Author Topic: Hackers just piss me off...  (Read 870 times)

0 Members and 1 Guest are viewing this topic.

Offline Kindred

  • Overlord
  • Trade Count: (2)
  • *****
  • Posts: 157
    • Turtle Shell Productions
Hackers just piss me off...
« on: November 16, 2011, 05:03:58 PM »
So, sometime in the last few days, a hacker got into the server and added some nice backdoor files which they have been hitting on and off, and loading crap into the forum files. :(

Check your computers... I don't THINK they had any payload for users, but you probably want to consider changing your password on here.

I managed to clean the directories of their crap, upload the newest forum files (which hopefully patch whatever access point the idiots used to get in) and re-load the site with all of the features.

Offline Kindred

  • Overlord
  • Trade Count: (2)
  • *****
  • Posts: 157
    • Turtle Shell Productions
Re: Hackers just piss me off...
« Reply #1 on: November 18, 2011, 03:18:07 PM »
Yes... I know that the gallery currently gives an error when you try to upload something.

I'm working on fixing that....

Offline Kindred

  • Overlord
  • Trade Count: (2)
  • *****
  • Posts: 157
    • Turtle Shell Productions
Re: Hackers just piss me off...
« Reply #2 on: November 21, 2011, 06:18:53 PM »
I did discover the access point...  Apparently WordPress and ZenPhoto both use TinyMCE as an editor...   and there was an insecure ajax file manager plugin released with TinyMCE which allowed the hackers to gain access to the file directory.

Of course, once they can upload one file, they can get into the server and do anything.

As it stands, I have confirmed (to the best of my ability) that the database itself was unaffected - it only targeted files. There is a chance that the javascript code which they inserted tracked people's passwords when they were entered...  so, if you use the same password here as elsewhere, you probably want to change it.  The main thing they did, though, seems to be a plan to use this server as yet another zombie.... :(
Obviously, the server/site is listed in some hacker database now as well, since the server logs still show idiots trying to access the same spot (despite the fact that I completely deleted ZenPhoto, so the directory they are trying to hit no longer even exists)

Of course, each time they do attempt it, it gives me another IP address to report and ban from the server.