Amaury
05-05-2012, 03:59 AM
Looks like we were hacked again. Check the index page.

Administrators, help! :x

Edit: Well, this will take a while. It seems all admin accounts were deleted again.

DoDoRay9000
05-05-2012, 04:43 AM


Hackers need to die and burn in hell. :/

Sarah
05-05-2012, 05:12 AM
admin accounts were not deleted?

Eurysilas
05-05-2012, 05:13 AM
Come, now. This getting embarrassing, folks. D:

Amaury
05-05-2012, 05:17 AM
admin accounts were not deleted?

Some were, then, maybe? I don't see PM links for Jessie and Marceline.

Sarah
05-05-2012, 05:21 AM
they were banned but they're unbanned now

Jessie
05-05-2012, 05:21 AM
My account is fine >:(

Amaury
05-05-2012, 05:22 AM
they were banned but they're unbanned now

Ah, I see.

Well, thanks for getting rid of the damage. :)

Maxx Skywalker
05-06-2012, 08:15 AM
Well, it's not the first time the site's been down. Aren't there safeguards that can be put in place. It doesn't help that FFS makes a target for itself.

Amanda
05-06-2012, 01:14 PM
? We were shutdown? I have had no troubles getting in.... (or off, to think of it)

Maxx Skywalker
05-06-2012, 09:56 PM
Oh, dude. You missed out. Some schmuck thought it would be funny to hack the site to say he thought he was cooler than us. He included a snazzy soundtrack to his 'victory' too.

tangotreats
05-06-2012, 10:28 PM
SO tired of this.

And, simultaneously disturbed by the apparent ease with which we are hacked so frequently. Has FFshrine pissed somebody off to the extent that they have full-time hackers hacking away trying to bring it down... or is it simply the case that FFShrine is so insecure that any mindless script kiddie with a few minutes spare time can bring the forum to its knees - repeatedly - whenever he feels like it? I'm not sure which option is more disturbing...

Sarah
05-06-2012, 10:36 PM
a lot of people apparently do not understand what goes into a site being secure

once there's a leak, you have two options. 1) try to clean what's there or 2) wipe the data to make sure there's nothing they left still lingering around.

I do not want to wipe the data, and no one else wants that either. so we're left trying to clean up the mess. once they get in once, they leave backdoors. its a complicated process. if they leave 30 backdoors and i find 29? it can happen all over again. there's no way to know or not whether all of them are found, so the only way to tell if we're secure is to remove what i can and then wait.

if there's anyone particularly educated in security issues i'm more than willing to take advice, but i don't think anyone like that is an ffs regular

i understand it's frustrating to users but i promise you it's infinitely more frustrating to me; every time this happens i spend countless hours trying to clean up the mess with no way of knowing whether or not it's enough. then on top of that i get to deal with people implying i'm incompetent. woo !

Tanis
05-06-2012, 10:51 PM
Would it help to move to another version of VB/whatever you're using or is it just 'where there's a will, there's a way'?

Amaury
05-06-2012, 10:54 PM
Would it help to move to another version of VB/whatever you're using or is it just 'where there's a will, there's a way'?

That might help, in my opinion. The latest release is 4.1.12, and not too long ago, a security patch for vBulletin 4.1.4 through 4.1.11 was released.

Tanis
05-06-2012, 10:58 PM
That might help, in my opinion. The latest release is 4.1.12, and not too long ago, a security patch for vBulletin 4.1.4 through 4.1.11 was released.
Yeah?
Well, it probably costs money...which this site ALREADY costs lots (last I read) to host so adding more money to that pot probably ain't a good idea to toss to the owner.

Amaury
05-06-2012, 11:04 PM
Yeah?
Well, it probably costs money...which this site ALREADY costs lots (last I read) to host so adding more money to that pot probably ain't a good idea to toss to the owner.

I'm pretty sure it doesn't cost anything to upgrade.

Sarah
05-06-2012, 11:30 PM
we will be upgrading in the next few days but it shouldn't affect the security, they're mostly mobile patches & for the suite, not the forum

Sarah
05-06-2012, 11:35 PM
also: it requires a license renewal to upgrade unfortunately

Amaury
05-06-2012, 11:39 PM
also: it requires a license renewal to upgrade unfortunately

Is that a no to an upgrade or just a letting us know thing?

