We've had a security breach. I will be taking some action in the next few days to clear this up.
Your passwords are hashed in a one way hash, but we have to assume that they have been taken and brute forced.
What you NEED to do:
If your password here is shared with ANY systems you care about, change the password on the other system. You account and posts here mean nothing in
the grand scheme of things, but your systems need to be protected.
If you see any demands for credit card numbers, send cheques or similar DO NOT SEND THEM. Fraud will result.
If you have submitted a credit card number to "aussieveedubbers", you MUST notify your bank now that a fraudulent event has occurred, and
find out how to report fraudulent transactions. Please e-mail me at ajv@greebo.net, and I will help you if I can find the right people in your bank.
It's usually "card services" and people like Amex have this number printed on the card itself. You're only liable for the first
$50 on the card once you've reported the event.
Andrew
Do we need to change our password for the forum, Andrew?
Don't just yet - the attacker has free range on our server, and can simply re-grab them, or just reset your password.
The administrative passwords have been changed, but I don't think it'll help you guys. I bet it doesn't help me either until I can
figure out how to close the attack window.
Andrew
I'm not sure I fully understand but...
As long as we don't keep anything even remotely important on the computer (mind you there ARE my save games in Rollercoaster Tycoon) we should be
fine?
Mine is set up so it doesn't matter if we have to format in a hurry, we use it to play.
Andrew,
From a professional point of view when you find out what they have done can you let me know ?
Also if need any help tracking IP 's give me a shout I can usually track them to any city and ISp without any effort (Actaully I'm sure you
can as well :thumb )
FRICKERS!!
Who do I send the bill to when I have my systems back up and running again because of someone's neglet of installing some sort of password
protection.
Surely you must have relised that as this site is viewed world wide that there are some unscrubulious people out there that want to hack any place
they can.
Why was I not informed via e-mail that there has been a breach, I don't always look in the general chit chat section of thi forum.
Hey, settle down, the site being hacked does not effect your own computer or files. They are still at as much risk as they were before. Your log into
the forum is not opening a gateway up into your HDD in anyway.
If you are worried about it download a fire wall like Zone Alert.
I can't beleive how quick some poeple are to start looking for someone to BLAME . The people with the issues here are not the forum. It sits on a
server which I rent and have COMMERCIAL Webistes on. These maybe effected as the worm is inside the fence now. The general populations fences are
unbreached.
Regards,
Brad
Please, Buggy Brad is right.
Everyone calm down. This type of thing can't effect our computers here in VW land.
Just remember, the forum administration guys, volunteer their time for what I beleive is 'some fun with a pet subject, namely VW's'.
Some of us aren't letting them enjoy themselves.
So please lay off the admin people, they want to have fun too. They are working very hard to 'fix' this 'glitch', so we can all
get back, and we must 'get back', to what's its all about, FUN.
Please settle down be
This is not the End of the World!
Regards,
Mark:kiss
I'm calm - I dont want to know what they did to this site (It pretty irrelivant from an end user point of view).
Part of the work I do is making sites secure and testing sites to see if they can be hacked. I would just be interested in finding out the mechanics
they used to get in.
Thats all - Smile Be Happy.
Is the hehehe thing realted to this ?
As far as I can tell, the following things have occured, that have no reasonable explanation:
the censor words changed. There were a lot more of them after not having any for months.
And then there was "hehehehe" for double spaces.
Then someone said that a newbie was asked to submit their credit card details - we will NEVER need your credit card details, so NEVER submit them to
us.
Plus a few administrivative things went wrong that are unexplainable.
Anyway, we run this place as a "best effort", nothing in life is totally risk free. The breach we suffered will probably cause our ISP more
angst than you folks.
Michael, I am happy to take on board your suggestion that we e-mail people in the future. It will require everyone to keep their e-mail address up to
date, though.
This place is protected by username and passwords, although you can choose to stay logged in if you let XMB save a cookie on your computer.
The threats against the board are fairly low - essentially reputation loss (for us), data (message) loss (for everyone), and account issues (such as
someone taking over another person's account). We could go to client-side certificates for authentication, and force people to log in every time,
but I don't think the hassle is worth it. Certainly the cost of mitigation is much higher than the cost of accepting the risk.
I was in the process of doing a code review to minimize the risk of being hacked. Code reviews are what I do for a living, but I have limited time to
do them, and XMB is not a small product. This will simply force me to speed up doing the job.
Andrew
Sounds like a "Script Kiddie" trying their luck.
