|
 Ythan
ᕕ( ᐛ )ᕗ
 
Registered: 08/08/97
Posts: 18,825
Loc: NY/MA/VT Borderlands 
Last seen: 2 hours, 8 minutes
|
 The Recent Bulletin Board Exploit 
#3006109 - 08/15/04 05:23 PM (19 years, 8 months ago) |
|
|
Late last night, a surprise attack occured on the site when an unknown individual was able to gain administrative access to the bulletin board for a short period of time. Before we were able to react, he (or she) changed many forum names and descriptions, demoted all the moderators and administrators, and began a mass-deletion of private messages. The attacker almost certainly intended to delete all posts as well, but Vamp's quick reaction allowed us to save most of our data.
We had to take our server offline in the immediate aftermath of the attack to prevent further damage. During this downtime we retrieved as much data as possible from backups, repaired and rebuilt our databases, and began looking into the nature of the exploit.
Unfortunately, many private messages sent in the past week could not be recovered. For this we truly apologize. Know that we did everything possible to retrieve as much lost data as possible, and we have taken several effective steps to secure our server against similar attacks until we can track down the exact nature of the problem. The entire team is focused on doing whatever is necessary to protect the Shroomery and we appreciate your understanding during this time.
If anyone has questions about the situation, the admins will do our best to answer them but it may take a while for the full picture to emerge.
Peace,
-Y
|
Barbi
Plastic Person
Registered: 04/22/02
Posts: 12,976
Last seen: 19 years, 5 months
|
 Re: The Recent Bulletin Board Exploit [Re: ]
#3006140 - 08/15/04 05:32 PM (19 years, 8 months ago) |
|
|
I'm here and available to help as always.
interesting facts:
he has UBBthreads running on an IIS machine.
i registered.
|
CaRnAgECaNdY
Tool's groupie
Registered: 04/09/04
Posts: 11,505
Loc: Billy Howerdel's closet
Last seen: 9 months, 7 days
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3006282 - 08/15/04 06:31 PM (19 years, 8 months ago) |
|
|
You guys rock! Even thought you guys were only offline for a short time, I missed this place. I come here for several reasons. One being the information I gain from the site, another is the enjoyment from reading some of the off the wall topics. Crazy stuff! The most important though, are the people. I love the people here. Some have brought me comfort, happiness, sadness and a feeling of belonging to something special. I met my current boyfriend off his site! For me, the shroomery is not just some website I visit, it's family, a home to go to. The Shroomery is forever!
So thank you so much! This place is forever "logged" into my heart!
--------------------
The secret to being funny is to say smart things stupidly, or is it stupid things smartly? Whatever..it's not rocket surgery...or something like that.
|
 Thor
Anti-Theist OVERLORD
Registered: 08/12/98
Posts: 10,017
Loc: Iceland 
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3006300 - 08/15/04 06:36 PM (19 years, 8 months ago) |
|
|
Thank you so much Ythan and Vamp for working your asses off in the last 24hrs to get this place back up.
We don't take attacks like this lightly, we will get to the bottom of this and get our culprit.
|
eric_the_red
Registered: 02/28/03
Posts: 14,560
|
Re: The Recent Bulletin Board Exploit [Re: Thor]
#3006333 - 08/15/04 06:46 PM (19 years, 8 months ago) |
|
|
thor, you're a mod now. sorry, i couldn't help but laugh at that one.
i really hope you guys get this wanker. i lost a few valuable pms, but that's nothing in the grand scheme of things.
i googled "sardak" and this is what it shows. there are a few different "sardak" profiles on different boards. this may not help you find him, but i thought i'd throw it out there anyway. maybe there is something you can do with it.
--------------------
Anno cock? is that some kind of Greek liqueur? -Geo's All Knowing Sex Slave
Edited by eric_the_red (08/15/04 09:23 PM)
|
Ripple
Ripple
Registered: 05/16/02
Posts: 21,014
Loc: the timbers of Fennario
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3006667 - 08/15/04 08:16 PM (19 years, 8 months ago) |
|
|
Thank you Ythan and great job Vamp!
--------------------
The bus came by and I got on that's when it all began!
|
silversoul7
Chill the FuckOut!
Registered: 10/10/02
Posts: 27,301
Loc: mndfreeze's puppet army
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3006886 - 08/15/04 09:23 PM (19 years, 8 months ago) |
|
|
Ythan and Vamp save the day! Thank you so much guys! You're my heros! 
--------------------
 