Either way, though, thanks.

Amanda
05-06-2012, 11:41 PM
we will be upgrading in the next few days but it shouldn't affect the security, they're mostly mobile patches & for the suite, not the forum


So should we assume the forums will be off-line for a bit? No big, but it is nice knowing ahead of time. We panic so...:)

tangotreats
05-06-2012, 11:51 PM
With respect, I didn't suggest that you were incompetent; I merely asked if we are being hacked because it's particularly easy or because somebody has a particularly strong grudge against the forum. (Though I see that my comment sounded rather more snarky than I had intended; my apologies.)

I am a server administrator and IT consultant IRL - though security is not my specialist field, I have a reasonable working knowledge. I am an administrator at another forum which was hacked last October. We were asking for trouble as we were running an old, unpatched version of vBulletin - so the hackers arrived and helped themselves. Just as you have been doing at FFShrine, we cleaned up the mess (or at least, that of the mess we could see) and a few weeks later, there were the hackers once again, waltzing through the dozens of little backdoor tricks they had planted the first time. After getting bitten twice, we took a very difficult decision but one which we decided was the only real way to solve the problem with any certainty; we exported the posts database, completely nuked the entire server and rebuilt it from scratch with the latest everything, imported the old posts as a locked archive, and asked all users to sign up again.

Guess how many times the hackers have been back since then...?

Don't get me wrong - it wasn't fun, and I'm not suggesting that's what you should do - you've clearly considered it and would rather avoid it if at all possible. I understand that; it's a pain in the arse, it's a fuck-tonne of work, and it requires a lot of downtime.

My only concern is that, if this doesn't happen, we are by your own admission liable for it to happen again and again and again, until whoever it is gets bored. Every time it happens, you get a little more pissed off with it (understandably) having to undo the damage and knowing that they will probably be back next week and you'll have to start all over again. Suppose one day they decide to do a little more damage than putting some annoying music on the homepage...?

I mean no disrespect (and I haven't from the start) but I know what this sort of business entails. Folk are going to become progressively more uneasy about visiting a website that may or has nutcases breaking in every couple of weeks and you don't know whether you'll get the Shrine or a page of crap psychedelic graphics, or possibly a drive-by download of some unspeakable malware...

Sarah
05-07-2012, 12:10 AM
sorry, it wasn't aimed at you in particular, just the general attitude a lot of people seem to have D:

if you have lunix knowledge in particular i could probably use some of your help at some point, you should drop by irc or hit me up on aim or something ~

basically, behind the scenes each time we were hacked i took one step up in how serious of a reaction i take. we're not just doing the same thing over and over and waiting for them to get back in. i took more extreme measures last time and hoped it would work, and the only way to test that is to wait and see if they could get in. i've still got one or two steps before the aforementioned ZOMG NUCLEAR OPTION.

i apologize to people for not being more transparent about what i am doing to deter this sort of thing from happening, but i've had life stuff going on as well. not that that's an excuse-- i can totally understand your guys frustration especially if you think nothing is being done to stop this

docrate1
05-07-2012, 12:50 AM
No worries sarah. I can imagine how much work it takes, even if I don't know the first thing of how a forum works. Personnally, I've gotten used to the hacks, and well, to us users, execpt a little downtime (and even not that much if we're not using the main page), they're nothing much than a small nuisance. I'm pretty sure this dipshit is a guy that has a personnal grudge against FFshrine. he was probably hit with Jessie's Elemental Ban Paw.

And to answer Tango's question, it seems all the hacks have been perpetrated by the same bugger, AKA "The Jailbreak". Bugger of the year, hands down.

Yet I concur with Tango on one point: a little warning before update and updating downtime would be nice. just a post the day before in GD or a big sticky like the "We were hacked" one.

Anyway, thanks for the hard work Sarah. And to all the admins/mods of the forum.