If the newbie was asked via email then can they please forward it to me.
Thanks
Fatboy just as a matter of interest, last month I received a Virus via Email attachment which I thought was from a friend.
After quarantine and delete etc, I tried to send a Very Angry return email to this sender but it would not go through.
Can these Scum block any incoming emails.?
I have noticed that the controlers have absolute right of removal for any post they deam as incorrect as per the rules Is there any form of redress
if a post is removed for no other reason than the moderater dislikes the post.
I have noticed of late there seems to be a lot of editing going on that is not done by originater can it be mandatory that it reqires 2 moderators to
change or delete a post and that the originator be informed
Ovalglen,
Pretty much depends on how good they are.
When you say you thought it came from a friend is it because it came from "John" or did it actually appear to come from your friends email
address.
It is very easy to send emails with fake return email addresses.
In late march I posted a Virus Warning here as I had recieved a number of viri emails. I have my own mail server and set up differrent addresses for
differant purposes so I was fairly certain that the sender got my address from here.
Anyway it was a pretty sloppy attempt and although the user had set up a fake return address from the header info it was possible to trace the user to
London. I notified the ISP in question and sent them all the relevent info.
I should have posted an update but I was pretty busy and forgot about to now.
Anyway the ISP ( NTL if ne1 cares ) contacted me about a week after to let me know that although they could not release details they had "Taken
appropraite action" against the user - probably just a standard reply but it gave me a wrm fuzzy feeling.
If it came from "John" then it will likely be a situation like the above, if it actaully appeared to come from a friends email then it is
most likely that your friend was infected by a "Worm" and may not have even realised it - a worm will replicate itself by sending itself on
to everyone in your friends email address book.
There are programs out there that will allow you to send virtually untraceable emails.
Hope this helps, generally I wouldn't bother even following any of this kind of stuff up and the only reason I did in the above example was:
1. They probably got the email address here
2. They sent me a few of em
3. They were crap at it.
This is a link to my Virus Warning
http://www.aussieveedubbers.com/forum/viewthread.php?tid=4723
[Edited on 7-6-2003 by fatboy]
I've noticed that the last couple of weeks I've been getting a lot of junk emails. never had a problem before, could this be linked?. Maybe
it juat an amatuer looking for an easy mailing list.
hey fatboy
i was informed by a guy emailing me that he tried to sign up and it asked for credit card details- not via email etc.
cheers
rhys
Bugger - not much chance of (me) tracing it then
| Quote: |
fatboy, it was not his exact email address, I had not heard from him for a while and since he has an unusual name I thought he may have changed his
email address. and I was tired.
Had the "Hey check this out" on attachment, thought he had seen some cool VW and wanted to show me......beware of Brendan
You guys are lucky, my servers were taken completely offline... I also had pirate warez CD's uploaded onto them once.
I have worked as a server admin for many years, NT Solaris Linux, you name it, even a mac heh...
My own machine was cracked into many years ago, and not my a skript kiddie, the good thing was that I kept all my logs, and I know the guy who did it
is now in prison, in the UK...
If you have access to the logs you may be able to work out when this happened, and by who.
A quick question, is the machine which this site is hosted on yours, colocated at your ISP, or is it one with many sites hosted on it?
Benjamin
Andrew,
I work for a multinational IT org, on an Aust Financial account.
Over the past few months, we have had attempted duplicate type websites setup by would be hackers in an attempt to grab login and credit card details
of customers. This attempt that you have highlighted, sounds similar to this attempted fraud - but not by way of duplication - but by modification of
the aussieveedubbers site.
In our organisation, our firewalls project internal traffic, but it is the attempted grabbing of data external to the firewall that is the exposure in
this case.
Our approach is to contact the relevant authorities [ie Police Fraud Squad], and advise them of the hack - seeing that the hacker was attempting to
grab credit card details by way of a fraudulent script.
I hope this helps. If you require some further details, please u2u me, and I will try and provide some details of who we liaise with.
Regards,
Squiz......
Andrew [and any other website administrators],
We have just received notification through work of a competition to commence on 06/07 called the Defacers Challenge, which challenges 6000 individuals
or groups to deface as many websites as possible within a 6 hour period.
It as advised that all web administrators have the latests security patches and virus software applied, and keep an eye out for any suspicious
activity.
Squiz......
Rather than get antsy about it all, I'd like to say a big thank you to all the admin guys for letting us know. It has started a very interesting
thread - I never knew that there was this many IT proffessionals on the forum.
Keep up the good work !!!:beer