 |
|
11-20-2009, 12:18 AM
|
#1
|
|
Site Team
1964 26' Overlander
1964 19' Globetrotter
OlyPen
, Washington
Join Date: Aug 2003
Posts: 13,936
|
We're back - unexpected forums outage
An exploit in our software was taken advantage of by some hackers who linked to a malicious site. It appears there was a little over 4 hours between the time it happened and the time we took the servers offline Thursday.
In an effort to minimize damage to the board we opted to shut everything down while we investigated the issue and formulated a game plan. Our team (server admins, programmers, and software vendors) coordinated and developed a plan to remove the malicious files and secure the servers. We believe that forum members should not have any system issues associated with this so long they didn't visit the malicious site AND install anything.
While the service interruption was unfortunate, it was important to us to make sure this issue was fully addressed before returning to business as usual. Protecting our community from this kind of intrusion is paramount and we'll post more info here as it becomes available. It's possible that we may need to continue tweak the forum setup and if so, we may have another service interruption.
We thank you for understanding 
|
|
|
|
11-20-2009, 12:30 AM
|
#2
|
4 Rivet Member 
2005 31' Classic
Sunrise Beach
, Missouri
Join Date: Jun 2007
Posts: 252
|
Congratulations on your quick response in dealing with this problem. Tried to log on earlier this evening and got your message on the alternate page of what had happened. We're glad you caught it in time before further problems were created. Thanks.
|
|
|
|
|
11-20-2009, 01:18 AM
|
#3
|
2 Rivet Member 
Currently Looking...
Hephzibah
, Georgia
Join Date: Nov 2009
Posts: 43
|
This begs the question:
If a hacker is clubbed in the forest, will anybody care?
|
|
|
|
|
11-20-2009, 01:40 AM
|
#4
|
2 Rivet Member
2007 27' Safari FB SE
redmond
, Oregon
Join Date: Dec 2007
Posts: 68
|
club away!! no I don't care!
|
|
|
|
|
11-20-2009, 01:43 AM
|
#5
|
|
_
.
, .
Join Date: Dec 2004
Posts: 8,812
|
and for now were back!
good job!
from scanning the issue...
apparently this has been happening to social network sites for several weeks...
and especially to communities using vbulletin, specifically IF using the search engine optimizer ???
looks like we are at version 3.3.0
and 3.3.2 was released recently to deal with some of these issues and venerability?
i have very little understanding of this but wonder if THIS thread is relevant???
vBSEO Security Bulletin - vBSEO 3.3.2 Released - vBulletin SEO Forums
and i found this quote on another forum related to the issue yesterday...
""One of the most popular plugins that tons of forums run (VBSEO) has been compromised, and many forums will be having errors about Centiyo, such as "Visiting This Site May Harm Your Computer". It's caused by VBSEO.
Disable, then update VBSEO. Then if you're a webmaster, go into your Vbulletin templates and remove any code about it from the HEADER part of your template, on ALL styles. Search your templates for "Centiyo".""
cheers
2air'
__________________
all of the true things that i am about to tell you are shameless lies. l.b.j.
we are here on earth to fart around. don't let anybody tell you any different. k.v.
|
|
|
|
|
11-20-2009, 02:32 AM
|
#6
|
|
Restorations done right
Commercial Member
1962 26' Overlander
1961 26' Overlander
Vintage Kin Owner
Currently Looking...
Baltimore
, Maryland
Join Date: Aug 2007
Posts: 5,545
|
Stupid question... what is a "malicious site"?
|
|
|
|
|
11-20-2009, 04:25 AM
|
#7
|
Rivet Master 
1959 26' Overlander
Western
, Massachusetts
Join Date: Sep 2005
Posts: 1,468
|
a follow-up
... and a followup to Frank's question:
What effect, if any, did the security breach have on members who accessed the site during the time the malicious code was in place? Any links?
I read the thread provided by 2air, but it was aimed at board admins, not users. Hopefully that's the only compromise.
|
|
|
|
|
11-20-2009, 04:49 AM
|
#8
|
|
Silver Mist
Currently Looking...
Riverhead
, New York
Join Date: Aug 2006
Posts: 3,011
|
Hey guys I run several forums with vBseo, they sent a notice out around Oct 27.
I guess you missed it!
I assume you do daily backups correct
__________________
Bob
|
|
|
|
|
11-20-2009, 04:53 AM
|
#9
|
|
Master of Universe
2008 25' Safari FB SE
Grand Junction
, Colorado
Join Date: Sep 2007
Posts: 12,711
|
Thanks for acting quickly. This stuff goes on all the time across the internet
My knowledge of this stuff is purposely minimal. but I think a malicious site would be one that downloads a program or application on your computer to get personal and/or financial info and exploit it. It enables them to take over your computer remotely. It is similar in intent to those phony e-mails that claim your bank needs to update your personal info. Very few people take the bait on those e-mails,k but the cost to the bad guy is so low, it's a money maker. I think a malicious site would be more technically complicated and more of a challenge for the bad guy techie, but could pay off pretty well because you may not know it's happening. Another kind use if they can take oivere your computer is to link many computers to send spam using your address book, or to spread the malicious program thru using your address book. Some bad guys use this to spread just do it for their version of fun to take down websites, screw up computers and cause general havoc.