Amanda
05-07-2012, 01:46 AM
Now I know nothing about tech, but my understanding is that for every security measure thought of, there is someone who is able to break it? It seems that way with any security, virtual or physical.

Also, as to the question if there are people who dislike this site...yes, yes there are. We have been openly pointed out as a hub of music sharing, and FSM members especially dislike us. Plus, we are popular enough we make a good target for fuckers who have nothing better to do.

tangotreats
05-07-2012, 01:06 PM
I doubt that there's anybody at FSM intelligent enough to be doing this - technologically most of them are at the level of "I saw on the news that you could take a Interweb Sight down with a MS-DOS attack so let's do that, folks!"

There's a difference between generically annoyed people "damn that FFShrine, it sucks..." and people who are sufficiently angry as to make it their lifetime's ambition to take it down again and and again and again. The former might try a DDOS or a limp hack, write a few pissy letters, get bored, and move on. The latter will hit repeatedly until either the site goes down permanently or measures are put in place to make it so hard for them they may as well not bother.

I doubt whether it's either of those. I think it's one jobbing hacker who got lucky once and likes to troll us by showing off how many sneaky little back doors he left for himself. For a real world analogy, breaking into the house the first time is hard - but if you get yourself a key cut and the owners of the house don't know you did, you can break in twenty times more with no effort. Changing the locks will stop the break-ins, but you need to know that this is how they're getting in. Perhaps they smash a window or two on their way out to divert your attention from how they actually gained entry.

Of course there will always be a way to break security.

I could hack my neighbour's Wifi if I wanted to; but it'd take days and I might get on and find they have a crap internet connection that's slower than mine. That's 21st century internet security; when "effort needed to hack" > "benefits of successful hack" you stay secure.

That said, a few years ago somebody tried to hack my FTP server for about six months. I even put a message up saying "Don't bother, there's a handful of MP3s here and some PHP code that doesn't work" but still they tried - automated tool testing just about every single letter combination password with "admin" you could think of. Except that my admin account wasn't called admin; it was called "h@h@y0u11n3v3rgu3$$th1$0n3" - so they failed, got bored, and gave up. ;)

docrate1
05-07-2012, 02:28 PM
I doubt whether it's either of those. I think it's one jobbing hacker who got lucky once and likes to troll us by showing off how many sneaky little back doors he left for himself. For a real world analogy, breaking into the house the first time is hard - but if you get yourself a key cut and the owners of the house don't know you did, you can break in twenty times more with no effort. Changing the locks will stop the break-ins, but you need to know that this is how they're getting in. Perhaps they smash a window or two on their way out to divert your attention from how they actually gained entry.


Probable, as all the hacks were perpetrated by the same prick, AKA "The Jailbreak". He's using hacking tools, so I guess there ain't real hacking skills in his brain. I did a wee bit of hacking (Nothing serious, just password hacking to get on "members area" of some websites, and that was 13 years ago, with the help of a friend.), but I know enough theory to be able to say this idiot is NO real hacker. just a lucky troll.

Amaury
05-09-2012, 01:40 AM
Hey, Sarah! I'm not sure if you've already read this, but I think this (https://www.vbulletin.com/forum/showthread.php/398396-Security-Vulnerabilities-Found-in-Popular-vBulletin-Addons?p=2291292&viewfull=1#post2291292) seems to be how we were hacked again.

_swordsman_
05-15-2012, 09:23 PM
SO tired of this.

And, simultaneously disturbed by the apparent ease with which we are hacked so frequently. Has FFshrine pissed somebody off to the extent that they have full-time hackers hacking away trying to bring it down... or is it simply the case that FFShrine is so insecure that any mindless script kiddie with a few minutes spare time can bring the forum to its knees - repeatedly - whenever he feels like it? I'm not sure which option is more disturbing...

They are both pretty disturbing. Hackers are the lowest of the low, nothing better to do but eat doritos all day and hack sites. bastards.

tangotreats
05-15-2012, 09:50 PM
What annoys me isn't so much what they're doing, but that the smug little bastards feel like emperors, because they managed to do some silly off-the-peg exploit. BIG WHOOP! My mother could do that if you gave her instructions. Hack to highlight weaknesses and encourage security upgrades, absolutely. Hack to fuck people off? Nah, only bratty children do that.

