SPAM from SR
- Thread starter Clocker
- Start date
sechs
Storage? I am Storage!
Based on posts made by Eugene, they've either been hacked or had their user data otherwise taken without permission.
Good times, I'm sure.
Good times, I'm sure.
Ouch, that sucks. Unfortunately crap like that happens from time to time even with the paid products. The previous version of invision board also had similar holes that were exploited. I wonder if eugene was running the latest version of their forum when that happened. As of right now I cannot access their website.
Tannin
Storage? I am Storage!
Great post, Lost!
ddrueding
Fixture
seconded, I laughed for quite a while
Platform
Learning Storage Performance
I just checked SR's forum, and I see:
Red Hat Enterprise Linux Test Page
This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the Apache HTTP server installed at this site is working properly....
...sounds like a major cleanup effort underway. :errr:
udaman
Wannabe Storage Freak
- Joined
- Sep 20, 2006
- Messages
- 1,209
Use SR at your own risk?
Major clean up did not get done in time, and as I mentioned in my post to the B&G, SR (Eugene & sivar) did not do much by merely shutting down the forums for 'maintenance', without timely alerting people that there was a potential dangerous problem (should have been on the front page/home page as soon as they found out something was happening, or at least a redirect to another backup server, with a warning about the malicious comprimising of the SR database).
Well apparently Norton is not utter & complete crap, as implied in the Computer forum here. Sometimes it pays to do every last up to the minute update to OS protection/security software, and keep a backup
. According to sivar, they've cleaned out the malicious code, locked out anymore attempt exploits to get an Adm level acct., so now it's completely safe to use any browser and visit SR, yes???
See the B&G threads on SR,
and this one in the Computing forum:
.wmf virus on this forum
I'll assume VB does not have similar exploit potential? But then everytime there is an update to the forum software, don't new attacks become a possibility?
Major clean up did not get done in time, and as I mentioned in my post to the B&G, SR (Eugene & sivar) did not do much by merely shutting down the forums for 'maintenance', without timely alerting people that there was a potential dangerous problem (should have been on the front page/home page as soon as they found out something was happening, or at least a redirect to another backup server, with a warning about the malicious comprimising of the SR database).
Well apparently Norton is not utter & complete crap, as implied in the Computer forum here. Sometimes it pays to do every last up to the minute update to OS protection/security software, and keep a backup
. According to sivar, they've cleaned out the malicious code, locked out anymore attempt exploits to get an Adm level acct., so now it's completely safe to use any browser and visit SR, yes???See the B&G threads on SR,
and this one in the Computing forum:
.wmf virus on this forum
I'll assume VB does not have similar exploit potential? But then everytime there is an update to the forum software, don't new attacks become a possibility?
Every forum I've seen has had exploit potential in the past and will likely in the future. I'd be ignorant to think vbulletin is uncrackable or incapable of similar problems. I'd like to believe the developers for VB have done their homework and have actively thought about similar types of attacks and proactivly account for them. The best I can do is apply all the fixes shortly after they are made available (which I've been doing).
As for the problem on SR, I've seen a similar issue on a previous version of invisionboard that I used to host an R/C car website. There was no fix for it because they no longer supported the older version. The exploit was very much the same as the one which occured on SR.
I hope nothing like that ever happens here, but there is always a chance it may. The best I can do is to stay on top of patches, and to keep active backups on hand.
As for the problem on SR, I've seen a similar issue on a previous version of invisionboard that I used to host an R/C car website. There was no fix for it because they no longer supported the older version. The exploit was very much the same as the one which occured on SR.
I hope nothing like that ever happens here, but there is always a chance it may. The best I can do is to stay on top of patches, and to keep active backups on hand.
Will Rickards
Storage Is My Life
SQL injection is difficult to protect against and often overlooked.
It is so easy to write code that uses variables directly in a sql statement. Much more code is required to do it right than not. It is worse with a public database schema like a bulletin board. You've given them the blueprint.
It is so easy to write code that uses variables directly in a sql statement. Much more code is required to do it right than not. It is worse with a public database schema like a bulletin board. You've given them the blueprint.