Administrators, help! 😡
Edit: Well, this will take a while. It seems all admin accounts were deleted again.
Hackers need to die and burn in hell. :/
Some were, then, maybe? I don’t see PM links for Jessie and Marceline.
Ah, I see.
Well, thanks for getting rid of the damage. 🙂
And, simultaneously disturbed by the apparent ease with which we are hacked so frequently. Has FFshrine pissed somebody off to the extent that they have full-time hackers hacking away trying to bring it down… or is it simply the case that FFShrine is so insecure that any mindless script kiddie with a few minutes spare time can bring the forum to its knees – repeatedly – whenever he feels like it? I’m not sure which option is more disturbing…
once there’s a leak, you have two options. 1) try to clean what’s there or 2) wipe the data to make sure there’s nothing they left still lingering around.
I do not want to wipe the data, and no one else wants that either. so we’re left trying to clean up the mess. once they get in once, they leave backdoors. its a complicated process. if they leave 30 backdoors and i find 29? it can happen all over again. there’s no way to know or not whether all of them are found, so the only way to tell if we’re secure is to remove what i can and then wait.
if there’s anyone particularly educated in security issues i’m more than willing to take advice, but i don’t think anyone like that is an ffs regular
i understand it’s frustrating to users but i promise you it’s infinitely more frustrating to me; every time this happens i spend countless hours trying to clean up the mess with no way of knowing whether or not it’s enough. then on top of that i get to deal with people implying i’m incompetent. woo !
That might help, in my opinion. The latest release is 4.1.12, and not too long ago, a security patch for vBulletin 4.1.4 through 4.1.11 was released.
Yeah?
Well, it probably costs money…which this site ALREADY costs lots (last I read) to host so adding more money to that pot probably ain’t a good idea to toss to the owner.
Well, it probably costs money…which this site ALREADY costs lots (last I read) to host so adding more money to that pot probably ain’t a good idea to toss to the owner.
I’m pretty sure it doesn’t cost anything to upgrade.
Is that a no to an upgrade or just a letting us know thing?
Either way, though, thanks.
So should we assume the forums will be off-line for a bit? No big, but it is nice knowing ahead of time. We panic so…:)
I am a server administrator and IT consultant IRL – though security is not my specialist field, I have a reasonable working knowledge. I am an administrator at another forum which was hacked last October. We were asking for trouble as we were running an old, unpatched version of vBulletin – so the hackers arrived and helped themselves. Just as you have been doing at FFShrine, we cleaned up the mess (or at least, that of the mess we could see) and a few weeks later, there were the hackers once again, waltzing through the dozens of little backdoor tricks they had planted the first time. After getting bitten twice, we took a very difficult decision but one which we decided was the only real way to solve the problem with any certainty; we exported the posts database, completely nuked the entire server and rebuilt it from scratch with the latest everything, imported the old posts as a locked archive, and asked all users to sign up again.
Guess how many times the hackers have been back since then…?
Don’t get me wrong – it wasn’t fun, and I’m not suggesting that’s what you should do – you’ve clearly considered it and would rather avoid it if at all possible. I understand that; it’s a pain in the arse, it’s a fuck-tonne of work, and it requires a lot of downtime.
My only concern is that, if this doesn’t happen, we are by your own admission liable for it to happen again and again and again, until whoever it is gets bored. Every time it happens, you get a little more pissed off with it (understandably) having to undo the damage and knowing that they will probably be back next week and you’ll have to start all over again. Suppose one day they decide to do a little more damage than putting some annoying music on the homepage…?
I mean no disrespect (and I haven’t from the start) but I know what this sort of business entails. Folk are going to become progressively more uneasy about visiting a website that may or has nutcases breaking in every couple of weeks and you don’t know whether you’ll get the Shrine or a page of crap psychedelic graphics, or possibly a drive-by download of some unspeakable malware…
if you have lunix knowledge in particular i could probably use some of your help at some point, you should drop by irc or hit me up on aim or something ~
basically, behind the scenes each time we were hacked i took one step up in how serious of a reaction i take. we’re not just doing the same thing over and over and waiting for them to get back in. i took more extreme measures last time and hoped it would work, and the only way to test that is to wait and see if they could get in. i’ve still got one or two steps before the aforementioned ZOMG NUCLEAR OPTION.
i apologize to people for not being more transparent about what i am doing to deter this sort of thing from happening, but i’ve had life stuff going on as well. not that that’s an excuse– i can totally understand your guys frustration especially if you think nothing is being done to stop this
And to answer Tango’s question, it seems all the hacks have been perpetrated by the same bugger, AKA "The Jailbreak". Bugger of the year, hands down.
