegoleg Member
    edited March 16
    @hgy29 PHPBB forum is very flexible. Look at him https://www.phpbb.com/about/features/
    It has a huge plugin system that allows you to customize the forum for any needs
    my games:
    https://play.google.com/store/apps/developer?id=razorback456
    мій блог по гідерос https://simartinfo.blogspot.com
    Слава Україні!
  • MoKaLuxMoKaLux Member
    edited March 16
    Actually our biggest trouble is finding resources to maintain every aspect of Gideros. All of this takes time to do properly, and I've only been doing basic maintenance (yet time consuming) over last years. The same goes for the website actually, we've been talking about moving to something more modern for years, and I tried several modern CMS to do so but didn't find an obvious candidate.
    I agree the forum looks outdated but it is functional :) . If it is not broken then we can keep it imho.
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • olegoleg Member
    MoKaLux said:


    I agree the forum looks outdated but it is functional :) . If it is not broken then we can keep it imho.

    More modern systems are easier to maintain, and they have a great admin panel, they have a large community and they quickly find security bugs.

    Likes: MoKaLux

    my games:
    https://play.google.com/store/apps/developer?id=razorback456
    мій блог по гідерос https://simartinfo.blogspot.com
    Слава Україні!
    +1 -1 (+1 / -0 )Share on Facebook
  • PaulHPaulH Member
    I've used PHPBB on one of my websites for years. The popularity is a double-edged sword. It means that it gets good support, but it also means that hackers and spammers know it well. When I first set one up it wasn't long before bots were successfully registering and posting spam.

    To stop this I edited the sign in page code to prompt for the user name to be entered twice and the password once. The idea was to change the process in some minor way that humans could handle, but different enough from the standard PHPBB that those bots would fail. That seemed to work and the bot posts stopped. Later I updated PHPBB and bot posts resumed, so I added my tweak again. But being too lazy to add this tweak to every update of PHPBB, I've just refrained from updating PHPBB on that system since then.

    My hunch is that the current version has probably also solved the issue that I originally had that allowed bots to register and post (and many similar exploits), and a tweak like mine is probably unnecessary.

    All that said, PHPBB is pretty simple to set up and configure.

    Likes: MoKaLux

    +1 -1 (+1 / -0 )Share on Facebook
  • One thing I can't understand is what profit they make from this and why they should do it??
  • PaulHPaulH Member
    I assume most of these bots are the tools of shady internet marketers who charge a fee just to get lots of mentions of a product or posts containing a link out there. If they can spam their posts on enough boards they'll rack up a significant number of views and clicks. I assume it's both far less effective than more mainstream marketing (CPC and CPM stuff) but probably also a lot cheaper. Unfortunately there are probably plenty of people out there who will pay a few bucks to have a service just spam every board they can about their product or service. I'd bet some board spamming by bots is done just to lead people to malware, too.

    I still see some spam posts on PHPBB now and then, but I think they're from actual human board spammers rather than bots. The bots used to do much more of it before the sign-in tweak. Now spammers usually just register and reply to one of the most recent comments, saying something like "You've got a good point, but you should also consider this" with a link to something unrelated. The mods ban them, but they seem to just post once and never come back anyway.
    +1 -1 (+2 / -0 )Share on Facebook
  • olegoleg Member
    PaulH said:

    I've used PHPBB on one of my websites for years. The popularity is a double-edged sword. It means that it gets good support, but it also means that hackers and spammers know it well. When I first set one up it wasn't long before bots were successfully registering and posting spam.

    To stop this I edited the sign in page code to prompt for the user name to be entered twice and the password once. The idea was to change the process in some minor way that humans could handle, but different enough from the standard PHPBB that those bots would fail. That seemed to work and the bot posts stopped. Later I updated PHPBB and bot posts resumed, so I added my tweak again. But being too lazy to add this tweak to every update of PHPBB, I've just refrained from updating PHPBB on that system since then.

    My hunch is that the current version has probably also solved the issue that I originally had that allowed bots to register and post (and many similar exploits), and a tweak like mine is probably unnecessary.

    All that said, PHPBB is pretty simple to set up and configure.

    Just set the authorization on the site using Google or Facebook - and no spam problems ..

    Likes: SinisterSoft

    my games:
    https://play.google.com/store/apps/developer?id=razorback456
    мій блог по гідерос https://simartinfo.blogspot.com
    Слава Україні!
    +1 -1 (+1 / -0 )Share on Facebook
  • MoKaLuxMoKaLux Member
    edited March 22
    for those still using https://forum.giderosmobile.com/

    you should switch to https://forum.gideros.rocks
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • MoKaLuxMoKaLux Member
    edited March 22
    for those who forum search function doesn't work, you have to go inside any thread and then the search option should work :)
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • Unknown Member
    The mods ban them, but they seem to just post once and never come back anyway.
  • MoKaLuxMoKaLux Member
    edited April 2
    BennieNaddeo bot :)
    my growING GIDEROS github repositories: https://github.com/mokalux?tab=repositories
  • talistalis Guru
    BennieNaddeo is a cylon pretending to be a human :disappointed:
Sign In or Register to comment.