"It is dangerous to be right when the government is wrong."--Voltaire
|
whiterabbit13
I'm late
Registered: 02/21/04
Posts: 1,360
Loc: Down the rabbit hole
Last seen: 18 years, 5 months
|
Re: The Recent Bulletin Board Exploit [Re: silversoul7]
#3007155 - 08/15/04 10:12 PM (19 years, 8 months ago) |
|
|
Yes thanks for the quick thinking. 
--------------------
|
Papaver
Madmin Emeritus?
Registered: 06/01/02
Posts: 26,880
Loc: Radio Free Tibet!
|
 Re: The Recent Bulletin Board Exploit [Re: ]
#3007204 - 08/15/04 10:21 PM (19 years, 8 months ago) |
|
|
Good work, Ythan and Vamp! 
I'd just like to add that we've had a couple member accounts lost, which we'll need to re-instate. So far, I know we've lost both Bo0 and Fuman(SporeSure). If anyone knows of any other member accounts which has been lost, please let us know who they are, so we can work to re-instate them. Thanks.
--------------------
|
utopianglory
Spunkmuffin
Registered: 07/20/02
Posts: 965
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3007397 - 08/15/04 11:07 PM (19 years, 8 months ago) |
|
|
I wonder if he/she deleted accounts of people that they had tangled with here. Might make it easier to track down this person.
|
Ythan
ᕕ( ᐛ )ᕗ
Registered: 08/08/97
Posts: 18,825
Loc: NY/MA/VT Borderlands
Last seen: 2 hours, 8 minutes
|
Re: The Recent Bulletin Board Exploit [Re: Papaver]
#3007867 - 08/16/04 01:16 AM (19 years, 7 months ago) |
|
|
Okay I think I should have restored almost all (if not all) deleted accounts, but their old posts will still show up as anonymous unless I can figure out some clever way to tie them back to their original poster. There were about 10,000 accounts gone so it apparently wasn't targeted towards specific users. However, he did manually ban three accounts: 'Administrator', 'matts' and 'Suntzu' (in that order). What this means is open to interpretation.
Vamp has identified the bug which we think we used to exploit the BB, and as I type this Anno is working to fix it. Hopefully things should be getting back to normal soon.
Peace,
-Y
|
40oz
Registered: 01/18/01
Posts: 30,119
Loc: Sandy Eggo. Ca.
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3007955 - 08/16/04 01:51 AM (19 years, 7 months ago) |
|
|
great job Ythan & Vampppppp! 
--------------------
 - - - -      
tiny_rabid_birds said:
"your avatar is dirty."
|
Randolph_Carter
НơĻ?ĢΉōsŧ
Registered: 06/13/00
Posts: 29,281
Loc: Shroomery B-list.
Last seen: 13 years, 10 months
|
Re: The Recent Bulletin Board Exploit [Re: 40oz]
#3007981 - 08/16/04 02:01 AM (19 years, 7 months ago) |
|
|
That's what i'm sayin.
--------------------
"..all those molecules thrashing their kinky little tails, hot for destiny and the street." Gibson
Nuke baby seals for Jesus!
(This has been a +1 production.)
|
Randolph_Carter
НơĻ?ĢΉōsŧ
Registered: 06/13/00
Posts: 29,281
Loc: Shroomery B-list.
Last seen: 13 years, 10 months
|
Re: The Recent Bulletin Board Exploit [Re: Papaver]
#3008060 - 08/16/04 02:38 AM (19 years, 7 months ago) |
|
|
Based off of the "coolest shroomery chicks" poll, impala is unregistered.
Unsure if this is intended or not.
--------------------
"..all those molecules thrashing their kinky little tails, hot for destiny and the street." Gibson
Nuke baby seals for Jesus!
(This has been a +1 production.)
|
Anonymous
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3008073 - 08/16/04 02:49 AM (19 years, 7 months ago) |
|
|
Should we, the common user, take the precaution of changing our passwords? I'm unaware if it would have been possible for them to be collected from the site during this incursion.
|
shirley knott
not my real name
Registered: 11/11/02
Posts: 9,105
Loc: London
Last seen: 7 years, 3 months
|
Re: The Recent Bulletin Board Exploit [Re: 40oz]
#3008100 - 08/16/04 03:05 AM (19 years, 7 months ago) |
|
|
Quote:
fortyounces2freedom said:
great job Ythan & Vampppppp!
 
--------------------
buh
|
Ythan
ᕕ( ᐛ )ᕗ
Registered: 08/08/97
Posts: 18,825
Loc: NY/MA/VT Borderlands
Last seen: 2 hours, 8 minutes
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3008138 - 08/16/04 04:02 AM (19 years, 7 months ago) |
|
|
Fortunately, you can't find out someone's password through the admin interface. You can change it to something else, but if you're able to log in then your password wasn't changed and you should be safe. Still, this should serve as a reminder that there are people out there who will take any opportunity to fuck with us so if you have an insecure password, now would be a good time to change it to something more complex.
Thanks!
-Y
|
Barbi
Plastic Person
Registered: 04/22/02
Posts: 12,976
Last seen: 19 years, 5 months
|
Re: The Recent Bulletin Board Exploit [Re: ]
#3008160 - 08/16/04 04:25 AM (19 years, 7 months ago) |
|
|
I still think you guys should force a madatory password change on all users on next login.
He was able to inject directly into tables, no reason why he couldnt dump from there either.. raw sql is raw sql.
|
Ythan
ᕕ( ᐛ )ᕗ
Registered: 08/08/97
Posts: 18,825
Loc: NY/MA/VT Borderlands
Last seen: 2 hours, 8 minutes
|
Re: The Recent Bulletin Board Exploit [Re: Barbi]
#3008213 - 08/16/04 05:14 AM (19 years, 7 months ago) |
|
|
That's true, but only the password's MD5 hash is stored in the DB which would make it a lot harder to determine what the original password was.
However, if the attacker did get a copy of the users table, Anno uncovered an exploit which might let him gain access to accounts without needing their password. Since changing your password will make you immune to this exploit, I'm reversing my advice. I may make it mandatory after addressing some of the more pressing issues.
|
Zero7a1
Leaving YourWasteland
Registered: 10/23/02
Posts: 3,594
Loc: Passing Cloud
|
Re: The Recent Bulletin Board Exploit [Re: Thor]
#3008319 - 08/16/04 07:43 AM (19 years, 7 months ago) |
|
|
I was starting to wonder... I couldnt log in at all yesterday, and when i just got back today, some of my recent pms had been deleted.
Hope all goes well.
--------------------
What?
|
|
Threaded
Previous
Index
Next
Buy Bali Kratom Powder, Maeng Da Thai Kratom Leaf Powder 
Unfolding Nature: Being in the Implicate Order
Edit 
Reply 
3DSHROOM
mjshroomer
1 2 3 all )
Ythan
Roadkill