_swordsman_
05-15-2012, 11:21 PM
yeah, I agree.

Zodiac
05-16-2012, 03:14 AM
I didn't notice that we were hacked. Is there a chance that this hack could compromise users' personal information to a considerable extent? Should we change our passwords again?

I really appreciate all that you've done, Sarah. The same goes for any Admin, Mod, or user who has helped clean this problem up.

Amaury
05-16-2012, 03:18 AM
I didn't notice that we were hacked. Is there a chance that this hack could compromise users' personal information to a considerable extent? Should we change our passwords again?

I really appreciate all that you've done, Sarah. The same goes for any Admin, Mod, or user who has helped clean this problem up.

I think they just hack us because they can.

_swordsman_
05-16-2012, 03:23 AM
I think they just hack us because they can.

well, that's just a shame really.

MonadoLink
05-17-2012, 07:59 AM
They're all half-wits. Hacking can have a purpose -like retrieving valuable information- but hacking a forum like this is just stupid. It's like robbing a Burger King at gunpoint, except for the fact that even an idiot doing that wouldn't do it to show off. I remember I once got spyware that was reading my cookies, so I wrote a 2-page insulting description of an asshole/hacker in one of my cookies. I wonder what ever happened with that...

I didn't notice that we were hacked. Is there a chance that this hack could compromise users' personal information to a considerable extent? Should we change our passwords again?

I really appreciate all that you've done, Sarah. The same goes for any Admin, Mod, or user who has helped clean this problem up.

I'm not sure if I was the one who first pointed out the hack or not (though I don't really find that relevant, either), but when I notified Sarah, I asked this question and was told that it is ALWAYS a good idea to change your password, just in case.
Oh, and I don't feel like quoting another post, but post #26 is just so well-said, tangotreats.

_swordsman_
05-17-2012, 08:06 AM
[QUOTE=Link28469;1995422]They're all half-wits. Hacking can have a purpose -like retrieving valuable information- but hacking a forum like this is just stupid. It's like robbing a Burger King at gunpoint, except for the fact that even an idiot doing that wouldn't do it to show off. I remember I once got spyware that was reading my cookies, so I wrote a 2-page insulting description of an asshole/hacker in one of my cookies. I wonder what ever happened with that...


Heheh. nice.

Tanis
05-17-2012, 08:34 AM
They're all half-wits. Hacking can have a purpose -like retrieving valuable information- but hacking a forum like this is just stupid. It's like robbing a Burger King at gunpoint, except for the fact that even an idiot doing that wouldn't do it to show off. I remember I once got spyware that was reading my cookies, so I wrote a 2-page insulting description of an asshole/hacker in one of my cookies. I wonder what ever happened with that...
IF someone got hold of my cookies they'd be pretty disappointed.

Even the porn I look at is pretty mild.

MonadoLink
05-17-2012, 08:43 AM
IF someone got hold of my cookies they'd be pretty disappointed.

Even the porn I look at is pretty mild.
Hahahaha...lol. My cookies are disappointing, too.

_swordsman_
05-17-2012, 08:46 AM
I actually delete my cookies often, so there really isn't much.

tehƧP@ƦKly�ANK� -Ⅲ�
05-17-2012, 08:56 AM
Well, if you were able to get the name of the hacker or the group and the forum he was advertising, you can go to said forum and see all the shenanigans they were up to.

Mostly just because they can. Or to see if they can. Or it's a game. Or a dare.
Or test out some new stuff.

There were a lot of "contests" and such over there.

docrate1
05-18-2012, 02:08 PM
Well, if you were able to get the name of the hacker or the group and the forum he was advertising, you can go to said forum and see all the shenanigans they were up to.

Mostly just because they can. Or to see if they can. Or it's a game. Or a dare.
Or test out some new stuff.

There were a lot of "contests" and such over there.

Hacker: The Jailbreak.
Group: P0wersurge.
forum: can't access it. My AV tells me it's a bad baaaaaaaaad idea.