We've been hacked

hgy29 · March 2021

So,
unfortunately yes, our forum has been hacked a few hours ago, with a few forum files deleted and the database emptied, by someone asking for a few BTC to restore it.

I managed to get it up again, and made updates to it, but we lost two months worth of data, and maybe some links/posted content won't be there. I know, I should have done more regular backups. I will now, lesson learned.

In addition to the data loss, asking for a ransom to restore the data means that the hacker actually stole it (possibly), so change your passwords ASAP, to be sure.

Last thing, I made the updates in a hurry, and I notice some things look weird. I will try to fix them.

hgy29 · March 2021

Hacked again two hours later, but this time I had recovery procedure ready.
I found the entry point: a remote shell had been uploaded a long time ago through the forum upload functionnality or similar. And that remote shell happened to be in the backup I had. And removed it, did some checks, but I am not yet sure it can't be uploaded again through some plugin.

MoKaLux · March 2021

so far, so good

MoKaLux · March 2021

RSS is now working, thank you ~~hackers~~ hgy29

hgy29 · March 2021

MoKaLux said:
RSS is now working, thank you ~~hackers~~ hgy29

Side effect of the update ?

MoKaLux · March 2021

they were white hat hackers

can we assume we are saved?!

edit: the change picture option seems to be broken but not important imho.

hgy29 · March 2021

MoKaLux said:
edit: the change picture option seems to be broken but not important imho.

Fixed

MoKaLux · March 2021

the forum search function doesn't work when you enter a word an click search

it works though when you first click the search button

oleg · March 2021

I advised to preserve this forum for history, and create a new forum on another more modern CMS which has no security issues ..

hgy29 · March 2021

oleg said:
I advised to preserve this forum for history, and create a new forum on another more modern CMS which has no security issues ..

They all have no security issues, until one is found. Actually our biggest trouble is finding resources to maintain every aspect of Gideros. All of this takes time to do properly, and I've only been doing basic maintenance (yet time consuming) over last years. The same goes for the website actually, we've been talking about moving to something more modern for years, and I tried several modern CMS to do so but didn't find an obvious candidate. So far, only wordpress checks most of our requirements, but I couldn't call it secure although it is actively maintained and widely used.

oleg · March 2021

@hgy29 PHPBB forum is very flexible. Look at him https://www.phpbb.com/about/features/
It has a huge plugin system that allows you to customize the forum for any needs

MoKaLux · March 2021

Actually our biggest trouble is finding resources to maintain every aspect of Gideros. All of this takes time to do properly, and I've only been doing basic maintenance (yet time consuming) over last years. The same goes for the website actually, we've been talking about moving to something more modern for years, and I tried several modern CMS to do so but didn't find an obvious candidate.

I agree the forum looks outdated but it is functional

. If it is not broken then we can keep it imho.

oleg · March 2021

MoKaLux said:

I agree the forum looks outdated but it is functional . If it is not broken then we can keep it imho.

More modern systems are easier to maintain, and they have a great admin panel, they have a large community and they quickly find security bugs.

PaulH · March 2021

I've used PHPBB on one of my websites for years. The popularity is a double-edged sword. It means that it gets good support, but it also means that hackers and spammers know it well. When I first set one up it wasn't long before bots were successfully registering and posting spam.

To stop this I edited the sign in page code to prompt for the user name to be entered twice and the password once. The idea was to change the process in some minor way that humans could handle, but different enough from the standard PHPBB that those bots would fail. That seemed to work and the bot posts stopped. Later I updated PHPBB and bot posts resumed, so I added my tweak again. But being too lazy to add this tweak to every update of PHPBB, I've just refrained from updating PHPBB on that system since then.

My hunch is that the current version has probably also solved the issue that I originally had that allowed bots to register and post (and many similar exploits), and a tweak like mine is probably unnecessary.

All that said, PHPBB is pretty simple to set up and configure.

NicolaOgden · March 2021

One thing I can't understand is what profit they make from this and why they should do it??

PaulH · March 2021

I assume most of these bots are the tools of shady internet marketers who charge a fee just to get lots of mentions of a product or posts containing a link out there. If they can spam their posts on enough boards they'll rack up a significant number of views and clicks. I assume it's both far less effective than more mainstream marketing (CPC and CPM stuff) but probably also a lot cheaper. Unfortunately there are probably plenty of people out there who will pay a few bucks to have a service just spam every board they can about their product or service. I'd bet some board spamming by bots is done just to lead people to malware, too.

I still see some spam posts on PHPBB now and then, but I think they're from actual human board spammers rather than bots. The bots used to do much more of it before the sign-in tweak. Now spammers usually just register and reply to one of the most recent comments, saying something like "You've got a good point, but you should also consider this" with a link to something unrelated. The mods ban them, but they seem to just post once and never come back anyway.

oleg · March 2021

PaulH said:
I've used PHPBB on one of my websites for years. The popularity is a double-edged sword. It means that it gets good support, but it also means that hackers and spammers know it well. When I first set one up it wasn't long before bots were successfully registering and posting spam.

To stop this I edited the sign in page code to prompt for the user name to be entered twice and the password once. The idea was to change the process in some minor way that humans could handle, but different enough from the standard PHPBB that those bots would fail. That seemed to work and the bot posts stopped. Later I updated PHPBB and bot posts resumed, so I added my tweak again. But being too lazy to add this tweak to every update of PHPBB, I've just refrained from updating PHPBB on that system since then.

My hunch is that the current version has probably also solved the issue that I originally had that allowed bots to register and post (and many similar exploits), and a tweak like mine is probably unnecessary.

All that said, PHPBB is pretty simple to set up and configure.

Just set the authorization on the site using Google or Facebook - and no spam problems ..

MoKaLux · March 2021

for those still using https://forum.giderosmobile.com/

you should switch to https://forum.gideros.rocks

MoKaLux · March 2021

for those who forum search function doesn't work, you have to go inside any thread and then the search option should work

Unknown · April 2021

The mods ban them, but they seem to just post once and never come back anyway.

MoKaLux · April 2021

BennieNaddeo bot

talis · April 2021

BennieNaddeo is a cylon pretending to be a human

Howdy, Stranger!

Categories

In this Discussion

Top Posters

We've been hacked

Comments

Howdy, Stranger!

Quick Links

Categories

In this Discussion

Top Posters

We've been hacked

Comments