Gene
|
|
|
|
|
11-20-2009, 05:13 AM
|
#10
|
3 Rivet Member 
1966 26' Overlander
1963 24' Tradewind
1990 34' Limited
Cape Coral
, Florida
Join Date: Dec 2008
Posts: 227
|
A hearty thank-you to the forum administrators. I'm sure it involved a lot of work in a stressful circumstance.
|
|
|
|
|
11-20-2009, 05:22 AM
|
#11
|
Rivet Master
2014 25' Flying Cloud
Cuddebackville
, New York
Join Date: May 2007
Posts: 4,346
|
Yup, thanks folks. It's good to have the forum back.
|
|
|
|
|
11-20-2009, 05:32 AM
|
#12
|
|
Remember, Safety Third
1973 27' Overlander
Catfish Corners
, Georgia
Join Date: Oct 2004
Posts: 5,720
|
Quote:
Originally Posted by nti06
This begs the question:
If a hacker is clubbed in the forest, will anybody care?
|
A large caliber device would be more efficient. 
Good job Andy, Janet, et al. Thanks for getting us back on line quickly.
Jim
|
|
|
|
|
11-20-2009, 05:39 AM
|
#13
|
Rivet Master
2007 Interstate
Normal
, Illinois
Join Date: Jan 2009
Posts: 18,090
|
Good job! Comforting to know you're on it when these kinds of things happen. 
__________________
🏡 🚐 Cherish and appreciate those you love. This moment could be your last.🌹🐚
|
|
|
|
|
11-20-2009, 05:53 AM
|
#14
|
Rivet Master
2011 34' Classic
Westchester Cty.NY
, / Miami FL
Join Date: Jul 2007
Posts: 3,122
|
bravo to the staff. i did get to bed early last night due to the outage, lol.
__________________
Ricky
2012 F150 Super Crew 5-1/2' bed Ecoboost 4x4 3.73 elec. lock diff. Propride hitch
give life. kidney & pancreas transplant 9/9/06
Ingrid-my unofficial '"World's Oldest Streamer" 1909-2008 R.I.P.
|
|
|
|
|
11-20-2009, 06:08 AM
|
#15
|
|
Retired Moderator
1992 29' Excella
madison
, Wisconsin
Join Date: Aug 2002
Posts: 4,644
|
good job guys!
we got hit with "backdoor.bot" over at that site i admin for antique harleys.
the hackers inserted the malicious code in our photo gallery, specifically in the icons we use to run the board.
it took almost 3 weeks to get rid of it because the bug would not run all of the time so alot of scans missed it.
i wish the people who write this stuff could be tied out on a virtual ant hill.
john
__________________
you call them ferrets, i call them weasels.
|
|
|
|
|
11-20-2009, 06:15 AM
|
#16
|
Rivet Master
1984 31' Excella
Broken Arrow
, Oklahoma
Join Date: Jan 2005
Posts: 673
|
Thank You
You guys are Wizards.
|
|
|
|
|
11-20-2009, 06:37 AM
|
#17
|
Rivet Master
1974 31' Sovereign
Colfax
, North Carolina
Join Date: Jul 2003
Posts: 740
|
Sooooo, How many of our fine posters had withdrawl issues last night? 
Thanks, Andy and staff, for your quick responce.
Marie
__________________
When people lie to you, and refuse to honor their word, don't regret trying to follow a dream, new adventures and friends await you.
|
|
|
|
|
11-20-2009, 06:47 AM
|
#18
|
Rivet Master
1972 31' Sovereign
Lexington
, Minnesota
Join Date: Feb 2009
Posts: 3,991
|
Not only thank-you for finding and fixing the issue, but also for the alternate web page that came up and let all of us know what was going on.
Chris
|
|
|
|
|
11-20-2009, 06:49 AM
|
#19
|
Rivet Master
2002 19' Bambi
Northwestern Ontario
, - on the backside of the map and just above the big green spot
Join Date: Nov 2003
Posts: 819
|
The response to this was pretty impressive.
It also validates the need for a good security program in our own PC's - we dropped Norton some time ago in favour of the one that our ISP offered as part of the package - but we have always wondered if this was a wise decision. Seems as though the ISP package came through - the issue was picked up instantly with clear direction on "disinfecting" the computer. Problem solved.
Jay
__________________
Bambi - 2002 (The Toaster)
Pathfinder - 2009 (The Buggy)
"I'm not young enough to know everything ....."
(Oscar Wilde)
|
|
|
|
|
11-20-2009, 07:09 AM
|
#20
|
2 Rivet Member
2008 19' International CCD
Spring
, Texas
Join Date: Sep 2009
Posts: 60
|
Quote:
Originally Posted by nti06
This begs the question:
If a hacker is clubbed in the forest, will anybody care?
|
Who cares!
|
|
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
Recent Discussions |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Linear Mode