Yet I concur with Tango on one point: a little warning before update and updating downtime would be nice. just a post the day before in GD or a big sticky like the "We were hacked" one.
Anyway, thanks for the hard work Sarah. And to all the admins/mods of the forum.
Also, as to the question if there are people who dislike this site…yes, yes there are. We have been openly pointed out as a hub of music sharing, and FSM members especially dislike us. Plus, we are popular enough we make a good target for fuckers who have nothing better to do.
There’s a difference between generically annoyed people "damn that FFShrine, it sucks…" and people who are sufficiently angry as to make it their lifetime’s ambition to take it down again and and again and again. The former might try a DDOS or a limp hack, write a few pissy letters, get bored, and move on. The latter will hit repeatedly until either the site goes down permanently or measures are put in place to make it so hard for them they may as well not bother.
I doubt whether it’s either of those. I think it’s one jobbing hacker who got lucky once and likes to troll us by showing off how many sneaky little back doors he left for himself. For a real world analogy, breaking into the house the first time is hard – but if you get yourself a key cut and the owners of the house don’t know you did, you can break in twenty times more with no effort. Changing the locks will stop the break-ins, but you need to know that this is how they’re getting in. Perhaps they smash a window or two on their way out to divert your attention from how they actually gained entry.
Of course there will always be a way to break security.
I could hack my neighbour’s Wifi if I wanted to; but it’d take days and I might get on and find they have a crap internet connection that’s slower than mine. That’s 21st century internet security; when "effort needed to hack" > "benefits of successful hack" you stay secure.
That said, a few years ago somebody tried to hack my FTP server for about six months. I even put a message up saying "Don’t bother, there’s a handful of MP3s here and some PHP code that doesn’t work" but still they tried – automated tool testing just about every single letter combination password with "admin" you could think of. Except that my admin account wasn’t called admin; it was called "h@h@y0u11n3v3rgu3$$th1$0n3" – so they failed, got bored, and gave up. 😉
Probable, as all the hacks were perpetrated by the same prick, AKA "The Jailbreak". He’s using hacking tools, so I guess there ain’t real hacking skills in his brain. I did a wee bit of hacking (Nothing serious, just password hacking to get on "members area" of some websites, and that was 13 years ago, with the help of a friend.), but I know enough theory to be able to say this idiot is NO real hacker. just a lucky troll.
And, simultaneously disturbed by the apparent ease with which we are hacked so frequently. Has FFshrine pissed somebody off to the extent that they have full-time hackers hacking away trying to bring it down… or is it simply the case that FFShrine is so insecure that any mindless script kiddie with a few minutes spare time can bring the forum to its knees – repeatedly – whenever he feels like it? I’m not sure which option is more disturbing…
They are both pretty disturbing. Hackers are the lowest of the low, nothing better to do but eat doritos all day and hack sites. bastards.
I really appreciate all that you’ve done, Sarah. The same goes for any Admin, Mod, or user who has helped clean this problem up.
I really appreciate all that you’ve done, Sarah. The same goes for any Admin, Mod, or user who has helped clean this problem up.
I think they just hack us because they can.
well, that’s just a shame really.
I didn’t notice that we were hacked. Is there a chance that this hack could compromise users’ personal information to a considerable extent? Should we change our passwords again?
I really appreciate all that you’ve done, Sarah. The same goes for any Admin, Mod, or user who has helped clean this problem up.
I’m not sure if I was the one who first pointed out the hack or not (though I don’t really find that relevant, either), but when I notified Sarah, I asked this question and was told that it is ALWAYS a good idea to change your password, just in case.
Oh, and I don’t feel like quoting another post, but post #26 is just so well-said, tangotreats.
Heheh. nice.
IF someone got hold of my cookies they’d be pretty disappointed.
Even the porn I look at is pretty mild.
Even the porn I look at is pretty mild.
Hahahaha…lol. My cookies are disappointing, too.
Mostly just because they can. Or to see if they can. Or it’s a game. Or a dare.
Or test out some new stuff.
There were a lot of "contests" and such over there.
Mostly just because they can. Or to see if they can. Or it’s a game. Or a dare.
Or test out some new stuff.
There were a lot of "contests" and such over there.
Hacker: The Jailbreak.
Group: P0wersurge.
forum: can’t access it. My AV tells me it’s a bad baaaaaaaaad idea.
Online Casino South Africa
Online Casino New Zealand
Online Casino India
Online Casino Australia
Online Casino UK
Online Casino Canada
