Forum Hacked

Discussion in 'Detroit Lions Blitz' started by IrishBear, May 12, 2012.

  1. IrishBear Formally ChewieBacca

    Is it just me...

    or did this Forum get Hacked..anytime I hit the LionsRedZone.com forum link, it takes me to a page..well heres a screenshot..

    [IMG]
  2. Blaming Barry Well-Known Member

    I never go through that link but it appears there is something going on there...
  3. IrishBear Formally ChewieBacca

    So you are indeed getting the same thing I am? AT first, I thought a Trojan somehow bypassed my firewall, and security suite, but..looks like the forums got hacked..though I must admit, they did a terrible job..
  4. millenbacker !! JUST BREW IT !!

    did it start scrolling through a bunch of lines at the bottom when you went to that page? could be trying to load a virus onto peoples computers who go there.
    started scrolling on me and I closed the browser.

    MB
  5. badnews3123 Well-Known Member

    I saw it yesterday, just once, came back a minute later and it was gone.
  6. IrishBear Formally ChewieBacca

    Still thar for me...

    Hmmm
  7. imdaryl Member

    I never got anything, it was like the LRZ was down.
  8. TheDane Well-Known Member

    I played a game of Space Invaders? earlier and it came up when I finished, its in the system here.
  9. IrishBear Formally ChewieBacca

    Its not a virus, the forums been hackered. Looks like one of the admins/mods didn't click the log out button on the way out.
  10. Jokeray Snarky as I wanna be

    i've been getting this too.
  11. LAW Veritatis

    The board was indeed hacked. Tech and Felix are working on it along w/ Rusty.
  12. bigdogchris One-trick pony pwner.

    /index.php is still hacked.
  13. Rusty Hilger VP, Wrist Cutter's Club

    Tech and I have been emailing about this and there really isn't any reason we shouldn't get the home page restored shortly. We might wind up losing some of the most recent posts, but that's a worst-case scenario that I don't think is even necessary.

    I checked out the offending page by the way, and I can't find anything harmful in it. It's just some annoying graphics and music, with some javascript animation - so no need for alarm.

    Whomever initiated the attack doesn't appear to have been out to do any real damage other than to display a menacing page with bad music, and to annoy people. :laughing7: Bear with us guys!
  14. bigdogchris One-trick pony pwner.

    Have you been able to figure out what they exploited to change the index? Also, was the entire ISP compromised or only our site. What about usernames and passwords?

    Thanks.
  15. Rusty Hilger VP, Wrist Cutter's Club

    The hosting is being managed by a third-party, and my access has been really limited up to this point. It did make it's way to their other sites, but just the ones under the one account, apparently.

    Who knows what the other clients on the account are running, and how outdated it is. If it were my call, I'd move the site to it's own account, but I don't know if that's going to be my call. I just volunteered my counsel. If you have any input, I'll relay it.
  16. IrishBear Formally ChewieBacca

    Input: Tell admins to log out before leaving the site, as annoying as it is. There used to be a trick on picking up the cookies if a admin left without logging, thus allowing anyone with 1/10th of a brain to "hack" the forum.
  17. Rusty Hilger VP, Wrist Cutter's Club

    That's probably a good idea, Irish. I don't know how that would allow them access to the index.php file, though. I would guess this is probably someone hacking in the account's ftp, or maybe another site running on the account is using a plugin on an outdated wordpress or joomla site that hasn't been updated in 7 years.
  18. TheDane Well-Known Member

    I thought SnowDog was never coming back. Just when ya think you got it figured out.......
  19. IrishBear Formally ChewieBacca

    Well back then you could gather alot of information from "Jacking cookies", very similar today to how when people are on public wifi, I can turn on my phone and have access to all of there facebook accounts, if I so pleased.

    They can essentially get admin access via taking the cookie with the login info, and replacing it with their own. Well thats how you used to do it, may of not have happened here but its always a good thing to log out incase of any security loop holes.
  20. LAW Veritatis

    Good work guys.
  21. Murtyle American Destroyer

    I blame the Fed... Damn central banking system at it again! Vic was right!
  22. TechLion Super Genius

    Is the link from the homepage to the message board working for you guys. I'm have a problem with the link at work.

    Rusty will be donating his time to upgrade the site and the latest upgrade should prevent this from happening again. The key is that we need to upgrade the site as soon as Vbulletin comes out with new upgrades. I'll cover the cost of the upgrades for now.
  23. Murtyle American Destroyer

    I got here through that link on my phone Tech...
  24. Felix True Fan

    Which link is that? I click on the banner and it seems to be working for me.


    And thanks Hilger and Lion...good job getting us back up and going...I knew we hired you guys for a reason
  25. Rusty Hilger VP, Wrist Cutter's Club

    To get at the index.php file, you'd need the login and password to the hosting. If the admin's credentials for vbulletin were the same as for the hosting, you'd have a serious loophole on your hands. :laughing7:

    If we keep Vbulletin up to date, and the administrators and site managers follow good practice and just make different login/passwords for everything ... and each password is just something really messed up and random, admin's logging out each time they leave like IrishBear suggests, a site like this one should never be a serious target. The payoff just wouldn't be worth the time or effort.

    Moving this site to it's own account would also be a step in the right direction, and shouldn't cost more than 5 or 10 bucks/month. My guess is that the Redzone isn't where our little hacker gained entrance in the first place, but that's just a theory.

Share This Page